3038 matches found
AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks
Trend™ Research’s analysis of Wondershare RepairIt reveals how the AI-driven app exposed sensitive user data due to unsecure cloud storage practices and hardcoded credentials, creating risks of model tampering and supply chain attacks...
WordPress plugin Estonian Shipping Methods for WooCommerce 信任管理问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plug...
CVE-2025-57601
AiKaan Cloud Controller uses a single hardcoded SSH private key and the username proxyuser for remote terminal access to all managed IoT/edge devices. When an administrator initiates "Open Remote Terminal" from the AiKaan dashboard, the controller sends this same static private key to the target...
CVE-2025-52159
Hardcoded credentials in default configuration of PPress 0.0.9...
CVE-2025-52159
Hardcoded credentials in default configuration of PPress 0.0.9...
CVE-2025-52159
Hardcoded credentials in default configuration of PPress 0.0.9...
CVE-2025-52159
CVE-2025-52159 affects PPress CMS (version 0.0.9; related note mentions 0.0.9-beta). The connected exploit documentation describes a chain leading to remote code execution via server-side template injection (SSTI) and highlights Broken/Incorrect Access Control enabling exploit progression. The ro...
CVE-2025-52159
Hardcoded credentials in default configuration of PPress 0.0.9...
PT-2025-38616
Name of the Vulnerable Software and Affected Versions PPress version 0.0.9 Description The default configuration of PPress contains hardcoded credentials. Recommendations Change the default credentials in PPress version 0.0.9...
CVE-2025-52159
Hardcoded credentials in default configuration of PPress 0.0.9...
CVE-2024-48842 Hardcoded passwords
Use of Hard-coded Credentials vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5 and newer versions...
gosec
This is a Go AST Abstract Syntax Tree scanner for identifying security vulnerabilities in Go code. The scanner is called "gosec" and is part of the GolangCI project. It can be installed using the command "go get github.com/golangci/gosec/cmd/gosec/...". The scanner can be configured to run a subs...
CVE-2025-56466
Hardcoded credentials in Dietly v1.25.0 for android allows attackers to gain sensitive information...
📄 Sitecore XP Post-Authentication Remote Code Execution
This Metasploit module exploits Sitecore XP with a path traversal that leads to remote code execution as well as a hardcoded credential vulnerability in the ServicesAPI account to gain a foothold. This module requires Metasploit: https://metasploit.com/download Current source:...
📄 Sitecore XP Post-Authentication File Upload
This Metasploit module exploits Sitecore XP with a file upload vulnerability in PowerShell extensions and a hardcoded credential vulnerability with the ServicesAPI account to gain a foothold. This module requires Metasploit: https://metasploit.com/download Current source:...
Sitecore XP CVE-2025-34510 Post-Authentication Remote Code Execution
This module exploits CVE-2025-34510, path traversal leading to remote code execution. The module exploits also CVE-2025-34509 - hardcoded credentials of ServicesAPI account - to gain foothold. Module Options msf use exploit/windows/http/sitecorexpcve202534510 msf exploitsitecorexpcve202534510 sho...
Sitecore XP CVE-2025-34511 Post-Authentication File Upload
This module exploits CVE-2025-34511, a file upload vulnerability in PowerShell extensions. The module exploits also CVE-2025-34509 - hardcoded credentials of ServicesAPI account - to gain foothold. Module Options msf use exploit/windows/http/sitecorexpcve202534511 msf exploitsitecorexpcve20253451...
CVE-2025-56466
Hardcoded credentials in Dietly v1.25.0 for android allows attackers to gain sensitive information...
CVE-2025-56466
Hardcoded credentials in Dietly v1.25.0 for android allows attackers to gain sensitive information...
CVE-2025-56466
The CVE-2025-56466 entry concerns the Dietly Android app (version 1.25.0). The connected documents confirm a hardcoded credential issue in Dietly v1.25.0, which can lead to disclosure of sensitive information. The vulnerability arises from credentials hardcoded into the application, enabling atta...