Lucene search
K

3827 matches found

CNNVD
CNNVD
added 2026/05/07 12:0 a.m.11 views

Yarbo 信任管理问题漏洞

Yarbo is a modular intelligent courtyard maintenance robot developed by the American company Yarbo. Version 2.3.9 of Yarbo contains a vulnerability related to trust management. This vulnerability stems from hard-coded administrator credentials, which could allow attackers who are aware of these...

9.8CVSS5.8AI score0.00531EPSS
Exploits1References1
NVD
NVD
added 2026/05/06 8:16 p.m.10 views

CVE-2026-8032

A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The impacted element is an unknown function of the file /cdemos/echs/priv/echs.js. This manipulation of the argument ADMINKEY causes hard-coded credentials. The attack is possible to be carried out remotely. The exploit has...

7.5CVSS0.00284EPSS
Exploits0References4
NVD
NVD
added 2026/05/06 7:16 p.m.9 views

CVE-2026-41930

Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin container with pre-configured database credentials. Attackers can connect to the phpMyAdmin port to...

9.8CVSS0.00347EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/06 7:0 p.m.8 views

CVE-2026-8032 PicoTronica e-Clinic Healthcare System ECHS echs.js hard-coded credentials

A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The impacted element is an unknown function of the file /cdemos/echs/priv/echs.js. This manipulation of the argument ADMINKEY causes hard-coded credentials. The attack is possible to be carried out remotely. The exploit has...

7.5CVSS6.8AI score0.00284EPSS
Exploits0References4
CVE
CVE
added 2026/05/06 7:0 p.m.11 views

CVE-2026-8032

CVE-2026-8032 affects PicoTronica e-Clinic Healthcare System ECHS (v5.7). In echs.js (path: /cdemos/echs/priv/echs.js), an argument manipulation of ADMIN_KEY leads to hard-coded credentials exposed in the remote-access component. The issue enables remote exploitation with a published exploit; imp...

7.5CVSS6.8AI score0.00284EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/06 7:0 p.m.6 views

CVE-2026-8032

A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The impacted element is an unknown function of the file /cdemos/echs/priv/echs.js. This manipulation of the argument ADMINKEY causes hard-coded credentials. The attack is possible to be carried out remotely. The exploit has...

7.5CVSS6.8AI score0.00284EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/05/06 7:0 p.m.28 views

CVE-2026-8032 PicoTronica e-Clinic Healthcare System ECHS echs.js hard-coded credentials

A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The impacted element is an unknown function of the file /cdemos/echs/priv/echs.js. This manipulation of the argument ADMINKEY causes hard-coded credentials. The attack is possible to be carried out remotely. The exploit has...

7.5CVSS0.00284EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/06 6:37 p.m.10 views

CVE-2026-41930 Vvveb < 1.0.8.2 Hard-coded Credentials Information Disclosure via phpMyAdmin

Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin container with pre-configured database credentials. Attackers can connect to the phpMyAdmin port to...

9.8CVSS5.8AI score0.00347EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/06 6:37 p.m.17 views

EUVD-2026-27885

Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin container with pre-configured database credentials. Attackers can connect to the phpMyAdmin port to...

9.8CVSS5.8AI score0.00347EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/06 6:37 p.m.7 views

CVE-2026-41930

Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin container with pre-configured database credentials. Attackers can connect to the phpMyAdmin port to...

9.8CVSS5.8AI score0.00347EPSS
Exploits0References5
CVE
CVE
added 2026/05/06 6:37 p.m.11 views

CVE-2026-41930

Vvveb

9.8CVSS5.8AI score0.00347EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/06 6:37 p.m.29 views

CVE-2026-41930 Vvveb < 1.0.8.2 Hard-coded Credentials Information Disclosure via phpMyAdmin

Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin container with pre-configured database credentials. Attackers can connect to the phpMyAdmin port to...

9.8CVSS0.00347EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.11 views

PT-2026-38224

Name of the Vulnerable Software and Affected Versions PicoTronica e-Clinic Healthcare System ECHS version 5.7 Description A flaw in the file /cdemos/echs/priv/echs.js allows remote attackers to exploit hard-coded credentials through the manipulation of the ADMIN KEY argument. Recommendations...

7.5CVSS5.7AI score0.00284EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.8 views

Vvveb 访问控制错误漏洞

Vvveb is a powerful and easy-to-use CMS developed by Givan’s individual developers. It is used to build websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.2 contained an access control vulnerability. This vulnerability stemmed from hard-coded credentials in the...

9.8CVSS5.8AI score0.00347EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.11 views

PT-2026-38219

Name of the Vulnerable Software and Affected Versions Vvveb versions prior to 1.0.8.2 Description A hard-coded credentials issue exists in the docker-compose-apache.yaml configuration. This allows unauthenticated attackers to access the bundled phpMyAdmin container using pre-configured database...

9.8CVSS5.8AI score0.00347EPSS
Exploits0References12
Snyk
Snyk
added 2026/05/05 12:3 a.m.8 views

Use of Hard-coded Credentials

Overview ogham-mcp is a Shared memory MCP server — persistent, searchable, cross-client Affected versions of this package are vulnerable to Use of Hard-coded Credentials due to hardcoded credentials present in the source files, including development database URLs and an API key. An attacker can...

7CVSS5.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.9 views

CVE-2026-7579

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes/auth.py of the component Dashboard. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The...

7.5CVSS6.6AI score0.00288EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/01 12:30 p.m.9 views

AstrBot Makes Use of Hard-coded Password

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes/auth.py of the component Dashboard. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The...

7.5CVSS6.6AI score0.00288EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/05/01 12:30 p.m.6 views

GHSA-MQ9Q-25HM-G4GP AstrBot Makes Use of Hard-coded Password

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes/auth.py of the component Dashboard. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The...

7.3CVSS6.6AI score0.00288EPSS
Exploits0References7
NVD
NVD
added 2026/05/01 12:16 p.m.5 views

CVE-2026-7579

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes/auth.py of the component Dashboard. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The...

7.5CVSS0.00288EPSS
Exploits0References6
Rows per page
Query Builder