Lucene search
K

8253 matches found

Nuclei
Nuclei
added 10 hours ago166 views

TOTOLINK CP450 v4.1.0cu.747_B20191224 - Hard-Coded Password Vulnerability

A critical vulnerability has been discovered in TOTOLINK CP450 version 4.1.0cu.747B20191224. This vulnerability affects an unknown part of the file /webcste/cgi-bin/product.ini of the Telnet Service component. The issue stems from the use of a hard-coded password, which can be exploited remotely...

10CVSS6.9AI score0.20737EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday72 views

EVlink City < R8 V3.4.0.1 - Authentication Bypass

A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox EVB1A all versions prior to R8 V3.4.0.1 that could allow an attacker t...

10CVSS7AI score0.64612EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday105 views

GitLab CE/EE - Hard-Coded Credentials

GitLab CE/EE contains a hard-coded credentials vulnerability. A hardcoded password was set for accounts registered using an OmniAuth provider e.g. OAuth, LDAP, SAML, allowing attackers to potentially take over accounts. This template attempts to passively identify vulnerable versions of GitLab...

9.8CVSS7.1AI score0.76177EPSS
Exploits3
Nuclei
Nuclei
added yesterday106 views

Gladinet CentreStack < 16.4.10315.56368 Use of Hard-coded Key Leads to Unauthenticated RCE

Gladinet CentreStack through 16.1.10296.56315 fixed in 16.4.10315.56368 has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors who know the machineKey to serialize a payload for server-side...

9.8CVSS7.3AI score0.93842EPSS
Exploits6References3
NVD
NVD
added last week6 views

CVE-2026-37270

Trueview Security camera T18161- AF v4.9.60.0 contains an authentication bypass vulnerability caused by improper password validation and the presence of hard-coded credentials in the firmware...

9.8CVSS0.00374EPSS
Exploits0References2
CVE
CVE
added 2026/07/07 12:0 a.m.12 views

CVE-2026-37270

The CVE-2026-37270 entry affects the Trueview Security camera T18161- AF with firmware v4.9.60.0. The vulnerability is an authentication bypass caused by improper password validation and hard-coded credentials present in the firmware. The CVSS metrics indicate a critical impact (CVSS 3.1: base sc...

9.8CVSS5.9AI score0.00374EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.14 views

PT-2026-56278

Name of the Vulnerable Software and Affected Versions Trueview Security camera T18161- AF version 4.9.60.0 Description An authentication bypass exists due to improper password validation and the inclusion of hard-coded credentials within the firmware. Recommendations At the moment, there is no...

9.8CVSS6.1AI score0.00374EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/07 12:0 a.m.24 views

CVE-2026-37270

Trueview Security camera T18161- AF v4.9.60.0 contains an authentication bypass vulnerability caused by improper password validation and the presence of hard-coded credentials in the firmware...

0.00374EPSS
Exploits0References2
NVD
NVD
added 2026/07/06 8:16 a.m.9 views

CVE-2026-14807

ERP App developed by PROG MIS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to view application code and obtain the database account and password...

9.8CVSS0.00463EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/06 7:9 a.m.6 views

EUVD-2026-41816

ERP App developed by PROG MIS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to view application code and obtain the database account and password...

9.8CVSS6.1AI score0.00463EPSS
Exploits0References2
CVE
CVE
added 2026/07/06 7:9 a.m.21 views

CVE-2026-14807

The CVE-2026-14807 entry concerns PROG MIS’s ERP App with a Use of Hard-coded Credentials vulnerability. The connected documentation confirms unauthenticated remote access that could log in and reveal application code, enabling retrieval of the database account and password. Reported CVSS metrics...

9.8CVSS6.1AI score0.00463EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:9 a.m.5 views

CVE-2026-14807

ERP App developed by PROG MIS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to view application code and obtain the database account and password...

9.8CVSS6.1AI score0.00463EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/06 7:9 a.m.36 views

CVE-2026-14807 PROG MIS|ERP App - Use of Hard-coded Credentials

ERP App developed by PROG MIS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to view application code and obtain the database account and password...

9.8CVSS0.00463EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.11 views

PT-2026-55872

Name of the Vulnerable Software and Affected Versions ERP App developed by PROG MIS affected versions not specified Description The application contains hard-coded credentials, which are passwords or usernames embedded directly into the software source code. This allows unauthenticated remote...

9.8CVSS6.2AI score0.00463EPSS
Exploits0References9
EUVD
EUVD
added 2026/07/03 12:31 a.m.6 views

EUVD-2026-41458

In exception circumstances, WatchGuard Fireware OS on a FireCluster may use a hard-coded encryption key to encrypt saved credentials for Access Portal resources. This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to and including 2026.2. This vulnerability does no...

5.9CVSS5.7AI score0.00134EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 12:16 a.m.10 views

CVE-2026-13728

In exception circumstances, WatchGuard Fireware OS on a FireCluster may use a hard-coded encryption key to encrypt saved credentials for Access Portal resources. This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to and including 2026.2. This vulnerability does no...

5.9CVSS0.00134EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:40 p.m.24 views

CVE-2026-13768

CVE-2026-13768 affects Gardyn Home Kit and Gardyn Studio. The root cause is exposure of a privileged iothubowner credential, which enables a malicious user to invoke IoTHub Registry Manager functions to obtain connection information for all Gardyn devices and to execute commands on a specific dev...

10CVSS6AI score0.00559EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:7 p.m.8 views

CVE-2026-13728

In exception circumstances, WatchGuard Fireware OS on a FireCluster may use a hard-coded encryption key to encrypt saved credentials for Access Portal resources. This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to and including 2026.2. This vulnerability does no...

5.9CVSS5.7AI score0.00134EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/02 11:7 p.m.45 views

CVE-2026-13728 WatchGuard Firebox Hardcoded Fallback Encryption Key in Access Portal Resource Credential Database

In exception circumstances, WatchGuard Fireware OS on a FireCluster may use a hard-coded encryption key to encrypt saved credentials for Access Portal resources. This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to and including 2026.2. This vulnerability does no...

5.9CVSS0.00134EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 7:56 p.m.7 views

CVE-2026-58466

AutoBangumi before 3.2.8 contains a hard-coded default credentials vulnerability that allows unauthenticated attackers to authenticate as the administrator by using the publicly known default credentials seeded at startup via adddefaultuser in the database user module when the users table is empt...

9.8CVSS5.8AI score0.00505EPSS
Exploits0References5
Rows per page
Query Builder