8058 matches found
TRAC PDBM 安全漏洞
TRAC PDBM is an industrial automation process database management software developed by the Slovenian company TRAC. TRAC PDBM has a security vulnerability that stems from the use of static, hard-coded keys. This vulnerability could allow attackers to decrypt credentials stored in configuration...
CVE-2026-5065
IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data...
CVE-2026-42929
Danelec MacGregor Voyage Data Recorder includes default accounts with hard-coded credentials...
Exploit for CVE-2026-46376
CVE-2026-46376 — FreePBX Unauthenticated UCP Access via Hard-C...
CVE-2026-42929
CVE-2026-42929 affects the Danelec MacGregor Voyage Data Recorder (VDR) — specifically the G4e line — where default accounts are hard-coded. This represents a credential-related vulnerability (high impact) with CVSS 3.1/3.4-like metrics indicating unauthorized access potential from adjacent netwo...
CVE-2026-42929 MacGregor Voyage Data Recorder (VDR) G4e Use of Hard-coded Credentials
Danelec MacGregor Voyage Data Recorder includes default accounts with hard-coded credentials...
CVE-2026-42929
Danelec MacGregor Voyage Data Recorder includes default accounts with hard-coded credentials...
EUVD-2026-33400
Danelec MacGregor Voyage Data Recorder includes default accounts with hard-coded credentials...
CVE-2026-42929 MacGregor Voyage Data Recorder (VDR) G4e Use of Hard-coded Credentials
Danelec MacGregor Voyage Data Recorder includes default accounts with hard-coded credentials...
CVE-2026-7786 Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter Use of Hard-coded Credentials
Jinan USR IOT Technology Limited PUSR USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device services...
CVE-2026-7786
The CVE-2026-7786 affects Jinan USR IOT’s USR-W610 RS232/485 to Wi‑Fi/Ethernet Converter. The firmware image contains plaintext administrative credentials that can be extracted via firmware analysis and used to authenticate to device services, enabling administrator access. Reported CVSS v3.1 sco...
CVE-2026-46376
FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may be able to access the User Control Panel UCP using hard-coded initial template credentials if these were not immediately changed by the Administrator who enabled UCP. Authenticated access to ACP...
CVE-2026-46376 FreePBX: Unauthenticated Use of Hard-Coded Credentials Vulnerability in FreePBX UCP Interface
FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may be able to access the User Control Panel UCP using hard-coded initial template credentials if these were not immediately changed by the Administrator who enabled UCP. Authenticated access to ACP...
CVE-2026-46376 FreePBX: Unauthenticated Use of Hard-Coded Credentials Vulnerability in FreePBX UCP Interface
FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may be able to access the User Control Panel UCP using hard-coded initial template credentials if these were not immediately changed by the Administrator who enabled UCP. Authenticated access to ACP...
EUVD-2026-33295
FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may be able to access the User Control Panel UCP using hard-coded initial template credentials if these were not immediately changed by the Administrator who enabled UCP. Authenticated access to ACP...
CVE-2026-46376
FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may be able to access the User Control Panel UCP using hard-coded initial template credentials if these were not immediately changed by the Administrator who enabled UCP. Authenticated access to ACP...
CVE-2026-46376
FreePBX UCP vulnerability (CVE-2026-46376): from 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may access the User Control Panel via hard-coded initial template credentials if not changed by the admin. Post-exploitation requires only no admin steps beyond initial UCP setup; authenti...
Security Bulletin: IBM Maximo Application Suite - Predict Component uses WebSphere Application Server Liberty, that could provide weaker than expected security (CVE-2025-14923)
Summary Security Bulletin: IBM Maximo Application Suite - Predict Component uses WebSphere Application Server Liberty ,that could provide weaker than expected security CVE-2025-14923. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...
PT-2026-44926
Name of the Vulnerable Software and Affected Versions Danelec MacGregor Voyage Data Recorder affected versions not specified Description The software includes default accounts with hard-coded credentials, which can allow unauthorized access to the system. Recommendations At the moment, there is n...
CVE-2026-45041 RustFS: Hard-coded RSA private key in license verifier permits arbitrary license forgery
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, crates/appauth/src/token.rs ships a 2048-bit RSA private key as a string constant named TESTPRIVATEKEY and uses it in production via parselicense to "verify" license tokens. Because the key is embedded in every...