Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
The default password for the extended admin user mode in the application U9ExosAdmin.exe ("Kaba 9300 Administration") is hard-coded in multiple locations as well as documented in the locally stored us
CVE-2024-4996
CRITICAL CVSS 9.3
Find Similar
Use of a hard-coded password for a database administrator account created during Wapro ERP installation allows an attacker to retrieve embedded sensitive data stored in the database. The password is s
A local privilege escalation vulnerability has been identified in the Kaba exos 9300 System management application (d9sysdef.exe). Within this application it is possible to specify an arbitrary execut
CVE-2025-59097
CRITICAL CVSS 9.3
Find Similar
The exos 9300 application can be used to configure Access Managers (e.g. 92xx, 9230 and 9290). The configuration is done in a graphical user interface on the dormakaba exos server. As soon as the save
CVE-2025-59091
CRITICAL CVSS 9.3
Find Similar
Multiple hardcoded credentials have been identified, which are allowed to sign-in to the exos 9300 datapoint server running on port 1004 and 1005. This server is used for relaying status information f
The PDBM application relies on a static, hard‑coded secret embedded in the PDBM.exe executable. This secret is used by the application’s encryption routines, including the function responsible for d
CVE-2020-37135
CRITICAL CVSS 9.3
Find Similar
AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attackers can log in with the default admin username and
CVE-2025-70041
CRITICAL CVSS 9.8
Find Similar
An issue pertaining to CWE-259: Use of Hard-coded Password was discovered in oslabs-beta ThermaKube master.
CVE-2025-59108
CRITICAL CVSS 9.2
Find Similar
By default, the password for the Access Manager's web interface, is set to 'admin'. In the tested version changing the password was not enforced.
CVE-2025-13954
CRITICAL CVSS 9.3
Find Similar
Hard-coded cryptographic keys in Admin UI of EZCast Pro II before version 1.17478.177 allows attackers to bypass authorization checks and gain full access to the admin UI
CVE-2026-4404
CRITICAL CVSS 9.4
Find Similar
Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allows attackers to use the default password and gain access to the web UI.
A vulnerability was identified in SUR-FBD CMMS where hard-coded credentials were found within a compiled DLL file. These credentials correspond to a built-in administrative account of the software. An
GPMAW 14, a bioinformatics software, has a critical vulnerability related to insecure file permissions in its installation directory. The directory is accessible with full read, write, and execute per
Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable by an attacker an
CVE-2025-10542
CRITICAL CVSS 9.8
Find Similar
iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within the management client’s connection dialog. If the administrator does not change these defaults, a remot
CVE-2025-8077
CRITICAL CVSS 9.8
Find Similar
A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in `admin` account. If this password is not changed immediate
Use of well-known default credentials in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to access protected areas in the web application
Page 1+ Next →