8060 matches found
CVE-2026-9139
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-side JavaScript in login.zhtml, exposing static plaintext credentials in the page source...
CVE-2026-9139 Taiko AG1000-01A Rev 7.3/8 Hard-coded Credentials via login.zhtml
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-side JavaScript in login.zhtml, exposing static plaintext credentials in the page source...
PT-2026-42262
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-side JavaScript in login.zhtml, exposing static plaintext credentials in the page source...
Taiko AG1000-01A SMS Alert Gateway 信任管理问题漏洞
The Taiko AG1000-01A SMS Alert Gateway is an industrial communication gateway device developed by Taiko Company in Singapore. It supports SMS-based alert notifications and remote event messaging. Both the Rev 7.3 and Rev 8 versions of the Taiko AG1000-01A SMS Alert Gateway contain vulnerabilities...
CVE-2026-8605
In ScadaBR version 1.2.0, a Use of Hard-Coded Credentials vulnerability could allow an attacker to access the SCADA system as admin...
CVE-2026-8605 Use of Hard-coded Credentials in ScadaBR
In ScadaBR version 1.2.0, a Use of Hard-Coded Credentials vulnerability could allow an attacker to access the SCADA system as admin...
CVE-2026-8605
CVE-2026-8605 affects ScadaBR 1.2.0 via a Use of Hard-Coded Credentials vulnerability that could let an attacker access the SCADA system as admin. The provided sources specify admin-level access without authentication, with CVSS 3.1 indicating a CRITICAL impact (score 9.8) and network access with...
EUVD-2026-30963
In ScadaBR version 1.2.0, a Use of Hard-Coded Credentials vulnerability could allow an attacker to access the SCADA system as admin...
CVE-2026-8605
In ScadaBR version 1.2.0, a Use of Hard-Coded Credentials vulnerability could allow an attacker to access the SCADA system as admin...
CVE-2026-8605 Use of Hard-coded Credentials in ScadaBR
In ScadaBR version 1.2.0, a Use of Hard-Coded Credentials vulnerability could allow an attacker to access the SCADA system as admin...
HAX open-apis: Credential Theft via Server-Side Request Forgery (SSRF) in open-apis
Summary Multiple functions conduct substring-only matching to validate hostnames to which basic authorization should be sent. An attacker can append the matched substrings to an attacker-controlled endpoint and capture authentication. Details api/services/website/cacheAddress.js,...
GHSA-4FG7-F244-3J49 HAX open-apis: Credential Theft via Server-Side Request Forgery (SSRF) in open-apis
Summary Multiple functions conduct substring-only matching to validate hostnames to which basic authorization should be sent. An attacker can append the matched substrings to an attacker-controlled endpoint and capture authentication. Details api/services/website/cacheAddress.js,...
CVE-2026-31986
Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...
CVE-2026-31986
CVE-2026-31986 affects Apache OFBiz up to version 24.09.05 (pre-24.09.06). The issue is described as a use of a hard-coded cryptographic key, enabling unauthenticated access/impact via default JWT signing key and widget/template injection per CVE listings. The root cause is tied to a hard-coded k...
EUVD-2026-30873
Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...
CVE-2026-31986
Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...
CVE-2026-8739
A vulnerability was detected in Sanluan PublicCMS 5.202506.d. The affected element is the function getSignKey of the file publiccms-core/src/main/java/com/publiccms/logic/component/config/SafeConfigComponent.java. The manipulation of the argument privatefilekey results in use of hard-coded...
PT-2026-41991
In ScadaBR version 1.2.0, a Use of Hard-Coded Credentials vulnerability could allow an attacker to access the SCADA system as admin...
Apache OFBiz 安全漏洞
Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained security vulnerabilities, which were caused by the use of hard-coded...
Sensorweb ScadaBR 信任管理问题漏洞
Sensorweb ScadaBR is a set of open-source software developed by Sensorweb Corporation for creating automated data acquisition and monitoring applications. Version ScadaBR 1.2.0 contains a vulnerability related to trust management. This vulnerability arises from the use of hard-coded credentials,...