CVE-2026-1612

AL-KO Robolinho Update Software has hard-coded AWS Access and Secret keys that allow anyone to access AL-KO's AWS bucket. Using the keys directly might give the attacker greater access than the app itself. Key grants AT LEAST read access to some of the objects in bucket. The vendor was notified...

CVE-2026-1612 Hard-coded AWS Key in AL-KO Robolinho Update Software

AL-KO Robolinho Update Software has hard-coded AWS Access and Secret keys that allow anyone to access AL-KO's AWS bucket. Using the keys directly might give the attacker greater access than the app itself. Key grants AT LEAST read access to some of the objects in bucket. The vendor was notified...

CVE-2026-1612 Hard-coded AWS Key in AL-KO Robolinho Update Software

AL-KO Robolinho Update Software has hard-coded AWS Access and Secret keys that allow anyone to access AL-KO's AWS bucket. Using the keys directly might give the attacker greater access than the app itself. Key grants AT LEAST read access to some of the objects in bucket. The vendor was notified...

CVE-2026-1612

AL-KO Robolinho Update Software has hard-coded AWS Access and Secret keys that allow anyone to access AL-KO's AWS bucket. Using the keys directly might give the attacker greater access than the app itself. Key grants AT LEAST read access to some of the objects in bucket. The vendor was notified...

CVE-2026-1612

AL-KO Robolinho Update Software contains hard-coded AWS Access and Secret keys that grant at least read access to objects in an AWS bucket. The vulnerability is documented for version 8.0.21.0610 as vulnerable; other versions were not tested and may also be affected. No remediation details are pr...

PT-2026-29008

AL-KO Robolinho Update Software has hard-coded AWS Access and Secret keys that allow anyone to access AL-KO's AWS bucket. Using the keys directly might give the attacker greater access than the app itself. Key grants AT LEAST read access to some of the objects in bucket. The vendor was notified...

AL-KO Robolinho Update Software 信任管理问题漏洞

AL-KO Robolinho Update Software is a firmware update tool developed by the German company AL-KO. Version 8.0.21.0610 of AL-KO Robolinho Update Software contains a vulnerability related to trust management. This vulnerability stems from hard-coded AWS keys, which may allow unauthorized access to A...

CVE-2025-9497

Use of Hard-coded Credentials vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.0...

CVE-2026-4993

A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function of the file backend/openui/config.py. The manipulation of the argument LITELLMMASTERKEY leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the...

EUVD-2026-16913

A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function of the file backend/openui/config.py. The manipulation of the argument LITELLMMASTERKEY leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the...

EUVD-2025-209112

Use of Hard-coded Credentials vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.0...

CVE-2025-9497

Use of Hard-coded Credentials vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.0...

CVE-2025-9497

Use of Hard-coded Credentials vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.0...

CVE-2026-4993

A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function of the file backend/openui/config.py. The manipulation of the argument LITELLMMASTERKEY leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the...

CVE-2026-4993 wandb OpenUI config.py hard-coded credentials

A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function of the file backend/openui/config.py. The manipulation of the argument LITELLMMASTERKEY leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the...

CVE-2026-4993

A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function of the file backend/openui/config.py. The manipulation of the argument LITELLMMASTERKEY leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the...

CVE-2026-4993 wandb OpenUI config.py hard-coded credentials

A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function of the file backend/openui/config.py. The manipulation of the argument LITELLMMASTERKEY leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the...

CVE-2026-4993

Wandb OpenUI (up to 0.0.0.0/1.0) is affected by a vulnerability in backend/openui/config.py where manipulation of LITELLM_MASTER_KEY leads to hard-coded credentials. The issue enables a local attacker and the exploit has been disclosed publicly; vendor response was not provided. No further techni...

Microchip Time Provider 4100 安全漏洞

Microchip Time Provider 4100 is a precision time gateway developed by the American company Microchip. Versions of Microchip Time Provider 4100 prior to version 2.5.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of hard-coded credentials, which could lead to...

PT-2026-28307

Name of the Vulnerable Software and Affected Versions Microchip Time Provider 4100 versions prior to 2.5.0 Description A use of hard-coded credentials issue exists in Microchip Time Provider 4100, potentially allowing for malicious manual software updates. Recommendations Update Microchip Time...