IBM Concert 信任管理问题漏洞

IBM Concert is a new tool developed by the American international business company IBM. It utilizes generative AI to assist in managing complex cloud-native applications. Versions 1.0.0 to 2.1.0 of IBM Concert contained vulnerabilities related to trust management. These vulnerabilities stemmed fr...

Dell RecoverPoint for Virtual Machines 信任管理问题漏洞

Dell RecoverPoint for Virtual Machines is a simple and efficient operating and disaster recovery solution provided by the American company Dell. It is suitable for virtualized applications in VMware environments. Versions of Dell RecoverPoint for Virtual Machines prior to 6.0.3.1.HF1 contained a...

PT-2026-20311

Name of the Vulnerable Software and Affected Versions Glory RBG-100 recycler systems using the ISPK-08 software component affected versions not specified Description The Glory RBG-100 recycler systems, utilizing the ISPK-08 software component, are susceptible to unauthorized access due to...

PT-2026-20334

Name of the Vulnerable Software and Affected Versions Beetel 777VR1 versions up to 01.00.09 Description A security issue exists in the Web Management Interface component of Beetel 777VR1. The issue involves hard-coded credentials, potentially allowing unauthorized access. The attack requires loca...

PT-2026-20239

Name of the Vulnerable Software and Affected Versions IBM Concert versions 1.0.0 through 2.1.0 Description The software uses hard-coded user credentials, potentially allowing a remote attacker to obtain sensitive information or perform unauthorized actions. Recommendations Update to a version...

Exploit for CVE-2026-26335

👤 Author Mohammed Idrees Banyamer Security Researcher...

Heatmiser Netmonitor 信任管理问题漏洞

Heatmiser Netmonitor is a thermostat system controller developed by the Heatmiser company. Version 3.03 of Heatmiser Netmonitor contains a vulnerability related to trust management. This vulnerability arises from hard-coded credentials on the networksetup.htm page, which may allow unauthorized...

WordPress plugin Prime Listing Manager 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

CVE-2026-25803 3DP-MANAGER Uses Hard-coded Credentials

3DP-MANAGER is an inbound generator for 3x-ui. In version 2.0.1 and prior, the application automatically creates an administrative account with known default credentials admin/admin upon the first initialization. Attackers with network access to the application's login interface can gain full...

CVE-2026-25803

CVE-2026-25803 – 3DP-MANAGER uses hard-coded admin credentials . The Red Hat, NVD, and related feeds report that, through version 2.0.1 and earlier, 3DP-MANAGER automatically creates an administrative account with default credentials (admin/admin) on first initialization. If an attacker can reach...

CVE-2026-25803 3DP-MANAGER Uses Hard-coded Credentials

3DP-MANAGER is an inbound generator for 3x-ui. In version 2.0.1 and prior, the application automatically creates an administrative account with known default credentials admin/admin upon the first initialization. Attackers with network access to the application's login interface can gain full...

CVE-2026-25753

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the...

CVE-2026-25753 PlaciPy has a Hard-Coded Default Password for All Student Accounts (Account Takeover)

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the...

CVE-2026-25753

PlaciPy (educational placement system) v1.0.0 has a hard-coded, static default password for all newly created student accounts, enabling mass account takeover. The vulnerability, described across multiple sources (NVD, Red Hat, CVE lists, OSV, ENISA, Attackerkb), states that any attacker who know...

CVE-2026-25753 PlaciPy has a Hard-Coded Default Password for All Student Accounts (Account Takeover)

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the...

CVE-2026-2103

Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt a...

CVE-2026-2103

Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt a...

CVE-2026-2103 Use of Hard-Coded Cryptographic Key for Password Storage

Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt a...

CVE-2026-2103 Use of Hard-Coded Cryptographic Key for Password Storage

Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt a...

CVE-2026-2103

Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt a...