AiKaan Cloud Controller 安全漏洞

AiKaan Cloud Controller is a monitoring platform for Internet edge devices from AiKaan India. AiKaan Cloud Controller has a security vulnerability that stems from remote endpoint access using a hard-coded SSH private key and username proxyuser, which could allow an attacker to impersonate a manag...

AiKaan IoT management platform 安全漏洞

Aikaan IoT management platform is a management platform from Aikaan India. AiKaan IoT management platform suffers from a security vulnerability that stems from insufficiently hardened proxyuser accounts and the use of a shared hard-coded SSH private key, which could lead to remote code execution,...

PT-2025-38931

Name of the Vulnerable Software and Affected Versions weDevs WP Project Manager versions through 2.6.25 Description The software contains hard-coded credentials, potentially allowing retrieval of embedded sensitive data. Recommendations Update weDevs WP Project Manager to a version later than...

WordPress plugin WP Project Manager 信任管理问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A vulnerabilit...

PPress 安全漏洞

PPress is a Python-based blogging CMS system by the individual developer yandaozi. A security vulnerability exists in PPress version 0.0.9, which stems from hard-coded credentials included in the default configuration...

SUSE CVE-2025-39839

In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix OOB read/write in network-coding decode batadvncskbdecodepacket trusts codedlen and checks only against skb-len. XOR starts at sizeofstruct batadvunicastpacket, reducing payload headroom, and the source skb length...

AZL-67514 CVE-2025-39839 affecting package kernel for versions less than 6.6.112.1-1

In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix OOB read/write in network-coding decode batadvncskbdecodepacket trusts codedlen and checks only against skb-len. XOR starts at sizeofstruct batadvunicastpacket, reducing payload headroom, and the source skb length...

UBUNTU-CVE-2025-39839

In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix OOB read/write in network-coding decode batadvncskbdecodepacket trusts codedlen and checks only against skb-len. XOR starts at sizeofstruct batadvunicastpacket, reducing payload headroom, and the source skb length...

CVE-2024-48842

Use of Hard-coded Credentials vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5 and newer versions...

CVE-2025-39839 batman-adv: fix OOB read/write in network-coding decode

In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix OOB read/write in network-coding decode batadvncskbdecodepacket trusts codedlen and checks only against skb-len. XOR starts at sizeofstruct batadvunicastpacket, reducing payload headroom, and the source skb length...

CVE-2025-39839 batman-adv: fix OOB read/write in network-coding decode

In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix OOB read/write in network-coding decode batadvncskbdecodepacket trusts codedlen and checks only against skb-len. XOR starts at sizeofstruct batadvunicastpacket, reducing payload headroom, and the source skb length...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unvalidated codedlen length that could lead to out-of-bounds reads and out-of-bounds writes...

PT-2025-38546

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The batadv nc skb decode packet function in the batman-adv module does not properly validate the coded len variable, potentially leading to out-of-bounds read and write issues during...

CVE-2025-54754

An attacker with adjacent access, without authentication, can exploit this vulnerability to retrieve a hard-coded password embedded in publicly available software. This password can then be used to decrypt sensitive network traffic, affecting the Cognex device...

CVE-2025-54754 Cognex In-Sight Explorer and In-Sight Camera Firmware Use of Hard-coded Password

An attacker with adjacent access, without authentication, can exploit this vulnerability to retrieve a hard-coded password embedded in publicly available software. This password can then be used to decrypt sensitive network traffic, affecting the Cognex device...

CVE-2025-54754

CVE-2025-54754 affects Cognex In-Sight Explorer and In-Sight Camera firmware. The vulnerability arises from a hard-coded password embedded in publicly available software, which an adjacent attacker with no authentication can retrieve to decrypt sensitive network traffic on Cognex devices. Documen...

CVE-2025-54754 Cognex In-Sight Explorer and In-Sight Camera Firmware Use of Hard-coded Password

An attacker with adjacent access, without authentication, can exploit this vulnerability to retrieve a hard-coded password embedded in publicly available software. This password can then be used to decrypt sensitive network traffic, affecting the Cognex device...

CVE-2025-54807

CVE-2025-54807 affects Dover Fueling Solutions ProGauge MagLink LX4 devices and related MAGLINK LX Console family. The root cause is a hard-coded cryptographic key used to validate authentication tokens embedded in affected device firmware. This allows an attacker who obtains the signing key to b...

CVE-2025-54807 Dover Fueling Solutions ProGauge MagLink LX 4 Devices Use of Hard-coded Cryptographic Key

The secret used for validating authentication tokens is hardcoded in device firmware for affected versions. An attacker who obtains the signing key can bypass authentication, gaining complete access to the system...

CVE-2025-54807 Dover Fueling Solutions ProGauge MagLink LX 4 Devices Use of Hard-coded Cryptographic Key

The secret used for validating authentication tokens is hardcoded in device firmware for affected versions. An attacker who obtains the signing key can bypass authentication, gaining complete access to the system...