Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CVE-2025-46273
CRITICAL CVSS 9.3
Find Similar
UNI-NMS-Lite uses hard-coded credentials that could allow an unauthenticated attacker to gain administrative privileges to all UNI-NMS managed devices.
CVE-2025-46274
CRITICAL CVSS 9.3
Find Similar
UNI-NMS-Lite uses hard-coded credentials that could allow an unauthenticated attacker to read, manipulate and create entries in the managed database.
CVE-2025-46271
CRITICAL CVSS 9.3
Find Similar
UNI-NMS-Lite is vulnerable to a command injection attack that could allow an unauthenticated attacker to read or manipulate device data.
CVE-2025-1393
CRITICAL CVSS 9.8
Find Similar
An unauthenticated remote attacker can use hard-coded credentials to gain full administration privileges on the affected product.
CVE-2024-28747
CRITICAL CVSS 9.8
Find Similar
An unauthenticated remote attacker can use the hard-coded credentials to access the SmartSPS devices with high privileges.
CVE-2026-5189
CRITICAL CVSS 9.2
Find Similar
CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access
An unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges.
Certain models of routers from Billion Electric has hard-coded embedded linux credentials, allowing attackers to log in through the SSH service using these credentials and obtain root privilege of the
CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able to interrogate the SNMP port.
Certain switch models from PLANET Technology have a Hard-coded Credential in the password recovering functionality, allowing an unauthenticated attacker to connect to the device via the serial console
Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable by an attacker an
Certain switch models from PLANET Technology have a hard-coded credential in the specific command-line interface, allowing remote attackers with regular privilege to log in with this credential and ob
A use of hard-coded credentials vulnerability in Fortinet FortiWeb 7.6.0, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker with shell
CVE-2025-1100
CRITICAL CVSS 9.8
Find Similar
A CWE-259 "Use of Hard-coded Password" for the root account in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to execute arbitrary code with root privile
CVE-2024-45275
CRITICAL CVSS 9.8
Find Similar
The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices.
Use of hard-coded credentials in Windows Hardware Lab Kit allows an authorized attacker to elevate privileges locally.
CVE-2024-43698
CRITICAL CVSS 9.3
Find Similar
Kieback & Peter's DDC4000 series uses weak credentials, which may allow an unauthenticated attacker to get full admin rights on the system.
CVE-2020-37092
CRITICAL CVSS 9.3
Find Similar
Netis E1+ version 1.2.32533 contains a hardcoded root account vulnerability that allows unauthenticated attackers to access the device with predefined credentials. Attackers can leverage the embedded
Page 1+ Next →