Lucene search
K

3827 matches found

EUVD
EUVD
added 2026/04/15 9:30 p.m.10 views

EUVD-2026-23031

CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process user. Exploitatio...

9.2CVSS6AI score0.00461EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/15 8:22 p.m.8 views

Use of Hard-coded Credentials

Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials when the nexus.orient.binaryListenerEnabled configuration is set to true. This option is set by default in legacy HA-C mode, but not in standalone deployments, including HA deployments. An attacker can gain...

9.2CVSS5.9AI score0.00461EPSS
Exploits0References2
NVD
NVD
added 2026/04/15 7:16 p.m.5 views

CVE-2026-5189

CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process user. Exploitatio...

9.2CVSS0.00461EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/15 6:43 p.m.6 views

CVE-2026-5189

CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process user. Exploitatio...

9.2CVSS6AI score0.00461EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.4 views

PT-2026-33132

CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process user. Exploitatio...

9.2CVSS6AI score0.00461EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.9 views

Sonatype Nexus Repository Manager 安全漏洞

Sonatype Nexus Repository Manager NXRM is a repository manager developed by Sonatype, Inc., in the United States. It is primarily used for managing, storing, and distributing software. Versions of Sonatype Nexus Repository Manager from 3.0.0 to 3.70.5 have security vulnerabilities. These...

9.2CVSS6AI score0.00461EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/14 6:30 p.m.3 views

EUVD-2026-22310

CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able to interrogate the SNMP port...

6.9CVSS5.8AI score0.00271EPSS
Exploits0References2
NVD
NVD
added 2026/04/14 4:16 p.m.5 views

CVE-2026-4832

CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able to interrogate the SNMP port...

6.9CVSS0.00271EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/14 3:5 p.m.24 views

CVE-2026-4832

CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able to interrogate the SNMP port...

6.9CVSS0.00271EPSS
Exploits0References1
CVE
CVE
added 2026/04/14 3:5 p.m.25 views

CVE-2026-4832

The CVE-2026-4832 entry describes CWE-798: Use of Hard-coded Credentials that could allow unauthorized access to sensitive device information when an unauthenticated attacker interrogates the SNMP port. The connected sources reiterate the same root cause and impact but do not specify affected pro...

6.9CVSS5.8AI score0.00271EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/14 3:5 p.m.2 views

CVE-2026-4832

CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able to interrogate the SNMP port...

6.9CVSS5.8AI score0.00271EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.4 views

PT-2026-32695

CVE-2026-4832 CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able… https://t.co/N2CPBzZjrp...

6.9CVSS5.8AI score0.00271EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.8 views

Schneider Electric多款产品 信任管理问题漏洞

Schneider Electric Easergy MiCOM Px40 Series is a series of power protection and control relay devices produced by Schneider Electric, a French company. Several products from Schneider Electric have vulnerabilities related to trust management. These vulnerabilities stem from the use of hard-coded...

6.9CVSS5.8AI score0.00271EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/04/07 4:37 a.m.122 views

Exploit for CVE-2025-1242

CERT/CC VU653116 | CISA Advisory ICSA-26-055-03https:/...

9.3CVSS7.5AI score0.00438EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/04/07 12:0 a.m.4 views

Trane Tracer SC, Tracer SC+, and Tracer Concierge Use of Hard-Coded Credentials (CVE-2026-28255)

A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more informatio...

9.8CVSS5.8AI score0.00288EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/04 12:0 a.m.8 views

WordPress plugin Text to Speech for WP (AI Voices by Mementor) 信任管理问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

7.5CVSS5.8AI score0.00335EPSS
Exploits0References2
CVE
CVE
added 2026/04/03 8:26 p.m.12 views

CVE-2025-10681

Gardyn CVE-2025-10681 affects the Gardyn mobile app and device firmware, which hardcode Azure Blob Storage account keys granting account‑level access to three storage accounts. Impact includes read access to ~115k camera images, read/write to OTA firmware storage (enabling supply chain risk), acc...

8.8CVSS5.9AI score0.00275EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/03 8:26 p.m.15 views

CVE-2025-10681 Gardyn Mobile Application and Device Firmware Use Hard-coded Credentials

Storage credentials are hardcoded in the mobile app and device firmware. These credentials do not adequately limit end user permissions and do not expire within a reasonable amount of time. This vulnerability may grant unauthorized access to production storage containers...

8.8CVSS0.00275EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/03 8:26 p.m.3 views

CVE-2025-10681 Gardyn Mobile Application and Device Firmware Use Hard-coded Credentials

Storage credentials are hardcoded in the mobile app and device firmware. These credentials do not adequately limit end user permissions and do not expire within a reasonable amount of time. This vulnerability may grant unauthorized access to production storage containers...

8.8CVSS5.9AI score0.00275EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/29 11:13 a.m.2 views

CVE-2025-9497

Use of Hard-coded Credentials vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.0...

9.8CVSS5.9AI score0.00262EPSS
Exploits0References1
Rows per page
Query Builder