8062 matches found
EcoStruxure IT Data Center Expert <= 9.0 Use of Hard-coded Credentials (SEVD-2026-069-05)
The version of EcoStruxure IT Data Center Expert installed on the remote host is 9.0 or prior. It is, therefore, affected by a vulnerability as referenced in the SEVD-2026-069-05 advisory. - Use of Hard-coded Credentials vulnerability exists that could cause information disclosure and remote code...
CVE-2026-3963
A security flaw has been discovered in perfree go-fastdfs-web up to 1.3.7. This affects the function rememberMeManager of the file src/main/java/com/perfree/config/ShiroConfig.java of the component Apache Shiro RememberMe. Performing a manipulation results in use of hard-coded cryptographic key...
CVE-2026-3963 perfree go-fastdfs-web Apache Shiro RememberMe ShiroConfig.java rememberMeManager hard-coded key
A security flaw has been discovered in perfree go-fastdfs-web up to 1.3.7. This affects the function rememberMeManager of the file src/main/java/com/perfree/config/ShiroConfig.java of the component Apache Shiro RememberMe. Performing a manipulation results in use of hard-coded cryptographic key...
CVE-2026-3963
A security flaw has been discovered in perfree go-fastdfs-web up to 1.3.7. This affects the function rememberMeManager of the file src/main/java/com/perfree/config/ShiroConfig.java of the component Apache Shiro RememberMe. Performing a manipulation results in use of hard-coded cryptographic key...
CVE-2026-3963
The CVE-2026-3963 entry describes a vulnerability in perfree go-fastdfs-web (up to version 1.3.7) affecting the RememberMe functionality of Apache Shiro, specifically rememberMeManager in ShiroConfig.java. The root cause is the use of a hard-coded cryptographic key, enabling remote manipulation. ...
EUVD-2025-208601
An issue pertaining to CWE-259: Use of Hard-coded Password was discovered in oslabs-beta ThermaKube master...
CVE-2025-70041
An issue pertaining to CWE-259: Use of Hard-coded Password was discovered in oslabs-beta ThermaKube master...
CVE-2025-13957
CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause information disclosure and remote code execution when SOCKS Proxy is enabled, and administrator credentials and PostgreSQL database credentials are known. SOCKS Proxy is disabled by default...
CVE-2026-29023
Keygraph Shannon contains a hard-coded API key in its router configuration that, when the router component is enabled and exposed, allows network attackers to authenticate using the publicly known static key. An attacker able to reach the router port can proxy requests through the Shannon instanc...
EUVD-2026-11091
Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to obtain administrative access...
CVE-2026-24448
Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to obtain administrative access...
EUVD-2026-11092
Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to obtain administrative access...
CVE-2026-24448
Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to obtain administrative access...
CVE-2026-24448
Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to obtain administrative access...
CVE-2026-24448
CVE-2026-24448 describes a hard-coded credentials issue affecting MR-GM5L-S1 and MR-GM5A-L1, enabling an attacker to obtain administrative access via a network vector. The provided metrics indicate Critical impact across confidentiality, integrity, and availability, with CVSS v3.0/4.0 scores of 9...
Use of Hard-coded Credentials
Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials in the JWKS resolver, which can be exposed if a fetch operation fails. An attacker can obtain private keys by forcing such a failure. Note: The keys are exposed even if RequestAuthentication is in use...
Use of Hard-coded Credentials
Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials in the JWKS resolver, which can be exposed if a fetch operation fails. An attacker can obtain private keys by forcing such a failure. Note: The keys are exposed even if RequestAuthentication is in use...
Use of Hard-coded Credentials
Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials in the JWKS resolver, which can be exposed if a fetch operation fails. An attacker can obtain private keys by forcing such a failure. Note: The keys are exposed even if RequestAuthentication is in use...
Use of Hard-coded Credentials
Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials in the JWKS resolver, which can be exposed if a fetch operation fails. An attacker can obtain private keys by forcing such a failure. Note: The keys are exposed even if RequestAuthentication is in use...
PT-2026-24578
Name of the Vulnerable Software and Affected Versions MR-GM5L-S1 MR-GM5A-L1 Description A hard-coded credentials issue exists in the software, potentially allowing an attacker to gain administrative access. Recommendations At the moment, there is no information about a newer version that contains...