• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-798

CVE-2022-35866

February 23, 2023 by godfreyd94

This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MySQL server. The server uses a hard-coded password for the administrator user. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17139.

CVE-2022-35734

February 23, 2023 by godfreyd94

‘Hulu / ????’ App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app.

CVE-2022-35491

February 23, 2023 by godfreyd94

TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded password for root in /etc/shadow.sample.

CVE-2022-35540

February 23, 2023 by godfreyd94

Hardcoded JWT Secret in AgileConfig <1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access.

CVE-2022-35413

February 23, 2023 by godfreyd94

WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to the /webapi/ URI on port 443 or 5001.

CVE-2022-35287

February 23, 2023 by godfreyd94

IBM Security Verify Information Queue 10.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 230817.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 108
  • Go to page 109
  • Go to page 110
  • Go to page 111
  • Go to page 112
  • Interim pages omitted …
  • Go to page 130
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE