CVE-2025-49551 ColdFusion | Use of Hard-coded Credentials (CWE-798)

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a Use of Hard-coded Credentials vulnerability that could result in privilege escalation. An attacker could leverage this vulnerability to gain unauthorized access to sensitive systems or data. Exploitation of this issue does...

CVE-2025-49551 ColdFusion | Use of Hard-coded Credentials (CWE-798)

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a Use of Hard-coded Credentials vulnerability that could result in privilege escalation. An attacker could leverage this vulnerability to gain unauthorized access to sensitive systems or data. Exploitation of this issue does...

CVE-2025-37103

Hard-coded login credentials were found in HPE Networking Instant On Access Points, allowing anyone with knowledge of it to bypass normal device authentication. Successful exploitation could allow a remote attacker to gain administrative access to the system...

CVE-2025-37103

CVE-2025-37103 affects HPE Networking Instant On Access Points. The description across sources confirms hard-coded login credentials allow bypass of normal device authentication, enabling a remote attacker to gain administrative access. Affected products include HPE Networking Instant On Access P...

CVE-2025-7080

A vulnerability, which was classified as problematic, was found in Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17. Affected is an unknown function of the file internal/utils/jwtutils.go of the component JWT Token Handler. The manipulation of the argument accessSecret/refreshSecret wit...

CVE-2025-7079

A vulnerability, which was classified as problematic, has been found in mao888 bluebell-plus up to 2.3.0. This issue affects some unknown processing of the file bluebellbackend/pkg/jwt/jwt.go of the component JWT Token Handler. The manipulation of the argument mySecret with the input bluebell-plu...

PT-2025-28660 · Hewlett Packard · Hpe Networking Instant On Access Points

Name of the Vulnerable Software and Affected Versions: HPE Networking Instant On Access Points versions 3.2.0 and earlier HPE Aruba Instant On Access Points versions 3.2.0.1 and earlier Aruba Instant On APs versions 3.2.0 and earlier Description: HPE Networking and Aruba Instant On Access Points...

HPE Networking Instant On Access Points 安全漏洞

HPE Networking Instant On Access Points is a wireless network access point from HPE America. A security vulnerability exists in HPE Networking Instant On Access Points that stems from hard-coded login credentials that could lead to bypassing device authentication...

PT-2025-28754 · Adobe · Coldfusion

Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier Description: The issue is related to the use of hard-coded credentials, which could result in privilege escalation. An attacker could leverage this to gain unauthorized access to...

Adobe ColdFusion 信任管理问题漏洞

Adobe ColdFusion is a dynamic Web server platform maintained by Adobe. Adobe ColdFusion suffers from a trust management issue vulnerability that stems from the use of hard-coded credentials, which can be exploited by an attacker to cause elevation of privilege...

WordPress plugin Support Board 安全漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2025-52492

A vulnerability has been discovered in the firmware of Paxton Paxton10 before 4.6 SR6. The firmware file, rootfs.tar.gz, contains hard-coded credentials for the Twilio API. A remote attacker who obtains a copy of the firmware can extract these credentials. This could allow the attacker to gain...

CVE-2025-3920

A vulnerability was identified in SUR-FBD CMMS where hard-coded credentials were found within a compiled DLL file. These credentials correspond to a built-in administrative account of the software. An attacker with local access to the system or the application's installation directory could extra...

CVE-2025-3920 Hard-coded Password in SUR-FBD CMMS

A vulnerability was identified in SUR-FBD CMMS where hard-coded credentials were found within a compiled DLL file. These credentials correspond to a built-in administrative account of the software. An attacker with local access to the system or the application's installation directory could extra...

CVE-2025-3920 Hard-coded Password in SUR-FBD CMMS

A vulnerability was identified in SUR-FBD CMMS where hard-coded credentials were found within a compiled DLL file. These credentials correspond to a built-in administrative account of the software. An attacker with local access to the system or the application's installation directory could extra...

CVE-2025-3920

CVE-2025-3920 affects SUR-FBD CMMS: hard-coded credentials exist inside a compiled DLL that maps to a built-in admin account. An attacker with local access could extract these credentials and potentially fully compromise the application's administrative functions. The issue has been fixed in vers...

CVE-2025-52492

In Paxton Paxton10 firmware (versions before 4.6 SR6), the rootfs.tar.gz payload contains hard-coded Twilio API credentials. A remote attacker who obtains a firmware copy can extract these credentials, potentially gaining unauthorized access to the associated Twilio account, leading to informatio...

CVE-2025-52492

A vulnerability has been discovered in the firmware of Paxton Paxton10 before 4.6 SR6. The firmware file, rootfs.tar.gz, contains hard-coded credentials for the Twilio API. A remote attacker who obtains a copy of the firmware can extract these credentials. This could allow the attacker to gain...

PT-2025-28141 · Unknown · Sur-Fbd Cmms

Name of the Vulnerable Software and Affected Versions: SUR-FBD CMMS versions prior to 2025.03.27 Description: A vulnerability was identified in SUR-FBD CMMS where hard-coded credentials were found within a compiled DLL file. These credentials correspond to a built-in administrative account of the...

PT-2025-28185 · Twilio +1 · Twilio Api +1

Name of the Vulnerable Software and Affected Versions: Paxton10 versions prior to 4.6 SR6 Description: A vulnerability has been discovered in the firmware of Paxton10, where the firmware file, rootfs.tar.gz, contains hard-coded credentials for the Twilio API. A remote attacker who obtains a copy ...