CVE-2025-65857

An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct unauthorized video stream access...

CVE-2025-67418

ClipBucket 5.5.2 is affected by an improper access control issue where the product is shipped or deployed with hardcoded default administrative credentials. An unauthenticated remote attacker can log in to the administrative panel using these default credentials, resulting in full administrative...

CVE-2025-67418

ClipBucket 5.5.2 is affected by an improper access control issue where the product is shipped or deployed with hardcoded default administrative credentials. An unauthenticated remote attacker can log in to the administrative panel using these default credentials, resulting in full administrative...

CVE-2025-67418

ClipBucket 5.5.2 is affected by an improper access control issue where the product is shipped or deployed with hardcoded default administrative credentials. An unauthenticated remote attacker can log in to the administrative panel using these default credentials, resulting in full administrative...

CVE-2025-65857

An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct unauthorized video stream access...

PT-2025-52680

Name of the Vulnerable Software and Affected Versions ClipBucket version 5.5.2 Description The software is affected by an improper access control issue stemming from hardcoded default administrative credentials. An unauthenticated remote attacker can leverage these credentials to log in to the...

CVE-2025-65857

An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct unauthorized video stream access...

CVE-2025-65857

The CVE-2025-65857 affects Xiongmai XM530 IP cameras (firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06). The GetStreamUri ONVIF endpoint exposes RTSP URIs containing hardcoded credentials, enabling direct unauthorized video streaming access. Impact is unauthorized access to live streams; CV...

CVE-2025-1029 Hardcoded Credentials in Utarit Informatics' SoliClub

Use of Hard-coded Credentials vulnerability in Utarit Information Services Inc. SoliClub allows Read Sensitive Constants Within an Executable. This issue affects SoliClub: from 5.2.4 before 5.3.7...

CVE-2025-1029 Hardcoded Credentials in Utarit Informatics' SoliClub

Use of Hard-coded Credentials vulnerability in Utarit Information Services Inc. SoliClub allows Read Sensitive Constants Within an Executable. This issue affects SoliClub: from 5.2.4 before 5.3.7...

CVE-2025-1029

CVE-2025-1029 concerns Utarit Information Services Inc. SoliClub, where hard-coded credentials permit reading sensitive constants from the executable. Multiple sources (NVD, Red Hat, CVE/CVEList, CNNVD, EUVD, etc.) consistently describe impact for SoliClub versions 5.2.4 through 5.3.7. The vulner...

📄 Xiongmai XM530 IP Camera Hardcoded RTSP Credential Exposure

The GetStreamUri ONVIF endpoint in Xiongmai XM530-series IP cameras exposes RTSP URIs containing hardcoded credentials, enabling direct unauthorized access to live video streams. CVE-2025-65857 Xiongmai XM530 IP Camera Hardcoded RTSP Credentials Exposure --- Summary The GetStreamUri ONVIF endpoin...

EUVD-2025-203404

An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. A hardcoded Flickr API key and secret are present in the publicly accessible Flickr Zimlet used by Zimbra Collaboration. Because these credentials are embedded directly in the Zimlet, any unauthorized party could retrieve them and...

CVE-2025-67809

An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. A hardcoded Flickr API key and secret are present in the publicly accessible Flickr Zimlet used by Zimbra Collaboration. Because these credentials are embedded directly in the Zimlet, any unauthorized party could retrieve them and...

CVE-2025-67809

An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. A hardcoded Flickr API key and secret are present in the publicly accessible Flickr Zimlet used by Zimbra Collaboration. Because these credentials are embedded directly in the Zimlet, any unauthorized party could retrieve them and...

CVE-2025-67809

An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. A hardcoded Flickr API key and secret are present in the publicly accessible Flickr Zimlet used by Zimbra Collaboration. Because these credentials are embedded directly in the Zimlet, any unauthorized party could retrieve them and...

PT-2025-51284

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration versions 10.0 and 10.1 Description A hardcoded Flickr API key and secret are present in the publicly accessible Flickr Zimlet used by Zimbra Collaboration. An attacker with access to these credentials could impersonate the...

CVE-2025-36747 Hardcoded FTP Credentials within the firmware

ShineLan-X contains a set of credentials for an FTP server was found within the firmware, allowing testers to establish an insecure FTP connection with the server. This may allow an attacker to replace legitimate files being deployed to devices with their own malicious versions, since the firmwar...

CVE-2025-36747 Hardcoded FTP Credentials within the firmware

ShineLan-X contains a set of credentials for an FTP server was found within the firmware, allowing testers to establish an insecure FTP connection with the server. This may allow an attacker to replace legitimate files being deployed to devices with their own malicious versions, since the firmwar...

CVE-2025-36747

The CVE entry for CVE-2025-36747 describes ShineLan-X firmware containing FTP server credentials, enabling testers to establish an insecure FTP connection. This can allow an attacker to replace legitimate firmware-deployed files with malicious versions because firmware signature verification is n...