CVE-2025-58426

desknet's NEO V4.0R1.0 to V9.0R2.0 contains a hard-coded cryptographic key, which allows an attacker to create malicious AppSuite applications...

CVE-2025-58426

desknet's NEO V4.0R1.0 to V9.0R2.0 contains a hard-coded cryptographic key, which allows an attacker to create malicious AppSuite applications...

CVE-2025-58426

The CVE concerns desknet’s NEO across versions V4.0R1.0–V9.0R2.0, where a hard-coded cryptographic key enables an attacker to create malicious AppSuite applications. This is the underlying root cause described in multiple connected sources, with impact stated as attacker-authored AppSuite apps be...

Multiple vulnerabilities in desknet's NEO

Overview desknets NEO provided by NEOJAPAN Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting CWE-79 - CVE-2025-24833, CVE-2025-54760, CVE-2025-55072 Reflected cross-site scripting CWE-79 - CVE-2025-52583 Stored cross-site scripting CWE-79 - CVE-2025-54859 Improper...

WordPress plugin Felan Framework 信任管理问题漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language.WordPress plugin is an application plugin. A vulnerability exists in the WordPress Felan Framework, which is caused by the presence of hard-coded passwords in the fbajaxloginorregister function and t...

H3C Magic M安全漏洞

H3C Magic M is a series of wireless routers from China's Xinhua San H3C. A security vulnerability exists in H3C Magic M. The vulnerability stems from the use of hard-coded weak passwords or unset passwords in the firmware, which could allow an attacker to gain maximum root privileges via Telnet...

CVE-2025-61330

CVE-2025-61330 affects H3C Magic-branded devices. The root cause is a hard-coded weak password (or no password) for the root account in /etc/shadow, with Telnet enabled by default or user-enabled, and Virtual Servers exposing devices to the public network. This enables remote attacker access to r...

ATLAS-EPIC 安全漏洞

ATLAS-EPIC is a data processing application by gsiegel14 individual developer. ATLAS-EPIC has a security vulnerability that stems from the use of hard-coded credentials...

CVE-2025-61330

A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems from the use of a hard-coded weak password for the root account in the /etc/shadow configuration or even the absence of any password a...

Desknets Neo 安全漏洞

Desknets Neo is a remote office support software from Desknets Japan. A security vulnerability exists in Desknets Neo versions V4.0R1.0 through V9.0R2.0, which stems from the use of a hard-coded encryption key, which could allow an attacker to create a malicious AppSuite application...

CVE-2025-61330

A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems from the use of a hard-coded weak password for the root account in the /etc/shadow configuration or even the absence of any password a...

go-witness is Vulnerable to Improper Verification of AWS EC2 Identity Documents

Impact This vulnerability only affects users of the AWS attestor. Users of the AWS attestor could have unknowingly received a forged identity document. While this may seem unlikely, AWS recently issued a security bulletin about IMDS Instance Metadata Service impersonation.^1 There are multiple...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation via improper verification of AWS EC2 identity documents in the aws-iid process. An attacker can cause the system to accept forged identity documents by providing documents with missing or invalid...

Creativeitem Academy LMS 安全漏洞

Creativeitem Academy LMS is an online learning management system from Creativeitem Bangladesh. A security vulnerability exists in Creativeitem Academy LMS version 6.14 and earlier, which stems from the use of a hard-coded default JWT key for token signing, which could lead to authentication bypas...

Hospital Management System session function hard-coded key vulnerability

Hospital Management System a hospital management system. Hospital Management System has a hard-coded key vulnerability that arises from the incorrect manipulation of the secret parameter by the session function in the express-session component, for which no detailed vulnerability details are...

CVE-2025-11666

A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file forceupgrade.sh of the component Firmware Update Handler. Executing manipulation of the argument currentforceupgradepwd can lead to use of hard-coded password. The attack can only be executed...

CVE-2025-36087

IBM Security Verify Access 10.0.0 through 10.0.9, 11.0.0, IBM Verify Identity Access Container 10.0.0 through 10.0.9, and 11.0.0, under certain configurations, contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound...

CVE-2025-11649

A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the component Root Account Handler. Performing manipulation results in use of hard-coded password. The attack must be initiated from a local position. The attack is considered to have hig...

CVE-2025-11643

A security flaw has been discovered in Tomofun Furbo 360 and Furbo Mini. Affected by this vulnerability is an unknown functionality of the file /squashfs-root/furboimg of the component MQTT Client Certificate. Performing manipulation results in hard-coded credentials. The attack may be initiated...

EUVD-2025-34055

A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file forceupgrade.sh of the component Firmware Update Handler. Executing manipulation of the argument currentforceupgradepwd can lead to use of hard-coded password. The attack can only be executed...