Linux Distros Unpatched Vulnerability : CVE-2026-44825

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Hardcoded credentials in the Basic Authentication setup tool bin/solr auth enable in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attack...

CVE-2026-44825

Hardcoded credentials in the Basic Authentication setup tool bin/solr auth enable in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attacker to gain full administrative access to the cluster via publicly known default credentials installed silently alongside the user-specifi...

CVE-2026-44825

Summary (CVE-2026-44825) : Apache Solr’s Basic Authentication bootstrap tool (bin/solr auth enable) contains hardcoded credentials, enabling remote attackers to gain full administrative access for Solr clusters running versions 9.4.0–9.10.1 and 10.0.0. The root cause is the inclusion of default c...

EUVD-2026-33602

Hardcoded credentials in the Basic Authentication setup tool bin/solr auth enable in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attacker to gain full administrative access to the cluster via publicly known default credentials installed silently alongside the user-specifi...

CVE-2026-44825 Apache Solr: Enabling BasicAuth using bin/solr CLI configures additional insecure users

Hardcoded credentials in the Basic Authentication setup tool bin/solr auth enable in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attacker to gain full administrative access to the cluster via publicly known default credentials installed silently alongside the user-specifi...

CVE-2026-44825

Hardcoded credentials in the Basic Authentication setup tool bin/solr auth enable in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attacker to gain full administrative access to the cluster via publicly known default credentials installed silently alongside the user-specifi...

CVE-2026-44825

Hardcoded credentials in the Basic Authentication setup tool bin/solr auth enable in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attacker to gain full administrative access to the cluster via publicly known default credentials installed silently alongside the user-specifi...

Apache Solr security vulnerabilities

Apache Solr is a search server based on Lucene, developed by the Apache Foundation in the United States. This product supports faceted searching, vertical searching, and highlighting search results. Vulnerabilities exist in Apache Solr versions 9.4.0 through 9.10.1, as well as 10.0.0, due to...

KAMSOFT KS-SOMED Trust Management Vulnerabilities

KAMSOFT KS-SOMED is a comprehensive healthcare management system developed by the Polish company KAMSOFT. KAMSOFT KS-SOMED has a vulnerability related to trust management. This vulnerability stems from the use of hardcoded credentials, which may allow unauthorized attackers to access the FTP serv...

FreePBX 信任管理问题漏洞

FreePBX is a set of tools from the FreePBX project that allow configuration of Asterisk an IP telephony system through a GUI graphical web-based interface. Versions of FreePBX prior to 15.0.42, 16.0.45, and 17.0.7 contained a trust management vulnerability. This vulnerability stemmed from the...

PT-2026-45073

Name of the Vulnerable Software and Affected Versions Apache Solr versions 9.4.0 through 9.10.1 Apache Solr version 10.0.0 Description The Basic Authentication setup tool bin/solr auth enable contains hardcoded credentials. This allows a remote attacker to gain full administrative access to the...

Danelec Marine Danelec MacGregor Voyage Data Recorder 信任管理问题漏洞

The Danelec Marine Danelec MacGregor Voyage Data Recorder is a series of ship navigation data recording systems developed by Danelec Marine. The Danelec Marine Danelec MacGregor Voyage Data Recorder has a vulnerability related to trust management, which stems from the default account that include...

PT-2026-44502

Warning: Critical vulnerability in Dell Container Storage Modules CVE-2026-40710 CVSS:10.0 exposes hardcoded credentials in public repos, allowing remote attackers to compromise sessions, exfiltrate data, and move laterally. https://t.co/aVABoqwNel Patch Patch Patch...

Atlassian Questions For Confluence - Hardcoded Credentials

Atlassian Questions For Confluence contains a hardcoded credentials vulnerability. When installing versions 2.7.34, 2.7.35, and 3.0.2, a Confluence user account is created in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attack...

IBM Controller 信任管理问题漏洞

IBM Controller is a web-based financial consolidation tool developed by the American multinational company International Business Machines IBM. Versions 11.0.1, 11.1.0, 11.1.1, and 11.1.2 of IBM Controller contain vulnerabilities related to trust management. These vulnerabilities stem from the us...

Malicious code in hmacsync (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d361ffcded0fc3d88b5095d800b13b3f8a07a581e8003c30bfcf9887eb71243f The package is a new version of the previously removed libhmac. The key parts, a malicious payload to inject into hijacked browser extensions, is not included ...

Malicious code in qaq-core-util-v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41cf368bbc06ee2a9e0d2a9b2030d7604a41af7ed5fed253d48a0d9ff41f92f6 lib/memcached.js exports getCacheRedis, getCacheDataRedis, and setCacheRedis. Each function's signature accepts a cachedUrl parameter, but the...

CVE-2026-48241

Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php a public-facing database utility that are committed to the source repository. Any actor with access to the public source tree or an unauthenticated attacker with read access to the file on a deployed...

CVE-2026-48242

Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials host, username, password, database name in importmdb.php. The credentials are embedded in source code committed to the public repository, allowing any reader of the source to obtain valid configuration values...

CVE-2026-48242

Open ISES Tickets before 3.44.2 contains hardcoded MySQL credentials (host, username, password, database) in import_mdb.php, embedded in public repository source code. This exposure allows readers to obtain valid configuration values that may match deployed installations. The issue is documented ...