3032 matches found
CVE-2025-52159
CVE-2025-52159 affects PPress CMS (version 0.0.9; related note mentions 0.0.9-beta). The connected exploit documentation describes a chain leading to remote code execution via server-side template injection (SSTI) and highlights Broken/Incorrect Access Control enabling exploit progression. The ro...
CVE-2025-52159
Hardcoded credentials in default configuration of PPress 0.0.9...
PT-2025-38616
Name of the Vulnerable Software and Affected Versions PPress version 0.0.9 Description The default configuration of PPress contains hardcoded credentials. Recommendations Change the default credentials in PPress version 0.0.9...
CVE-2025-52159
Hardcoded credentials in default configuration of PPress 0.0.9...
CVE-2024-48842 Hardcoded passwords
Use of Hard-coded Credentials vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5 and newer versions...
gosec
This is a Go AST Abstract Syntax Tree scanner for identifying security vulnerabilities in Go code. The scanner is called "gosec" and is part of the GolangCI project. It can be installed using the command "go get github.com/golangci/gosec/cmd/gosec/...". The scanner can be configured to run a subs...
CVE-2025-56466
Hardcoded credentials in Dietly v1.25.0 for android allows attackers to gain sensitive information...
📄 Sitecore XP Post-Authentication File Upload
This Metasploit module exploits Sitecore XP with a file upload vulnerability in PowerShell extensions and a hardcoded credential vulnerability with the ServicesAPI account to gain a foothold. This module requires Metasploit: https://metasploit.com/download Current source:...
📄 Sitecore XP Post-Authentication Remote Code Execution
This Metasploit module exploits Sitecore XP with a path traversal that leads to remote code execution as well as a hardcoded credential vulnerability in the ServicesAPI account to gain a foothold. This module requires Metasploit: https://metasploit.com/download Current source:...
Sitecore XP CVE-2025-34510 Post-Authentication Remote Code Execution
This module exploits CVE-2025-34510, path traversal leading to remote code execution. The module exploits also CVE-2025-34509 - hardcoded credentials of ServicesAPI account - to gain foothold. Module Options msf use exploit/windows/http/sitecorexpcve202534510 msf exploitsitecorexpcve202534510 sho...
Sitecore XP CVE-2025-34511 Post-Authentication File Upload
This module exploits CVE-2025-34511, a file upload vulnerability in PowerShell extensions. The module exploits also CVE-2025-34509 - hardcoded credentials of ServicesAPI account - to gain foothold. Module Options msf use exploit/windows/http/sitecorexpcve202534511 msf exploitsitecorexpcve20253451...
CVE-2025-56466
Hardcoded credentials in Dietly v1.25.0 for android allows attackers to gain sensitive information...
CVE-2025-56466
Hardcoded credentials in Dietly v1.25.0 for android allows attackers to gain sensitive information...
CVE-2025-56466
The CVE-2025-56466 entry concerns the Dietly Android app (version 1.25.0). The connected documents confirm a hardcoded credential issue in Dietly v1.25.0, which can lead to disclosure of sensitive information. The vulnerability arises from credentials hardcoded into the application, enabling atta...
CVE-2025-56466
Hardcoded credentials in Dietly v1.25.0 for android allows attackers to gain sensitive information...
CVE-2025-56466
Hardcoded credentials in Dietly v1.25.0 for android allows attackers to gain sensitive information...
PT-2025-37053
Name of the Vulnerable Software and Affected Versions: Dietly version 1.25.0 Description: The application contains hardcoded credentials, potentially allowing attackers to gain sensitive information. Recommendations: Update to a version without hardcoded credentials. At the moment, there is no...
CVE-2025-9696 Use of Hard-coded Credentials in SunPower PVS6
The SunPower PVS6's BluetoothLE interface is vulnerable due to its use of hardcoded encryption parameters and publicly accessible protocol details. An attacker within Bluetooth range could exploit this vulnerability to gain full access to the device's servicing interface. This access allows the...
CVE-2025-9696 Use of Hard-coded Credentials in SunPower PVS6
The SunPower PVS6's BluetoothLE interface is vulnerable due to its use of hardcoded encryption parameters and publicly accessible protocol details. An attacker within Bluetooth range could exploit this vulnerability to gain full access to the device's servicing interface. This access allows the...
Tenda F1202 安全漏洞
The Tenda F1202 is a dual-band Wi-Fi router with fifth-generation technology from Tenda, China. A security vulnerability exists in the Tenda F1202 version 1.2.0.9, 1.2.0.14, and 1.2.0.20, which originates in the file /etcro/shadow, where an action on the input Fireitup can result in hardcoded...