8062 matches found
CVE-2026-1442 Unitree UPK files Hard-Coded Key
Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an attacker or anyone paying attention, the firmware updates may be altered by an unauthorized user, and then trusted by a Unitree product, such as the Unitree Go2 and other models...
CVE-2026-1442 Unitree UPK files Hard-Coded Key
Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an attacker or anyone paying attention, the firmware updates may be altered by an unauthorized user, and then trusted by a Unitree product, such as the Unitree Go2 and other models...
CVE-2026-1442
CVE-2026-1442 describes a vulnerability in Unitree firmware update protection where the algorithm used to protect firmware updates is itself encrypted with key material accessible to an attacker. This could allow an unauthorized user to alter firmware updates and have them trusted by Unitree prod...
CVE-2026-26985
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. Starting in version 24.0.0 and prior to versions 26.0.5, 27.0.2, and 28.0.0, an authenticated user with the appropriate authorization can re...
CVE-2026-26985
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. Starting in version 24.0.0 and prior to versions 26.0.5, 27.0.2, and 28.0.0, an authenticated user with the appropriate authorization can re...
CVE-2026-26985
CVE-2026-26985 affects LORIS 24.0.0 through versions prior to 26.0.5, 27.0.2, and 28.0.0. A authenticated user with the right permissions can abuse a path traversal flaw in the electrophysiology_browser to read server configuration files that may contain hard-coded credentials, potentially enabli...
CVE-2026-27519
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior use RC4 with a hard-coded key embedded in client-side JavaScript. Because the key is static and exposed, an attacker can decrypt protected values and defeat confidentiality protections...
CVE-2026-27507
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain hard-coded administrative credentials that cannot be changed by users. Knowledge of these credentials allows full administrative access to the device...
CVE-2025-13776
Multiple Finka programs use hard-coded Firebird database credentials shared across all instances of this software. A malicious attacker in local network who knows default credentials is able to read and edit database content. This vulnerability has been fixed in version: Finka-FK 18.5, Finka-KPR...
Exploit for CVE-2026-27507
Security Vulnerability CVE-2026-27507 Overview A CRITIC...
CVE-2026-27519
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior use RC4 with a hard-coded key embedded in client-side JavaScript. Because the key is static and exposed, an attacker can decrypt protected values and defeat confidentiality protections...
CVE-2026-27519
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior use RC4 with a hard-coded key embedded in client-side JavaScript. Because the key is static and exposed, an attacker can decrypt protected values and defeat confidentiality protections...
CVE-2026-27507
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain hard-coded administrative credentials that cannot be changed by users. Knowledge of these credentials allows full administrative access to the device...
CVE-2026-27507
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain hard-coded administrative credentials that cannot be changed by users. Knowledge of these credentials allows full administrative access to the device...
CVE-2025-13776 Hard-coded database credentials in Finka software
Multiple Finka programs use hard-coded Firebird database credentials shared across all instances of this software. A malicious attacker in local network who knows default credentials is able to read and edit database content. This vulnerability has been fixed in version: Finka-FK 18.5, Finka-KPR...
CVE-2025-13776 Hard-coded database credentials in Finka software
Multiple Finka programs use hard-coded Firebird database credentials shared across all instances of this software. A malicious attacker in local network who knows default credentials is able to read and edit database content. This vulnerability has been fixed in version: Finka-FK 18.5, Finka-KPR...
CVE-2025-13776
CVE-2025-13776 concerns multiple Finka programs that use hard-coded Firebird database credentials shared across all instances. The vulnerability allows a local-network attacker who knows the default credentials to read and edit database content. Affected products and upgraded releases are: Finka-...
CVE-2026-27519 Binardat 10G08-0800GSM Network Switch Hard-coded RC4 Encryption Key
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior use RC4 with a hard-coded key embedded in client-side JavaScript. Because the key is static and exposed, an attacker can decrypt protected values and defeat confidentiality protections...
CVE-2026-27519 Binardat 10G08-0800GSM Network Switch Hard-coded RC4 Encryption Key
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior use RC4 with a hard-coded key embedded in client-side JavaScript. Because the key is static and exposed, an attacker can decrypt protected values and defeat confidentiality protections...
CVE-2026-27519
Binardat 10G08-0800GSM network switch firmware up to version V300SP10260209 uses RC4 with a hard-coded key embedded in client-side JavaScript. The static key enables an attacker to decrypt protected values, defeating confidentiality protections. Affected component: firmware (vulnerable RC4 implem...