CVE-2026-21660 Johnson Controls-Frick Quantum HD-Hardcoded Email Credentials Saved as Plaintext in Firmware

Hardcoded Email Credentials Saved as Plaintext in Firmware CWE-256: Plaintext Storage of a Password vulnerability in Frick Controls Quantum HD version 10.22 and prior lead to unauthorized access, exposure of sensitive information, and potential misuse or system compromise This issue affects Frick...

CVE-2026-21660 Johnson Controls-Frick Quantum HD-Hardcoded Email Credentials Saved as Plaintext in Firmware

Hardcoded Email Credentials Saved as Plaintext in Firmware CWE-256: Plaintext Storage of a Password vulnerability in Frick Controls Quantum HD version 10.22 and prior lead to unauthorized access, exposure of sensitive information, and potential misuse or system compromise This issue affects Frick...

CVE-2026-21660

Summary: CVE-2026-21660 affects Frick Controls Quantum HD firmware prior to 10.22, with hardcoded email credentials stored in plaintext. This can lead to unauthorized access, exposure of sensitive information, and potential system compromise. The Red Hat advisory and related sources corroborate t...

PT-2026-22326

Name of the Vulnerable Software and Affected Versions Frick Controls Quantum HD versions prior to 10.22 Description A security issue exists in Frick Controls Quantum HD where email credentials are hardcoded and saved in plaintext within the firmware. This can lead to unauthorized access, exposure...

Exploit for CVE-2025-1242

ICSA-26-055-03 — Gardyn Home Kit IoT Vulnerabilities CISA ICS...

Binardat 10G08-0800GSM 信任管理问题漏洞

Binardat 10G08-0800GSM is a high-performance switch from the Chinese company Binardat. The Binardat 10G08-0800GSM Network Switch V300SP10260209 and earlier versions have a vulnerability related to trust management. This vulnerability stems from hardcoded management credentials that cannot be...

TIK-SOFT多款产品 信任管理问题漏洞

TIK-SOFT Finka-FK is a product of the Polish company TIK-SOFT. TIK-SOFT Finka-FK is a financial accounting software. TIK-SOFT Finka-KPR is a financial management software. TIK-SOFT Finka-Płace is a human resources and payroll management software. Several TIK-SOFT products have vulnerabilities...

MLflow 安全漏洞

MLflow is an open-source platform that simplifies machine learning development. It includes features like tracking experiments, packaging code for reproducible runs, and sharing and deploying models. There is a security vulnerability in MLflow, which stems from the use of hardcoded default...

CVE-2025-67304

In Ruckus Network Director RND 4.5.0.54, the OVA appliance contains hardcoded credentials for the ruckus PostgreSQL database user. In the default configuration, the PostgreSQL service is accessible over the network on TCP port 5432. An attacker can use the hardcoded credentials to authenticate...

Beetel 777VR1 信任管理问题漏洞

Beetel 777VR1 is a router produced by the Beetel company. Versions of Beetel 777VR1 starting from 01.00.09 and earlier have a vulnerability related to trust management. This vulnerability stems from hardcoded credentials used during the processing of the WPA2 PSK component...

RUCKUS Network Director 安全漏洞

Ruckus Network Director is a wireless network monitoring software developed by Ruckus Corporation. Versions of Ruckus Network Director prior to 4.5.0.54 contained security vulnerabilities. These vulnerabilities stemmed from the OVA devices having hardcoded PostgreSQL database user credentials,...

CVE-2025-67304

In Ruckus Network Director RND 4.5.0.54, the OVA appliance contains hardcoded credentials for the ruckus PostgreSQL database user. In the default configuration, the PostgreSQL service is accessible over the network on TCP port 5432. An attacker can use the hardcoded credentials to authenticate...

CVE-2025-67304

In Ruckus Network Director RND 4.5.0.54, the OVA appliance contains hardcoded credentials for the ruckus PostgreSQL database user. In the default configuration, the PostgreSQL service is accessible over the network on TCP port 5432. An attacker can use the hardcoded credentials to authenticate...

📄 Sitecore Experience Manager / Experience Platform 10.1 Shell Upload / Hardcoded Credentials

Proof of concept exploit for a remote code execution vulnerability chain affecting Sitecore Experience Platform versions 10.x combining hardcoded credentials with file upload vulnerabilities for complete system compromise...

PT-2026-20922

Name of the Vulnerable Software and Affected Versions Ruckus Network Director versions prior to 4.5.0.54 Description Ruckus Network Director RND contains hardcoded credentials for the PostgreSQL database user. By default, the PostgreSQL service is accessible over the network on TCP port 5432. An...

CVE-2026-22769

Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized...

CVE-2026-22769

Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized...

CVE-2026-22769

Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized...

CVE-2026-22769

CVE-2026-22769 affects Dell RecoverPoint for Virtual Machines (RP4VMs) versions prior to 6.0.3.1 HF1, where a hard-coded credential vulnerability can allow an unauthenticated attacker to gain full control of the underlying OS with root-level persistence. A PoC circulating in PacketStorm demonstra...

PT-2026-20303

Name of the Vulnerable Software and Affected Versions Dell RecoverPoint for Virtual Machines versions prior to 6.0.3.1 HF1 Description Dell RecoverPoint for Virtual Machines contains a critical vulnerability CVE-2026-22769 due to hardcoded credentials. This allows unauthenticated remote attackers...