PT-2025-53624

Name of the Vulnerable Software and Affected Versions PandaXGO PandaX versions prior to fb8ff40f7ce5dfebdf66306c6d85625061faf7e5 Description A security issue exists in PandaXGO PandaX related to the JWT Secret Handler component. The issue involves the manipulation of the key argument within the...

PT-2025-53617

Name of the Vulnerable Software and Affected Versions getmaxun versions up to 0.0.28 Description A security flaw exists in getmaxun maxun up to version 0.0.28. The issue involves manipulation of the api key argument within an unknown function located in the file...

SQLE 安全漏洞

SQLE is an ActionTech open source database. A security vulnerability exists in SQLE version 4.2511.0 and earlier, which stems from incorrect manipulation of the parameter JWTSecretKey in the file sqle/utils/jwt.go, which could result in the use of a hard-coded key...

SiYuan 安全漏洞

SiYuan is a privacy-first personal knowledge management system from SiYuan Open Source. A security vulnerability exists in SiYuan 3.5.1 and prior versions that stems from the use of hard-coded encryption keys for session storage, which could lead to session hijacking...

PandaX 安全漏洞

PandaX is a Go language open source low-code development framework for enterprise IoT platforms from PandaX Open Source. A security vulnerability exists in PandaX that stems from incorrect manipulation of the parameter key in the file config.yml, which could lead to the use of hard-coded keys...

PT-2025-53619

Name of the Vulnerable Software and Affected Versions actiontech sqle versions up to 4.2511.0 Description A security issue has been identified in actiontech sqle. The issue resides in an unknown function within the sqle/utils/jwt.go file of the JWT Secret Handler component. Manipulation of the...

Maxun 安全漏洞

Maxun is a crawler tool from Maxun open source. A security vulnerability exists in Maxun 0.0.28 and earlier versions, which stems from the incorrect manipulation of the parameter apikey in the file /getmaxun/maxun/blob/develop/server/src/routes/auth.ts, which may result in the use of a hard-coded...

Hanwha Vision IP Cameras 安全漏洞

Hanwha Vision IP Cameras are a series of webcams from Hanwha Vision, a South Korean company. A security vulnerability exists in Hanwha Vision IP Cameras, which stems from the use of a hard-coded encryption key for sensitive information in Device Manager, which can be used by an attacker to decryp...

CVE-2019-25241

FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser account. Attackers can leverage the insecure sudoers configuration to escalate privileges and gain root access by executing sudo commands without authentication...

CVE-2019-25241

FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser account. Attackers can leverage the insecure sudoers configuration to escalate privileges and gain root access by executing sudo commands without authentication...

CVE-2018-25138

FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and...

CVE-2018-25138

FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and...

CVE-2019-25241 FaceSentry Access Control System 6.4.8 Remote SSH Root Access

FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser account. Attackers can leverage the insecure sudoers configuration to escalate privileges and gain root access by executing sudo commands without authentication...

CVE-2018-25138 FLIR AX8 Thermal Camera 1.32.16 Hard-Coded Credentials Authentication Bypass

FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and...

CVE-2018-25138 FLIR AX8 Thermal Camera 1.32.16 Hard-Coded Credentials Authentication Bypass

FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and...

CVE-2018-25138

CVE-2018-25138 affects FLIR AX8 Thermal Camera firmware 1.32.16. The issue is hard-coded SSH and web panel credentials that cannot be changed via normal camera operations, enabling an unauthenticated attacker to gain shell access and log in to multiple interfaces using predefined credentials. Imp...

CVE-2025-33222

NVIDIA Isaac Launchable contains a vulnerability where an attacker could exploit a hard-coded credential issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, and data tampering...

FLIR AX8 Thermal Camera 安全漏洞

FLIR AX8 Thermal Camera is a monitoring thermal imaging sensor from FLIR, Inc. A security vulnerability exists in the FLIR AX8 Thermal Camera version 1.32.16, which stems from the presence of hard-coded SSH and web panel credentials that could lead to unauthorized access...

iWT FaceSentry Access Control System 安全漏洞

The iWT FaceSentry Access Control System is an iWT open source application. It provides an access control function. A security vulnerability exists in iWT FaceSentry Access Control System version 6.4.8, which stems from the presence of hard-coded SSH credentials and improperly configured sudoers,...

PT-2025-53358

FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and...