3032 matches found
PT-2025-27659
Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager Unified CM versions 15.0.1.13010-1 through 15.0.1.13017-1 Cisco Unified Communications Manager Session Management Edition Unified CM SME versions 15.0.1.13010-1 through 15.0.1.13017-1 Description A...
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2024-54085link is external AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability CVE-2024-0769link is external D-Link DIR-859 Router Path Traversal...
CVE-2025-4378 Hardcoded Credentials in Ataturk University's ATA-AOF Mobile Application
Cleartext Transmission of Sensitive Information, Use of Hard-coded Credentials vulnerability in Ataturk University ATA-AOF Mobile Application allows Authentication Abuse, Authentication Bypass. This issue affects ATA-AOF Mobile Application: before 20.06.2025...
CVE-2025-4378 Hardcoded Credentials in Ataturk University's ATA-AOF Mobile Application
Cleartext Transmission of Sensitive Information, Use of Hard-coded Credentials vulnerability in Ataturk University ATA-AOF Mobile Application allows Authentication Abuse, Authentication Bypass.This issue affects ATA-AOF Mobile Application: before 20.06.2025...
CVE-2025-4378
CVE-2025-4378 affects the Ataturk University ATA-AOF Mobile Application. The root issue is cleartext transmission of sensitive information combined with hard-coded credentials, enabling authentication abuse and bypass. Affected versions are prior to 20.06.2025. CVSS‑3.1 metrics indicate a critica...
UBUNTU-CVE-2025-34034
A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege...
CVE-2025-34034 5VTechnologies Blue Angel Software Suite Hardcoded Credentials
A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege...
CVE-2025-34034 5VTechnologies Blue Angel Software Suite Hardcoded Credentials
A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege...
Sitecore XM/XP/XC Hardcoded Credentials
Sitecore XM, XP and XC version 9.x = 9.3 or version 10.x 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access administrative API over HTTP. No source data...
PT-2025-26661
Name of the Vulnerable Software and Affected Versions: Blue Angel Software Suite affected versions not specified Description: A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and...
CVE-2025-45784
D-Link DPH-400S/SE VoIP Phone v1.01 contains hardcoded provisioning variables, including PROVISUSERPASSWORD, which may expose sensitive user credentials. An attacker with access to the firmware image can extract these credentials using static analysis tools such as strings or xxd, potentially...
VulnCheck KEV: CVE-2025-34034
A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege...
CVE-2025-45784
D-Link DPH-400S/SE VoIP Phone v1.01 contains hardcoded provisioning variables, including PROVISUSERPASSWORD, which may expose sensitive user credentials. An attacker with access to the firmware image can extract these credentials using static analysis tools such as strings or xxd, potentially...
CVE-2025-45784
CVE-2025-45784 affects the D-Link DPH-400S/SE VoIP Phone (v1.01). The issue is due to hardcoded provisioning variables in the firmware binary (notably PROVIS_USER_PASSWORD), resulting from insecure storage of sensitive information. An attacker who can access the firmware image could extract crede...
CVE-2025-34509 Sitecore XM and XP Hardcoded Credentials
Sitecore Experience Manager XM and Experience Platform XP versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access...
CVE-2025-34509 Sitecore XM and XP Hardcoded Credentials
Sitecore Experience Manager XM and Experience Platform XP versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access...
CVE-2025-28388
OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account...
CVE-2025-28388
OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account...
CVE-2025-28388
OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account...
CVE-2025-28388
OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account...