CVE-2025-32889

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The verification token used for sending SMS through a goTenna server is hardcoded in the app...

PT-2025-18688 · Gotenna · Gotenna Mesh

Name of the Vulnerable Software and Affected Versions: goTenna Mesh versions 5.5.3 with firmware 1.1.12 Description: A problem was discovered in goTenna Mesh devices where the verification token used for sending SMS through a goTenna server is hardcoded in the application. This issue affects...

CVE-2025-32889

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The verification token used for sending SMS through a goTenna server is hardcoded in the app...

CVE-2025-32888

An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. The verification token used for sending SMS through a goTenna server is hardcoded in the app...

CVE-2025-32888

An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. The verification token used for sending SMS through a goTenna server is hardcoded in the app...

CVE-2025-32888

GoTenna Mesh CVE-2025-32888 affects devices running app 5.5.3 with firmware 1.1.12, where the verification token used for sending SMS through a goTenna server is hardcoded in the app. Reported impact indicators show high severity (CVSS v3.1: base score 8.8) with confidentiality, integrity, and av...

PT-2025-18689 · Gotenna · Gotenna

Name of the Vulnerable Software and Affected Versions: goTenna v1 devices with app version 5.5.3 and firmware version 0.25.5 Description: An issue was discovered where the verification token used for sending SMS through a goTenna server is hardcoded in the app. This affects the ability to securel...

CVE-2025-1724

Zohocorp's ManageEngine Analytics Plus and Zoho Analytics on-premise versions older than 6130 are vulnerable to an AD only account takeover because of a hardcoded sensitive token...

CVE-2025-1724

Affected products: Zohocorp’s ManageEngine Analytics Plus and Zoho Analytics on‑premise, versions older than 6130. Root cause: hardcoded sensitive token leading to an AD‑only account takeover. Impact: potential unauthorized AD account access; impact details are as described in the sources. Exploi...

CVE-2025-1724 Account Takeover

Zohocorp's ManageEngine Analytics Plus and Zoho Analytics on-premise versions older than 6130 are vulnerable to an AD only account takeover because of a hardcoded sensitive token...

CVE-2025-1724 Account Takeover

Zohocorp's ManageEngine Analytics Plus and Zoho Analytics on-premise versions older than 6130 are vulnerable to an AD only account takeover because of a hardcoded sensitive token...

CVE-2022-20868

A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. The attacker needs valid credentials to exploit thi...

CVE-2022-28605

Hardcoded admin token in SoundBar apps in Linkplay SDK 1.00 allows remote attackers to gain admin privilege access in linkplay antifactory...

PT-2022-19099 · Linkplay · Linkplay Sdk

Name of the Vulnerable Software and Affected Versions: Linkplay SDK version 1.00 Description: The issue concerns a hardcoded admin token in SoundBar apps using the Linkplay SDK, allowing remote attackers to gain admin privilege access. Recommendations: For Linkplay SDK version 1.00, consider...

CVE-2022-26672

ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote attacker can use this token to establish connections with the server and carry out login attempts to general user accounts. A successful login to a general user account allows the attacker to access, modif...

CVE-2022-26672

ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote attacker can use this token to establish connections with the server and carry out login attempts to general user accounts. A successful login to a general user account allows the attacker to access, modif...