SUR-FBD CMMS 安全漏洞

SUR-FBD CMMS is a computerized maintenance management system from the Polish company SUR-FBD. A security vulnerability exists in SUR-FBD CMMS that stems from the presence of hard-coded credentials in a DLL file, which could lead to full control of the application...

Paxton10 安全漏洞

Paxton10 is a system that combines access control and video management features from Paxton UK. A security vulnerability exists in Paxton10 versions prior to 4.6 SR6, which stems from firmware containing hard-coded credentials that could lead to information disclosure and service interruption...

CVE-2025-7080

A vulnerability, which was classified as problematic, was found in Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17. Affected is an unknown function of the file internal/utils/jwtutils.go of the component JWT Token Handler. The manipulation of the argument accessSecret/refreshSecret wit...

Use of Hard-coded Password

Overview Affected versions of this package are vulnerable to Use of Hard-coded Password via the mySecret argument in the JWT Token Handler process. An attacker can gain unauthorized access to sensitive information by exploiting the presence of a hard-coded secret value in authentication mechanism...

CVE-2025-7079

A vulnerability, which was classified as problematic, has been found in mao888 bluebell-plus up to 2.3.0. This issue affects some unknown processing of the file bluebellbackend/pkg/jwt/jwt.go of the component JWT Token Handler. The manipulation of the argument mySecret with the input bluebell-plu...

CVE-2025-7079

A vulnerability, which was classified as problematic, has been found in mao888 bluebell-plus up to 2.3.0. This issue affects some unknown processing of the file bluebellbackend/pkg/jwt/jwt.go of the component JWT Token Handler. The manipulation of the argument mySecret with the input bluebell-plu...

CVE-2025-7080 Done-0 Jank JWT Token jwt_utils.go hard-coded password

A vulnerability, which was classified as problematic, was found in Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17. Affected is an unknown function of the file internal/utils/jwtutils.go of the component JWT Token Handler. The manipulation of the argument accessSecret/refreshSecret wit...

CVE-2025-7080

The CVE affects the Done-0 Jank JWT Token Handler (internal/utils/jwt_utils.go). The issue arises from manipulating the arguments accessSecret and refreshSecret (values jank-blog-secret and jank-blog-refresh-secret), which leads to use of a hard-coded password. Exploitation is possible remotely, ...

CVE-2025-7080 Done-0 Jank JWT Token jwt_utils.go hard-coded password

A vulnerability, which was classified as problematic, was found in Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17. Affected is an unknown function of the file internal/utils/jwtutils.go of the component JWT Token Handler. The manipulation of the argument accessSecret/refreshSecret wit...

CVE-2025-7079 mao888 bluebell-plus JWT Token jwt.go hard-coded password

A vulnerability, which was classified as problematic, has been found in mao888 bluebell-plus up to 2.3.0. This issue affects some unknown processing of the file bluebellbackend/pkg/jwt/jwt.go of the component JWT Token Handler. The manipulation of the argument mySecret with the input bluebell-plu...

CVE-2025-7079 mao888 bluebell-plus JWT Token jwt.go hard-coded password

A vulnerability, which was classified as problematic, has been found in mao888 bluebell-plus up to 2.3.0. This issue affects some unknown processing of the file bluebellbackend/pkg/jwt/jwt.go of the component JWT Token Handler. The manipulation of the argument mySecret with the input bluebell-plu...

CVE-2025-7079

The CVE affects mao888 bluebell-plus up to version 2.3.0, specifically the JWT Token Handler in bluebell_backend/pkg/jwt/jwt.go. The issue stems from manipulating the mySecret argument, which leads to a hard-coded password being used. Exploitation can be remote and the attack has high complexity;...

PT-2025-28072 · Unknown · Mao888 Bluebell-Plus

Name of the Vulnerable Software and Affected Versions: mao888 bluebell-plus versions up to 2.3.0 Description: A problematic vulnerability has been found in the JWT Token Handler component, affecting the processing of the file bluebell backend/pkg/jwt/jwt.go. The issue involves the manipulation of...

bluebell-plus 安全漏洞

bluebell-plus is a blog forum web project by ChaoHu personal developer. A security vulnerability exists in bluebell-plus version 2.3.0 and earlier, which stems from the use of a hard-coded password for the parameter mySecret in the bluebellbackend/pkg/jwt/jwt.go file...

Jank 安全漏洞

Jank is a lightweight blogging system by the individual developer Fender. Jank has a security vulnerability that stems from the use of hard-coded passwords for the parameters accessSecret/refreshSecret in the file internal/utils/jwtutils.go...

PT-2025-28073 · Unknown · Done-0 Jank

Name of the Vulnerable Software and Affected Versions: Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17 Description: A problematic issue was found in the JWT Token Handler component, specifically in the file internal/utils/jwt utils.go. The manipulation of the accessSecret/refreshSecret...

CVE-2025-6071

Use of Hard-coded Cryptographic Key vulnerability in ABB RMC-100, ABB RMC-100 LITE. An attacker can gain access to salted information to decrypt MQTT information. This issue affects RMC-100: from 2105457-043 through 2105457-045; RMC-100 LITE: from 2106229-015 through 2106229-016...

CVE-2025-6074

Use of Hard-coded Cryptographic Key vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and an attacker gains access to source code and control network, the attacker can bypass the REST interface authentication and gain access to MQTT configuration data...

AZL-65577 CVE-2025-53605 affecting package kata-containers-cc 3.2.0.azl2-8

The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::codedinputstream::CodedInputStream::skipgroup parsing of unknown fields in untrusted input...

Cisco Unified Communications Manager (CUCM) Static SSH Credentials (cisco-sa-cucm-ssh-m4UBdpE7)

According to its self-reported version, Cisco Unified Communications Products is affected by a hard-coded credentials vulnerability. - A vulnerability in Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow ...