| CVE-2026-47847 |
2026-06-18 |
Bitnami MariaDB Galera container images and Helm chart are affected by a hardcoded default credential vulnerability in the Galera replication health-check user. The MARIADB_REPLICATION_USER and MARIAD… |
| CVE-2026-47846 |
2026-06-18 |
Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured via the CASSANDRA_USER environment variable, the contai… |
| CVE-2025-10560 |
2026-06-18 |
Worksnaps before version 1.6.20260201 contains hardcoded cloud credentials and related secret material in the Worksnaps client application binaries. The exposed credentials included AWS access keys, S… |
| CVE-2026-5667 |
2026-06-17 |
Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners (for Japan and outside Japan); Wireless LAN Adapters for Room Air Conditioners (for Japan and outside Japan); W… |
| CVE-2026-22312 |
2026-06-16 |
The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration
an… |
| CVE-2026-9260 |
2026-06-16 |
Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier |
| CVE-2026-50083 |
2026-06-12 |
The Aqara IAM/SSO Gateway (gw-builder.aqara.com) used a hardcoded OAuth client credential, which is an instance of "CWE-798: Use of Hard-coded Credentials." This issue has an estimated CVSS of CVSS:3.… |
| CVE-2026-10557 |
2026-06-12 |
The Yarbo Android and iOS applications contain hard-coded MQTT broker credentials that are identical for all users and all devices. These credentials are embedded in the application binary and are rea… |
| CVE-2026-11849 |
2026-06-12 |
The
iRM-IEI Remote Management developed by IEI Integration Corp has a Hardcoded Credentials vulnerability, allowing unauthenticated remote attackers to exploit hard-coded credentials to gain administ… |
| CVE-2026-47281 |
2026-06-09 |
Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network. |
| CVE-2026-11414 |
2026-06-05 |
A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical across all installations, an unauthenticated network at… |
| CVE-2025-71317 |
2026-06-05 |
NetMan 204 contains a hard-coded backdoor account with the username and password 'eurek' that grants administrative access. A remote, unauthenticated attacker can authenticate through the cgi-bin/logi… |
| CVE-2026-21404 |
2026-06-04 |
NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation (SOAP) implementation. If the SOAP functionality is enabled, a local attacker can ex… |
| CVE-2026-50213 |
2026-06-04 |
The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterating predictable identification strings. |
| CVE-2026-49204 |
2026-06-04 |
Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation. |
| CVE-2026-8876 |
2026-06-03 |
Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data. |
| CVE-2026-36616 |
2026-06-03 |
Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 contains hardcoded WiFi driver credentials including a RADIUS shared secret, WPS test key, and default PSK embedded in the production firmware … |
| CVE-2026-36606 |
2026-06-03 |
Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt … |
| CVE-2019-25722 |
2026-06-02 |
Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain hard-coded plaintext credentials in source code and a denial-of-service vulnerability that allows local and re… |
| CVE-2026-42251 |
2026-06-01 |
Use of hard-coded credentials in KS-SOMED allowed an unauthorized attacker access to FTP server that hosted the application's update packages. The attacker with these credentials could upload a malici… |