Weaknesses of type CWE-798
820 resultsCVE-2024-29855CRITICALHard-coded JWT secret allows authentication bypass in Veeam Recovery OrchestratorEPSS 21.6%CVE-2024-34219HIGHTOTOLINK CP450 V4.1.0cu.747_B20191224 was discovered to contain a vulnerability in the SetTelnetCfg function, which allows attackers to log EPSS 20.8%CVE-2025-20188CRITICALA vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles featuresEPSS 17.9%CVE-2021-44207HIGHAcclaim USAHERDS through 7.4.0.1 uses hard-coded credentials.EPSS 17.6%KEVCVE-2026-22769CRITICALDell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critEPSS 13.1%KEVCVE-2020-36911CRITICALCovenant 0.5 - Remote Code Execution (RCE)EPSS 10.4%CVE-2020-8868CRITICALThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve 9.0.0. AuthenticatioEPSS 9.5%CVE-2025-52376CRITICALAn authentication bypass vulnerability in the /web/um_open_telnet.cgi endpoint in Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 andEPSS 9.1%CVE-2025-29268CRITICALALLNET ALL-RUT22GW v3.3.8 was discovered to store hardcoded credentials in the libicos.so library.EPSS 8.1%CVE-2017-3222—Hard-coded credentials in AmosConnect 8 allow remote attackers to gain full administrative privileges, including the ability to execute commEPSS 7.4%CVE-2018-10592—Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 contEPSS 6.9%CVE-2018-15427—Cisco Video Surveillance Manager Appliance Default Password VulnerabilityEPSS 6.8%CVE-2024-6045HIGHD-Link router - Hidden BackdoorEPSS 6.3%CVE-2017-14728CRITICALAn authentication bypass was found in an unknown area of the SiteOmat source code. All SiteOmat BOS versions are affected, prior to the submEPSS 6.2%CVE-2021-40422CRITICALAn authentication bypass vulnerability exists in the device password generation functionality of Swift Sensors Gateway SG3-1010. A speciallyEPSS 5.6%CVE-2019-6693MEDIUMUse of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to theEPSS 5.4%KEVCVE-2022-37255HIGHTP-Link Tapo C310 1.3.0 devices allow access to the RTSP video feed via credentials of User --- and Password TPL075526460603.EPSS 4.9%CVE-2024-22853CRITICALD-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain rEPSS 4.8%CVE-2018-0150—A vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release oEPSS 4.3%CVE-2018-11681CRITICALDefault and unremovable support credentials (user:nwk password:nwk2) allow attackers to gain total super user control of an IoT device throuEPSS 4.3%