8058 matches found
CVE-2026-8739
A vulnerability was detected in Sanluan PublicCMS 5.202506.d. The affected element is the function getSignKey of the file publiccms-core/src/main/java/com/publiccms/logic/component/config/SafeConfigComponent.java. The manipulation of the argument privatefilekey results in use of hard-coded...
CVE-2026-8739 Sanluan PublicCMS SafeConfigComponent.java getSignKey hard-coded key
A vulnerability was detected in Sanluan PublicCMS 5.202506.d. The affected element is the function getSignKey of the file publiccms-core/src/main/java/com/publiccms/logic/component/config/SafeConfigComponent.java. The manipulation of the argument privatefilekey results in use of hard-coded...
CVE-2026-8739
Sanluan PublicCMS 5.202506.d is affected by CVE-2026-8739 in SafeConfigComponent.getSignKey. Manipulating the privatefile_key argument leads to use of a hard-coded cryptographic key, enabling a remote attack. The exploit is public and may be used; vendor contact about disclosure was unresponsive....
EUVD-2026-30687
A vulnerability was detected in Sanluan PublicCMS 5.202506.d. The affected element is the function getSignKey of the file publiccms-core/src/main/java/com/publiccms/logic/component/config/SafeConfigComponent.java. The manipulation of the argument privatefilekey results in use of hard-coded...
CVE-2026-8739 Sanluan PublicCMS SafeConfigComponent.java getSignKey hard-coded key
A vulnerability was detected in Sanluan PublicCMS 5.202506.d. The affected element is the function getSignKey of the file publiccms-core/src/main/java/com/publiccms/logic/component/config/SafeConfigComponent.java. The manipulation of the argument privatefilekey results in use of hard-coded...
PT-2026-41525
A vulnerability was detected in Sanluan PublicCMS 5.202506.d. The affected element is the function getSignKey of the file publiccms-core/src/main/java/com/publiccms/logic/component/config/SafeConfigComponent.java. The manipulation of the argument privatefile key results in use of hard-coded...
CVE-2026-44278
A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.2, FortiClientWindows 7.2 all versions may allow attacker to information disclosure via...
Use Of Hard-coded Credentials
GoHarbor Harbor is vulnerable to Use of Hard-coded Credentials. The vulnerability is due to the presence of default hard-coded credentials in the application, which allows an attacker to gain unauthorized access to the web UI using known passwords...
CVE-2025-68421
Comarch ERP Optima client makes use of a hard-coded password for a database user. These credentials cannot be changed. It is possible for a remote attacker to gain an access to the database with elevated privileges including executing system commands on a server. This issue has been fixed in...
EUVD-2025-209839
Comarch ERP Optima client makes use of a hard-coded password for a database user. These credentials cannot be changed. It is possible for a remote attacker to gain an access to the database with elevated privileges including executing system commands on a server. This issue has been fixed in...
CVE-2025-68421
Comarch ERP Optima client makes use of a hard-coded password for a database user. These credentials cannot be changed. It is possible for a remote attacker to gain an access to the database with elevated privileges including executing system commands on a server. This issue has been fixed in...
Comarch ERP Optima 信任管理问题漏洞
Comarch ERP Optima is an ERP and financial management system for small and medium-sized enterprises developed by the Polish company Comarch. Versions of Comarch ERP Optima prior to 2026.4 contained a vulnerability related to trust management. This vulnerability stemmed from the use of hard-coded...
PT-2026-40903
Comarch ERP Optima client makes use of a hard-coded password for a database user. These credentials cannot be changed. It is possible for a remote attacker to gain an access to the database with elevated privileges including executing system commands on a server. This issue has been fixed in...
EUVD-2026-29935
ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted configuration file...
CVE-2026-25107
ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted configuration file...
CVE-2026-25107
The CVE-2026-25107 entry concerns ELECOM wireless LAN access point devices that use a hard-coded cryptographic key when creating configuration backups. A knowledgeable attacker could tamper a product’s backup configuration file, and a victim administrator could be tricked into loading a crafted c...
CVE-2026-25107
ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted configuration file...
CVE-2026-25107
ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted configuration file...
CVE-2026-25107
ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted configuration file...
PT-2026-40593
ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted configuration file...