CVE-2018-25126

Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products contains hardcoded API credentials and an OS command injection flaw in its configuration services. The web/API interface accepts HTTP/XML requests authenticated with a fixed vendor...

CVE-2018-25126 TVT NVMS-9000 Hard-coded API Credentials & Command Injection

Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products contains hardcoded API credentials and an OS command injection flaw in its configuration services. The web/API interface accepts HTTP/XML requests authenticated with a fixed vendor...

TVT NVMS-9000 安全漏洞

The TVT NVMS-9000 is a digital video recorder from China-based Tongwei TVT. A security vulnerability exists in the TVT NVMS-9000 prior to version 1.3.4, which stems from an OS command injection flaw in the inclusion of hardcoded API credentials and configuration services, which could lead to...

PT-2025-47964

Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products contains hardcoded API credentials and an OS command injection flaw in its configuration services. The web/API interface accepts HTTP/XML requests authenticated with a fixed vendor...

CVE-2025-64308

The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle...

CVE-2025-64308

The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle...

CVE-2025-64308 Brightpick Mission Control / Internal Logic Control Unprotected Transport of Credentials

The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle...

EUVD-2025-197665

The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle...

CVE-2025-64308 Brightpick Mission Control / Internal Logic Control Unprotected Transport of Credentials

The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle...

CVE-2025-64308

Brightpick Mission Control web application exposes hardcoded credentials in the client-side JavaScript bundle. The vulnerability can enable unauthorized access to credentials and could allow manipulation of robot control functions through an unauthenticated interface and via WebSocket traffic, pe...

CVE-2025-9982

A vulnerability exists in QuickCMS version 6.8 where sensitive admin credentials are hardcoded in a configuration file and stored in plaintext. This flaw allows attackers with access to the source code or the server file system to retrieve authentication details, potentially leading to privilege...

PT-2025-46953

Name of the Vulnerable Software and Affected Versions QuickCMS version 6.8 Description A flaw exists where sensitive admin credentials are hardcoded in a configuration file and stored in plaintext. This allows attackers with access to the source code or the server file system to retrieve...

QuickCMS 安全漏洞

QuickCMS is a content management system from QuickCMS Open Source. A security vulnerability exists in QuickCMS version 6.8, which stems from sensitive administrator credentials being hardcoded in a configuration file and stored in plaintext, which could lead to elevated privileges...

PT-2025-47030

Name of the Vulnerable Software and Affected Versions Brightpick Mission Control affected versions not specified Description The Brightpick Mission Control web application contains hardcoded credentials within its client-side JavaScript bundle. These credentials are directly embedded in the code,...

SAP SQL Anywhere 信任管理问题漏洞

SAP SQL Anywhere is a SAP-specific relational database management system from SAP, Germany. A trust management issue vulnerability exists in SAP SQL Anywhere, which arises from hard-coded credentials in the code, and could lead to arbitrary code execution, impacting the confidentiality integrity...

PT-2025-46231

Name of the Vulnerable Software and Affected Versions SQL Anywhere Monitor Non-GUI version 17.0 versions prior to SAP Note 3666261 Description The SQL Anywhere Monitor Non-GUI contains hard-coded credentials within its code. This allows unintended users access to resources and functionality,...

PT-2025-46301

Name of the Vulnerable Software and Affected Versions age-restriction WordPress plugin versions through 3.0.2 Description The age-restriction WordPress plugin does not have proper authorisation within the age restrictionRemoteSupportRequest function. This allows authenticated users, even those wi...

CVE-2025-34501 Shuffle Master Deck Mate 2 Hard-coded Credentials & Exposed Services

Deck Mate 2 is distributed with static, hard-coded credentials for the root shell and web user interface, while multiple management services SSH, HTTP, Telnet, SMB, X11 are enabled by default. If an attacker can reach these interfaces - most often through local or near-local access such as...

CVE-2025-56801

The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector IV in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data. NOTE: the Supplier's position is that...

EUVD-2025-35161

The WorkExaminer Professional server installation comes with an FTP server that is used to receive the client logs on TCP port 12304. An attacker with network access to this port can use weak hardcoded credentials to login to the FTP server and modify or read data, log files and gain remote code...