8014 matches found
CVE-2026-50208
High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle MITM actor could decrypt network traffic...
EUVD-2026-34220
High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle MITM actor could decrypt network traffic...
CVE-2026-50208 Permissive TrustAllCerts TLS Verification
High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle MITM actor could decrypt network traffic...
CVE-2026-49204
Technical details about CVE-2026-49204 are not publicly available in the provided documents; monitor for updates.
CVE-2026-49204 Hard-coded AWS Cognito Testing Accounts
Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation...
CVE-2026-49204 Hard-coded AWS Cognito Testing Accounts
Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation...
CVE-2026-49187
The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...
CVE-2026-49191 Exposed Hard-coded M3WebServer Backend API Key
The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages...
CVE-2026-49191 Exposed Hard-coded M3WebServer Backend API Key
The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages...
CVE-2026-49191
The CVE-2026-49191 entry concerns the production build of the M3WebServer where backend API keys are hard-coded and can be intercepted via verbose error handling pages. According to the provided data, this results in a high-impact exposure affecting confidentiality, integrity, and availability (C...
CVE-2026-49187 Hard-coded APK Resource Credentials & Scepters
The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...
CVE-2026-49187 Hard-coded APK Resource Credentials & Scepters
The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...
CVE-2026-49187
The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...
CVE-2026-49187
CVE-2026-49187 concerns hard-coded APK resource files that never expire and a shared scepter that can lead to information leaks and potential misuse. According to the entry, exploitation is network-based with low attack complexity and no privileges required, causing high confidentiality impact (t...
EUVD-2026-34204
The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...
CVE-2026-41860
CWE-326 in BOSH allows a local attacker to steal Basic-auth credentials or redirect UAA token requests via MITM. HttpRequestHelpercreateasyncendpoint and sendhttpgetrequestsynchronous hard-code OpenSSL::SSL::VERIFYNONE, enabling an attacker to intercept traffic between bosh-monitor and the BOSH...
EUVD-2026-34183
Active IQ Config Advisor version 6.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations...
EUVD-2026-34184
Active IQ OneCollect version 2.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations...
PT-2026-46160
High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle MITM actor could decrypt network traffic...
PT-2026-46316
Name of the Vulnerable Software and Affected Versions NAVTOR NavBox versions prior to 4.16.1.21 Description The software contains hard-coded credentials within its Windows Communication Foundation SOAP implementation. When SOAP functionality is enabled, a local attacker can extract these...