8137 matches found
CVE-2026-50110
The CVE-2026-50110 entry concerns Storage Concentrator (SC & SCVM) that contains hardcoded credentials for numerous internal services embedded in a configuration file. The credentials are encoded but reversible to plaintext, exposing accounts for databases, licensing, replication, and third-party...
PYSEC-2026-337 Use of hard-coded, security-relevant constants in deepset-ai/haystack
Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack in version 1.15.0 and prior. A patch is available at commit 5fc84904f198de661d5b933fde756aa922bf09f1...
PYSEC-2026-285 AstrBot is vulnerable to RCE with hard-coded JWT signing keys
Summary AstrBot uses a hard-coded JWT signing key, allowing attackers to execute arbitrary commands by installing a malicious plugin. Details AstrBot uses a hard-coded JWT signing key, which allows attackers to bypass the authentication mechanism. Once bypassed, the attacker can install a Python...
MAL-2026-6576 Malicious code in checkmarx-claude-cache (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 26a16e61d88e467ada75205ee93a9339cdf2fb65f3ded068282b4d83b6cb05e9 When the CLI runs the documented npx checkmarx-claude-cache invocation pattern, bin/cli.js performs an HTTPS GET to a hardcoded URL on a lookalike ho...
CVE-2026-31928 Daktronics Controller Firmware Use of Hard-coded Credentials
The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are not required to be changed during initial configuration or operation. Using these accounts provides full system access...
CVE-2026-9220
The CVE-2026-9220 entry describes a vulnerability in Setracker2 Android Companion App (package com.tgelec.setracker) affecting versions 3.1.5 and earlier. The underlying issue is that requests between the wearable and backend are encrypted with static, hardcoded AES keys and initialization vector...
Use of Hard-coded Credentials
Overview com.linecorp.centraldogma:centraldogma-server is a service configuration repository based on Git, ZooKeeper and HTTP/2 centraldogma-server. Affected versions of this package are vulnerable to Use of Hard-coded Credentials in the ZooKeeperReplicationConfig.secret when the replication.secr...
CVE-2026-11746
A vulnerability has been identified in centraldogma-server versions prior to 0.84.0, where enabling ZooKeeper replication without setting replication.secret causes the server to silently fall back to a hard-coded, publicly known secret. This default credential authenticates the embedded ZooKeeper...
EUVD-2026-38207
A vulnerability has been identified in centraldogma-server versions prior to 0.84.0, where enabling ZooKeeper replication without setting replication.secret causes the server to silently fall back to a hard-coded, publicly known secret. This default credential authenticates the embedded ZooKeeper...
Security Bulletin: IBM Operational Decision Manager - Multiple CVEs addressed related to SOLR and its dependencies (such as Jetty) affecting ODM-9.0.0 and older versions
Summary This Security bulletin addresses vulnerabilities in Apache Solr and its dependencies including Eclipse Jetty that might affect IBM Operational Decision Manager version 9.0.0 and older versions. Vulnerability Details CVEID:CVE-2026-2332 DESCRIPTION: In Eclipse Jetty, the HTTP/1.1 parser is...
EUVD-2026-37646
Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners for Japan and outside Japan; Wireless LAN Adapters for Room Air Conditioners for Japan and outside Japan; Wireless LAN Adapters for Packaged Air Conditioners for Japan and outside Japan; Refrigerators for...
CVE-2026-5667
Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners for Japan and outside Japan; Wireless LAN Adapters for Room Air Conditioners for Japan and outside Japan; Wireless LAN Adapters for Packaged Air Conditioners for Japan and outside Japan; Refrigerators for...
CVE-2026-5667
Technical details (affected models, root cause specifics, versions, and fixes) are not publicly available in the provided documents. Monitor for updates as more information may be released.
CVE-2026-5667 Information Disclosure, Information Tampering, or Denial-of-Service (DoS) Vulnerability in Multiple Home Appliances
Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners for Japan and outside Japan; Wireless LAN Adapters for Room Air Conditioners for Japan and outside Japan; Wireless LAN Adapters for Packaged Air Conditioners for Japan and outside Japan; Refrigerators for...
PT-2026-50362
Name of the Vulnerable Software and Affected Versions Mitsubishi Electric Room Air Conditioners affected versions not specified Mitsubishi Electric Wireless LAN Adapters for Room Air Conditioners affected versions not specified Mitsubishi Electric Wireless LAN Adapters for Packaged Air Conditione...
Use of Hard-coded Credentials
Overview Crawl4AI is a šš¤ Crawl4AI: Open-source LLM Friendly Web Crawler & scraper Affected versions of this package are vulnerable to Use of Hard-coded Credentials via the outputpath parameter, which allows arbitrary filesystem paths without validation. An attacker can overwrite or create files ...
CVE-2026-22312
CVE-2026-22312 affects Radiflow iSAP Smart Collector. The device exposes a webserver REST API authenticated with a constant token, enabling an unauthenticated client to access system settings, modify configuration, and execute commands (e.g., system reboot). CVSS 3.1 indicates NETWORK attack vect...
EUVD-2026-37020
Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier...
CVE-2026-9260
Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier...
CVE-2026-9260
CVE-2026-9260 concerns the Canon EOS Network Setting Tool, affected in version 1.5.0 or earlier. The underlying issue is the use of hard-coded cryptographic keys, which can undermine confidentiality, integrity, and availability of communications or data protected by these keys. The CVSS data indi...