CVE-2025-9310

The CVE-2025-9310 entry concerns yeqifu carRental (Druid component) with vulnerability in an unknown function of the file /carRental_war/druid/login.html. The issue can lead to hard-coded credentials and is exploitable remotely; the exploit has been publicly disclosed. There are no version detail...

CVE-2025-9310 yeqifu carRental Druid login.html hard-coded credentials

A vulnerability was determined in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. Affected by this vulnerability is an unknown functionality of the file /carRentalwar/druid/login.html of the component Druid. Executing manipulation can lead to hard-coded credentials. The attack ma...

CVE-2025-9310 yeqifu carRental Druid login.html hard-coded credentials

A vulnerability was determined in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. Affected by this vulnerability is an unknown functionality of the file /carRentalwar/druid/login.html of the component Druid. Executing manipulation can lead to hard-coded credentials. The attack ma...

CVE-2025-9309 Tenda AC10 MD5 Hash shadow hard-coded credentials

A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etcro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is needed for the...

CVE-2025-9309

CVE-2025-9309 affects Tenda AC10 16.03.10.13. The vulnerability lies in the MD5 Hash Handler component, specifically an unknown function within the "/etc_ro/shadow" file, where manipulation leads to hard-coded credentials. Exploitation requires local access and is described as high complexity, wi...

CVE-2025-9309 Tenda AC10 MD5 Hash shadow hard-coded credentials

A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etcro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is needed for the...

Tenda AC10 安全漏洞

Tenda AC10 is a wireless router from Tenda China. A security vulnerability exists in Tenda AC10 version 16.03.10.13, which originates from hard-coded credentials...

hippo4j 安全漏洞

hippo4j is an asynchronous thread pooling framework from opengoofy open source. A security vulnerability exists in hippo4j versions 1.0.0 through 1.5.0, which stems from the use of hard-coded keys in JWT creation, which could lead to the forgery of valid access tokens...

CVE-2025-51606

hippo4j 1.0.0 to 1.5.0, uses a hard-coded secret key in its JWT JSON Web Token creation. This allows attackers with access to the source code or compiled binary to forge valid access tokens and impersonate any user, including privileged ones such as "admin". The vulnerability poses a critical...

hippo4j Includes Hard Coded Secret Key in JWT Creation

hippo4j 1.0.0 to 1.5.0, uses a hard-coded secret key in its JWT JSON Web Token creation. This allows attackers with access to the source code or compiled binary to forge valid access tokens and impersonate any user, including privileged ones such as "admin". The vulnerability poses a critical...

CVE-2025-51606

hippo4j 1.0.0 to 1.5.0, uses a hard-coded secret key in its JWT JSON Web Token creation. This allows attackers with access to the source code or compiled binary to forge valid access tokens and impersonate any user, including privileged ones such as "admin". The vulnerability poses a critical...

carRental 安全漏洞

carRental is a car rental software from carRental, Inc. A security vulnerability exists in carRental that stems from hard-coded credentials...

PT-2025-34299 · Hippo4J · Hippo4J

Name of the Vulnerable Software and Affected Versions: hippo4j versions 1.0.0 through 1.5.0 Description: hippo4j uses a hard-coded secret key in its JWT JSON Web Token creation. This allows attackers with access to the source code or compiled binary to forge valid access tokens and impersonate an...

PT-2025-34252 · Druid +1 · Druid +1

Name of the Vulnerable Software and Affected Versions: yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3 Description: A vulnerability exists in yeqifu carRental related to an unknown functionality within the /carRental war/druid/login.html file of the Druid component. This allows fo...

CVE-2025-33100

IBM Concert Software 1.0.0 through 1.1.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data...

Tenda AC20 Hardcoded Credentials Vulnerability

Tenda AC20 is a home router from Tenda. The Tenda AC20 suffers from a hard-coded credentials vulnerability that originates from the presence of hard-coded credentials in the file /etcro/shadow. An attacker can exploit the vulnerability to cause confidentiality to be compromised...

CVE-2025-9091

A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etcro/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high...

IBM Concert Software Trust Management Issues Vulnerabilities

IBM Concert Software is IBM's generative AI-driven automated application management and monitoring tool based on the WatsonX platform, focused on optimizing the operational efficiency and reliability of applications. IBM Concert Software has a trust management issue vulnerability that stems from...

CVE-2025-33100

IBM Concert Software 1.0.0 through 1.1.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data...

CVE-2025-33100

IBM Concert Software 1.0.0 through 1.1.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data...