CVE-2025-31649 Dell ControlVault3 ControlVault WBDI Driver hard-coded password vulnerability

A hard-coded password vulnerability exists in the ControlVault WBDI Driver functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to execute priviledged operation. An attacker can issue an api call...

CVE-2025-31649 Dell ControlVault3 ControlVault WBDI Driver hard-coded password vulnerability

A hard-coded password vulnerability exists in the ControlVault WBDI Driver functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to execute priviledged operation. An attacker can issue an api call...

CVE-2025-64766

NixOS's Onlyoffice is a software suite that offers online and offline tools for document editing, collaboration, and management. In versions from 22.11 to before 25.05 and versions before Unstable 25.11, a hard-coded secret was used in the NixOS module for the OnlyOffice document server to protec...

CVE-2025-64766 NixOS has hardcoded credentials in Onlyoffice module

NixOS's Onlyoffice is a software suite that offers online and offline tools for document editing, collaboration, and management. In versions from 22.11 to before 25.05 and versions before Unstable 25.11, a hard-coded secret was used in the NixOS module for the OnlyOffice document server to protec...

EUVD-2025-197734

A vulnerability was found in shsuishang ShopSuite ModulithShop up to 45a99398cec3b7ad7ff9383694f0b53339f2d35a. Affected by this issue is some unknown functionality of the component RSA/OAuth2/Database. The manipulation results in hard-coded credentials. The attack can be executed remotely. The...

PT-2025-47226

Name of the Vulnerable Software and Affected Versions Dell ControlVault3 versions prior to 5.15.14.19 Dell ControlVault3 Plus versions prior to 6.2.36.47 Description A hard-coded password exists within the ControlVault WBDI Driver functionality. An attacker can exploit this by issuing a specially...

ONLYOFFICE Docs 信任管理问题漏洞

ONLYOFFICE Docs is an online office software from ONLYOFFICE, Inc. A trust management issue vulnerability exists in ONLYOFFICE Docs versions 22.11 through prior to 25.05 and prior to 25.11, which stems from the use of a hard-coded key to protect the file cache, which could lead to accessing known...

Dell ControlVault3和Dell ControlVault3 Plus 安全漏洞

Dell ControlVault3 and Dell ControlVault3 Plus are both hardware-based security solutions from Dell USA. A security vulnerability exists in Dell ControlVault3 versions prior to 5.15.14.19 and Dell ControlVault3 Plus versions prior to 6.2.36.47, which stems from a hard-coded password vulnerability...

Dell ControlVault3 ControlVault WBDI Driver hard-coded password vulnerability

Talos Vulnerability Report TALOS-2025-2173 Dell ControlVault3 ControlVault WBDI Driver hard-coded password vulnerability November 17, 2025 CVE Number CVE-2025-31649 SUMMARY A hard-coded password vulnerability exists in the ControlVault WBDI Driver functionality of Dell ControlVault3 5.14.3.0. A...

PT-2025-47210

Name of the Vulnerable Software and Affected Versions Onlyoffice versions 22.11 through 25.05 Onlyoffice versions prior to Unstable 25.11 Description Onlyoffice is a software suite providing tools for document editing, collaboration, and management. A hard-coded secret within the NixOS module for...

CVE-2025-13252

A vulnerability was found in shsuishang ShopSuite ModulithShop up to 45a99398cec3b7ad7ff9383694f0b53339f2d35a. Affected by this issue is some unknown functionality of the component RSA/OAuth2/Database. The manipulation results in hard-coded credentials. The attack can be executed remotely. The...

CVE-2025-13252 shsuishang ShopSuite ModulithShop RSA/OAuth2/Database hard-coded credentials

A vulnerability was found in shsuishang ShopSuite ModulithShop up to 45a99398cec3b7ad7ff9383694f0b53339f2d35a. Affected by this issue is some unknown functionality of the component RSA/OAuth2/Database. The manipulation results in hard-coded credentials. The attack can be executed remotely. The...

CVE-2025-13252

ShopSuite ModulithShop (up to 45a99398cec3b7ad7ff9383694f0b53339f2d35a) is affected by a vulnerability in the RSA/OAuth2/Database component that leads to hard-coded credentials. The issue can be exploited remotely, and public exploitation is noted. Several connected sources confirm the same root ...

CVE-2025-13252 shsuishang ShopSuite ModulithShop RSA/OAuth2/Database hard-coded credentials

A vulnerability was found in shsuishang ShopSuite ModulithShop up to 45a99398cec3b7ad7ff9383694f0b53339f2d35a. Affected by this issue is some unknown functionality of the component RSA/OAuth2/Database. The manipulation results in hard-coded credentials. The attack can be executed remotely. The...

ModulithShop 信任管理问题漏洞

ModulithShop is an online shopping mall system from the individual developers of Shopsuite. ModulithShop suffers from a Trust Management Issue vulnerability that stems from misbehavior of the component RSA/OAuth2/Database, which could lead to hard-coded credentials...

PT-2025-47093

Name of the Vulnerable Software and Affected Versions ShopSuite ModulithShop versions up to 45a99398cec3b7ad7ff9383694f0b53339f2d35a Description A flaw exists within ShopSuite ModulithShop related to the RSA/OAuth2/Database component, resulting in the presence of hard-coded credentials. This issu...

Brightpick Mission Control 安全漏洞

Brightpick Mission Control is a centralized control platform for mission management from Brightpick USA. A security vulnerability exists in Brightpick Mission Control that stems from the inclusion of hard-coded credentials in a client-side JavaScript package...

AstrBot is vulnerable to RCE with hard-coded JWT signing keys

Summary AstrBot uses a hard-coded JWT signing key, allowing attackers to execute arbitrary commands by installing a malicious plugin. Details AstrBot uses a hard-coded JWT signing key, which allows attackers to bypass the authentication mechanism. Once bypassed, the attacker can install a Python...

Use of Hard-coded Credentials

Overview AstrBot is a 易上手的多平台 LLM 聊天机器人及开发框架 Affected versions of this package are vulnerable to Use of Hard-coded Credentials for signature verification. An attacker can gain unauthorized access and execute arbitrary commands by bypassing authentication using a hard-coded JWT signing key and...

GHSA-4M32-CJV7-F425 AstrBot is vulnerable to RCE with hard-coded JWT signing keys

Summary AstrBot uses a hard-coded JWT signing key, allowing attackers to execute arbitrary commands by installing a malicious plugin. Details AstrBot uses a hard-coded JWT signing key, which allows attackers to bypass the authentication mechanism. Once bypassed, the attacker can install a Python...