EUVD-2026-32675

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's WebSocket control plane trusts client-supplied identity and role fields in task messages. A client connection can register as a normal device, but later send a TASK...

EUVD-2026-28399

Yarbo firmware v2.3.9 contains hardcoded administrative credentials embedded in the firmware image. These credentials are identical across all devices running this firmware and cannot be changed or removed by end users, enabling trivial unauthorized access to device management interfaces by anyon...

CVE-2026-7414 Hardcoded credentials in Yarbo robot firmware

Yarbo firmware v2.3.9 contains hardcoded administrative credentials embedded in the firmware image. These credentials are identical across all devices running this firmware and cannot be changed or removed by end users, enabling trivial unauthorized access to device management interfaces by anyon...

PT-2026-38459

Name of the Vulnerable Software and Affected Versions Yarbo firmware version 2.3.9 Description The firmware contains hardcoded administrative credentials embedded in the image. These credentials are identical across all devices and cannot be modified or removed by end users, allowing unauthorized...

CVE-2025-63217

The Itel DAB MUX IDMUX build c041640a is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device running the same firmware, even if the...

CVE-2025-63224

The Itel DAB Encoder IDEnc build 25aec8d is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device running the same firmware, even if the...

PT-2025-47409

Name of the Vulnerable Software and Affected Versions Itel DAB Gateway versions c041640a Description The Itel DAB Gateway is susceptible to an authentication bypass due to inadequate JWT JSON Web Token validation. An attacker can exploit this by reusing a valid JWT token acquired from one device ...

CVE-2024-42192 HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a credential leakage

HCL Traveler for Microsoft Outlook HTMO is susceptible to a credential leakage which could allow an attacker to access other computers or applications...

PT-2024-31624 · Zoom · Zoom Product Suite

Name of the Vulnerable Software and Affected Versions: Zoom Product Suite versions prior to 6.2.0 Description: A buffer overflow issue in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access. This issue can be exploited by authenticated users,...

The vulnerability of the microprogrammed software of the Nexx Garage Door Controller (NXG-100B, NXG-200), Nexx Smart Plug (NXPG-100W), and Nexx Smart Alarm (NXAL-100) stems from insufficient validation of input data. This allows intruders to obtain information intended for other devices.

The vulnerabilities of the microprogrammed software of the Nexx Garage Door Controller NXG-100B, NXG-200, Nexx Smart Plug NXPG-100W, and Nexx Smart Alarm NXAL-100 are related to insufficient verification of input data. Exploiting these vulnerabilities can allow an attacker operating remotely to...

CVE-2022-29060

A use of hard-coded cryptographic key vulnerability CWE-321 in FortiDDoS API 5.5.0 through 5.5.1, 5.4.0 through 5.4.2, 5.3.0 through 5.3.1, 5.2.0, 5.1.0 may allow an attacker who managed to retrieve the key from one device to sign JWT tokens for any device...

CVE-2020-11925

An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Authentication to the device is based on a username and password. The root credentials are the same across all devices of this model...

CVE-2020-14474

The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device...

CVE-2020-3928

GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices...

CVE-2016-10308

Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both SSH and the device's web interface and grants access to the underlying embedded Linux OS on the...