CVE-2025-31953 HCL iAutomate is affected by hardcoded credentials

HCL iAutomate includes hardcoded credentials which may result in potential exposure of confidential data if intercepted or accessed by unauthorized parties...

PT-2025-30698 · Hcl · Hcl Iautomate

Name of the Vulnerable Software and Affected Versions: HCL iAutomate affected versions not specified Description: HCL iAutomate includes hardcoded credentials, which could lead to the exposure of confidential data if intercepted or accessed by unauthorized parties. Recommendations: At the moment,...

CVE-2025-54137

HAX CMS NodeJS allows users to manage their microsite universe with a NodeJS backend. Versions 11.0.9 and below were distributed with hardcoded default credentials for the user and superuser accounts. Additionally, the application has default private keys for JWTs. Users aren't prompted to change...

HAXcms with nodejs backend 安全漏洞

HAXcms with nodejs backend is an open source backend management system from HAX The Web. A security vulnerability exists in HAXcms with nodejs backend version 11.0.9 and earlier, which stems from hardcoding default credentials and JWT private keys, which could lead to unauthorized access...

NodeJS version of the HAX CMS application is distributed with Default Secrets

Summary The NodeJS version of the HAX CMS application is distributed with hardcoded default credentials for the user and superuser accounts. Additionally, the application has default private keys for JWTs. Users aren't prompted to change credentials or secrets during installation, and there is no...

CVE-2025-4130

CVE-2025-4130 affects PAVO Pay prior to 13.05.2025. The issue is a hard-coded credentials flaw that enables reading of sensitive constants within an executable. Affected product: PAVO Pay (mobile payment management), with exposure described as reading sensitive constants due to embedded credentia...

CVE-2025-4130 Hardcoded Credentials in PAVO Inc.'s PAVO Pay

Use of Hard-coded Credentials vulnerability in PAVO Inc. PAVO Pay allows Read Sensitive Constants Within an Executable. This issue affects PAVO Pay: before 13.05.2025...

CVE-2025-4130 Hardcoded Credentials in PAVO Inc.'s PAVO Pay

Use of Hard-coded Credentials vulnerability in PAVO Inc. PAVO Pay allows Read Sensitive Constants Within an Executable. This issue affects PAVO Pay: before 13.05.2025...

PT-2025-30359 · Unknown · Haxcms-Nodejs

Name of the Vulnerable Software and Affected Versions: HAX CMS NodeJS versions 11.0.9 and below Description: HAX CMS NodeJS is distributed with hardcoded default credentials for user and superuser accounts and default private keys for JWTs. Users are not prompted to change these credentials or...

CVE-2025-6982 Hardcoded DES Decryption Keys in TP-Link Archer C50 V3/V4/V5 and C20 V5

Use of Hard-coded Credentials in TP-Link Archer C50 V3 = 180703/V4 = 250117 /V5 = 200407 , and C20 V5 USV5260419 or EUV5260317 allows attackers to decrypt the config.xml files...

CVE-2025-5023

Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Corporation photovoltaic system monitor “EcoGuideTAB” PV-DR004J all versions and PV-DR004JA all versions allows an attacker within the Wi-Fi communication range between the units of the product measurement unit and display unit to...

CVE-2025-37103 Hardcoded Credential Exposure Allows Unauthorized Access in Web Interface

Hard-coded login credentials were found in HPE Networking Instant On Access Points, allowing anyone with knowledge of it to bypass normal device authentication. Successful exploitation could allow a remote attacker to gain administrative access to the system...

CVE-2025-37103 Hardcoded Credential Exposure Allows Unauthorized Access in Web Interface

Hard-coded login credentials were found in HPE Networking Instant On Access Points, allowing anyone with knowledge of it to bypass normal device authentication. Successful exploitation could allow a remote attacker to gain administrative access to the system...

CVE-2025-45813

ENENSYS IPGuard v2 2.10.0 was discovered to contain hardcoded credentials...

CVE-2025-45813

ENENSYS IPGuard v2 2.10.0 was discovered to contain hardcoded credentials...

CVE-2025-45813

ENENSYS IPGuard v2 2.10.0 was discovered to contain hardcoded credentials...

CVE-2025-45813

ENENSYS IPGuard v2 2.10.0 was discovered to contain hardcoded credentials...

CVE-2025-45813

ENENSYS IPGuard v2 2.10.0 was discovered to contain hardcoded credentials...

CVE-2025-45813

CVE-2025-45813 concerns ENENSYS IPGuard v2.10.0 with hardcoded credentials. Affected component is the IPGuard device/software; root cause is hardcoded credential storage leading to potential unauthenticated access. Impact is high confidentiality, integrity, and availability risk per the CVSS vect...

PT-2025-27662 · Enensys · Enensys Ipguard

Name of the Vulnerable Software and Affected Versions: ENENSYS IPGuard v2 version 2.10.0 Description: The issue concerns hardcoded credentials in the software. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world inciden...