8143 matches found
CVE-2025-8974 linlinjava litemall JSON Web Token JwtHelper.java hard-coded credentials
A vulnerability was determined in linlinjava litemall up to 1.8.0. Affected by this issue is some unknown functionality of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/util/JwtHelper.java of the component JSON Web Token Handler. The manipulation of the argument SECRET with th...
CVE-2025-26398
SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle MITM attack against users. This vulnerability requires additional software not installed by default, local access to the server and...
litemall 安全漏洞
litemall is a small mall system for linlinjava individual developers. A security vulnerability exists in litemall 1.8.0 and earlier versions, which stems from the incorrect manipulation of the parameter SECRET in the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/util/JwtHelper.jav...
PT-2025-33360 · Linlinjava · Litemall
Name of the Vulnerable Software and Affected Versions: linlinjava litemall versions up to 1.8.0 Description: A vulnerability exists in linlinjava litemall up to version 1.8.0, specifically within the JSON Web Token Handler component, located in the file...
CVE-2025-43982
Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by default. There is a hidden hard-coded root account that cannot be disabled in the GUI...
CVE-2025-54465
This vulnerability exists in ZKTeco WL20 due to hard-coded MQTT credentials and endpoints stored in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and analyzing the binary data to retrieve the hard-coded MQTT...
CVE-2025-55279 Hard-coded Private Key Vulnerability in ZKTeco WL20
This vulnerability exists in ZKTeco WL20 due to hard-coded private key stored in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and analyzing the binary data to retrieve private key stored in the firmware of the...
CVE-2025-55279
CVE-2025-55279 concerns ZKTeco WL20, where a hard-coded private key stored in plaintext in the device firmware is exposed. An attacker with physical access can extract the firmware, analyze the binary, and retrieve the private key, enabling unauthorized decryption of data and Man-in-the-Middle at...
CVE-2025-54465 Hard-coded Credentials Vulnerability in ZKTeco WL20
This vulnerability exists in ZKTeco WL20 due to hard-coded MQTT credentials and endpoints stored in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and analyzing the binary data to retrieve the hard-coded MQTT...
CVE-2025-54465
CVE-2025-54465 affects ZKTeco WL20. The vulnerability arises from hard-coded MQTT credentials and endpoints stored in plaintext in the device firmware. An attacker with physical access can extract the firmware and read the hard-coded credentials/endpoints from the binary, gaining unauthorized acc...
CVE-2025-54465 Hard-coded Credentials Vulnerability in ZKTeco WL20
This vulnerability exists in ZKTeco WL20 due to hard-coded MQTT credentials and endpoints stored in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and analyzing the binary data to retrieve the hard-coded MQTT...
Tuoshi NR500-EA 安全漏洞
Tuoshi NR500-EA is a wireless router from Tuoshi China. A security vulnerability exists in Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43, which stems from the default enablement of SSH service and the presence of a hard-coded root account...
ZKTeco WL20 信任管理问题漏洞
The ZKTeco WL20 is a smart fingerprint time and attendance machine from China's Entropy Base Technology ZKTeco. The ZKTeco WL20 suffers from a Trust Management Issue vulnerability that stems from hard-coded MQTT credentials and endpoints stored in the device's firmware, which could lead to a...
ZKTeco WL20 信任管理问题漏洞
The ZKTeco WL20 is an intelligent fingerprint time and attendance machine from China's Entropy Base Technology ZKTeco. The ZKTeco WL20 suffers from a trust management issue vulnerability that stems from a hard-coded private key stored in the device firmware, which could allow a physical access...
PT-2025-33067 · Unknown · Shenzhen Tuoshi Nr500-Ea +1
Name of the Vulnerable Software and Affected Versions: Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLIC version 3.4.2731.16.43 Description: Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLIC devices enable the SSH service by default. A hidden, hard-coded root account exists that cannot be disabled through th...
CVE-2025-43982
CVE-2025-43982 affects Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLIC devices (v3.4.2731.16.43). The underlying issue: SSH service is enabled by default and a hard-coded root account cannot be disabled via the GUI. Impact is described as high for confidentiality, integrity, and availability with net...
curl: Exposure of Hard-coded Private Keys and Credentials in curl Source Repository (CWE-321)
Multiple private/test RSA keys and example credentials were discovered embedded in the public curl source repository and associated documentation. These sensitive secrets were detected using automated tools gitleaks and manual review. Their presence could allow attackers to impersonate trusted cu...
CVE-2025-26398
SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle MITM attack against users. This vulnerability requires additional software not installed by default, local access to the server and...
CVE-2025-26398
SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle MITM attack against users. This vulnerability requires additional software not installed by default, local access to the server and...
CVE-2025-26398 SolarWinds Database Performance Analyzer Hard-coded Cryptographic Key Vulnerability
SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle MITM attack against users. This vulnerability requires additional software not installed by default, local access to the server and...