Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3028 matches found

Vulnrichment
Vulnrichmentadded 2025/12/05 12:0 a.m.3 views

CVE-2025-65730

Authentication Bypass via Hardcoded Credentials GoAway up to v0.62.18, fixed in 0.62.19, uses a hardcoded secret for signing JWT tokens used for authentication...

6.5AI score0.00472EPSS
Exploits1References9
EUVD
EUVDadded 2025/12/04 9:31 p.m.4 views

EUVD-2025-201251

ALLNET ALL-RUT22GW v3.3.8 was discovered to store hardcoded credentials in the libicos.so library...

6.7AI score0.08072EPSS
Exploits1References4
OSV
OSVadded 2025/12/04 8:16 p.m.1 views

CVE-2025-29268

ALLNET ALL-RUT22GW v3.3.8 was discovered to store hardcoded credentials in the libicos.so library...

9.8CVSS5.8AI score0.08072EPSS
Exploits1References3
NVD
NVDadded 2025/12/04 8:16 p.m.2 views

CVE-2025-29268

ALLNET ALL-RUT22GW v3.3.8 was discovered to store hardcoded credentials in the libicos.so library...

9.8CVSS0.08072EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2025/12/04 12:0 a.m.3 views

CVE-2025-29268

ALLNET ALL-RUT22GW v3.3.8 was discovered to store hardcoded credentials in the libicos.so library...

6.8AI score0.08072EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2025/12/04 12:0 a.m.4 views

PT-2025-49120

Name of the Vulnerable Software and Affected Versions ALLNET ALL-RUT22GW version 3.3.8 Description The ALLNET ALL-RUT22GW device version 3.3.8 stores hardcoded credentials within the libicos.so library. These credentials are present in the library and could potentially be exposed. Recommendations...

9.8CVSS6.6AI score0.08072EPSS
Exploits1References7
Cvelist
Cvelistadded 2025/12/04 12:0 a.m.16 views

CVE-2025-29268

ALLNET ALL-RUT22GW v3.3.8 was discovered to store hardcoded credentials in the libicos.so library...

0.08072EPSS
Exploits1References3
CVE
CVEadded 2025/12/04 12:0 a.m.11 views

CVE-2025-29268

CVE-2025-29268 affects ALLNET ALL-RUT22GW v3.3.8. The flaw stores hardcoded credentials in the libicos.so library, aligning with the CVSSv3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and a base score of 9.8 (CRITICAL). Impact spans confidentiality, integrity, and availability. Public referenc...

9.8CVSS6.8AI score0.08072EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVEadded 2025/11/25 8:56 p.m.10 views

CVE-2018-25126

Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products contains hardcoded API credentials and an OS command injection flaw in its configuration services. The web/API interface accepts HTTP/XML requests authenticated with a fixed vendor...

9.3CVSS7.8AI score0.03884EPSS
Exploits0References1
EUVD
EUVDadded 2025/11/24 9:31 p.m.2 views

EUVD-2025-199000

Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products contains hardcoded API credentials and an OS command injection flaw in its configuration services. The web/API interface accepts HTTP/XML requests authenticated with a fixed vendor...

9.3CVSS7.3AI score0.03884EPSS
Exploits0References6
NVD
NVDadded 2025/11/24 9:16 p.m.7 views

CVE-2018-25126

Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products contains hardcoded API credentials and an OS command injection flaw in its configuration services. The web/API interface accepts HTTP/XML requests authenticated with a fixed vendor...

9.3CVSS0.03884EPSS
Exploits0References5
Cvelist
Cvelistadded 2025/11/24 8:30 p.m.11 views

CVE-2018-25126 TVT NVMS-9000 Hard-coded API Credentials & Command Injection

Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products contains hardcoded API credentials and an OS command injection flaw in its configuration services. The web/API interface accepts HTTP/XML requests authenticated with a fixed vendor...

9.3CVSS0.03884EPSS
Exploits0References5
CNNVD
CNNVDadded 2025/11/24 12:0 a.m.3 views

TVT NVMS-9000 安全漏洞

The TVT NVMS-9000 is a digital video recorder from China-based Tongwei TVT. A security vulnerability exists in the TVT NVMS-9000 prior to version 1.3.4, which stems from an OS command injection flaw in the inclusion of hardcoded API credentials and configuration services, which could lead to...

9.3CVSS7.5AI score0.03884EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2025/11/24 12:0 a.m.7 views

PT-2025-47964

Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products contains hardcoded API credentials and an OS command injection flaw in its configuration services. The web/API interface accepts HTTP/XML requests authenticated with a fixed vendor...

9.3CVSS7.8AI score0.03884EPSS
Exploits0References6
RedhatCVE
RedhatCVEadded 2025/11/17 9:7 a.m.12 views

CVE-2025-64308

The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle...

8.7CVSS7AI score0.00302EPSS
Exploits0References1
NVD
NVDadded 2025/11/15 12:15 a.m.5 views

CVE-2025-64308

The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle...

8.7CVSS0.00302EPSS
Exploits0References3
Cvelist
Cvelistadded 2025/11/14 11:38 p.m.8 views

CVE-2025-64308 Brightpick Mission Control / Internal Logic Control Unprotected Transport of Credentials

The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle...

8.7CVSS0.00302EPSS
Exploits0References3
EUVD
EUVDadded 2025/11/14 11:38 p.m.3 views

EUVD-2025-197665

The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle...

8.7CVSS6.4AI score0.00302EPSS
Exploits0References4
CVE
CVEadded 2025/11/14 11:38 p.m.11 views

CVE-2025-64308

Brightpick Mission Control web application exposes hardcoded credentials in the client-side JavaScript bundle. The vulnerability can enable unauthorized access to credentials and could allow manipulation of robot control functions through an unauthenticated interface and via WebSocket traffic, pe...

8.7CVSS6.6AI score0.00302EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2025/11/14 11:38 p.m.3 views

CVE-2025-64308 Brightpick Mission Control / Internal Logic Control Unprotected Transport of Credentials

The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle...

8.7CVSS6.5AI score0.00302EPSS
Exploits0References3
Rows per page
Query Builder