CVE-2025-34509 Sitecore XM and XP Hardcoded Credentials

Sitecore Experience Manager XM and Experience Platform XP versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access...

CVE-2025-34509 Sitecore XM and XP Hardcoded Credentials

Sitecore Experience Manager XM and Experience Platform XP versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access...

CVE-2025-28388

OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account...

CVE-2025-28388

OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account...

CVE-2025-28388

OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account...

CVE-2025-28388

OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account...

PT-2025-25416 · Openc3 · Openc3 Cosmos

Name of the Vulnerable Software and Affected Versions: OpenC3 COSMOS version 6.0.0 Description: The issue is related to hardcoded credentials for the Service Account. Recommendations: For OpenC3 COSMOS version 6.0.0, consider changing the hardcoded credentials for the Service Account to unique,...

CVE-2025-28388

CVE-2025-28388 affects OpenC3 COSMOS prior to v6.0.2, where hardcoded credentials for the Service Account are disclosed. The vulnerability enables potential unauthorized access with high impact as indicated by the CVSS metrics (CRITICAL, 9.8; network attack; no privileges required; user interacti...

CVE-2025-28388

OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account...

Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hard-Coded Credentials

Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks. "Several widely used extensions ... unintentionally transmit sensitive data over simple...

AUO DIR-605L and AUO DIR-816L Hardcoded Vulnerabilities

AUO DIR-605L is the first cloud router, mainly for home and small office network environments. AUO DIR-816L is a dual-band wireless router that supports 2.4GHz and 5GHz bands , and is compliant with network standards such as IEEE 802.11ac and IEEE 802.11n, with a maximum transmission rate of...

Fire detection system been pwned? You’re not going to sea

TL;DR Hardcoded SSH and VNC credentials found on Consilium Salwico CS5000 panels SSH access allows OS-level interaction, and VNC access gives UI control It may be possible to disable the fire detection system Attempts to disclose vulnerability to Consilium multiple times since 2022 Consilium...

CVE-2025-46176

Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B01 and DIR-816L v2.06B01 allow attackers to remotely execute arbitrary commands via firmware analysis...

CVE-2025-46176

Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B01 and DIR-816L v2.06B01 allow attackers to remotely execute arbitrary commands via firmware analysis...

CVE-2024-34539

Hardcoded credentials in TerraMaster TOS firmware through 5.1 allow a remote attacker to successfully login to the mail or webmail server. These credentials can also be used to login to the administration panel and to perform privileged actions...

CVE-2024-2420

LenelS2 NetBox access control and event monitoring system was discovered to contain Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication requirements...

CVE-2024-41610

D-Link DIR-820LW REVB FIRMWARE PATCH 2.03.B01TC contains hardcoded credentials in the Telnet service, enabling attackers to log in remotely to the Telnet service and perform arbitrary commands...

CVE-2024-50692

SunGrow WiNet-SV200.001.00.P027 and earlier versions contains hardcoded MQTT credentials that allow an attacker to send arbitrary commands to an arbitrary inverter. It is also possible to impersonate the broker, because TLS is not used to identify the real MQTT broker. This means that MQTT...

CVE-2024-5810

The WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.1. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for...

CVE-2024-46328

VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain hardcoded credentials for several different privileged accounts, including root...