CVE-2025-49151 Use of Hard-coded, Security-relevant Constants in MICROSENS NMP Web+

The affected products could allow an unauthenticated attacker to generate forged JSON Web Tokens JWT to bypass authentication...

sublinkX 安全漏洞

sublinkX is an open source node subscription conversion generation management system by Chen Hui, an individual developer. A security vulnerability exists in sublinkX 1.8 and earlier versions, which stems from the use of hard-coded keys in the file middlewares/jwt.go...

Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability

Fortinet FortiOS contains a use of hard-coded credentials vulnerability that could allow an attacker to cipher sensitive data in FortiOS configuration backup file via knowledge of the hard-coded key...

PT-2025-26909 · Sublinkx · Sublinkx

Name of the Vulnerable Software and Affected Versions: gooaclok819 sublinkX versions up to 1.8 Description: A vulnerability was found in the unknown code of the file middlewares/jwt.go. The manipulation with the input sublink leads to the use of a hard-coded cryptographic key. The attack can be...

CVE-2025-4378

Cleartext Transmission of Sensitive Information, Use of Hard-coded Credentials vulnerability in Ataturk University ATA-AOF Mobile Application allows Authentication Abuse, Authentication Bypass. This issue affects ATA-AOF Mobile Application: before 20.06.2025...

CVE-2025-4378

Cleartext Transmission of Sensitive Information, Use of Hard-coded Credentials vulnerability in Ataturk University ATA-AOF Mobile Application allows Authentication Abuse, Authentication Bypass. This issue affects ATA-AOF Mobile Application: before 20.06.2025...

5V Technologies Blue Angel Software Suite 安全漏洞

5V Technologies Blue Angel Software Suite is a management and control software suite deployed on embedded Linux devices from 5V Technologies, Taiwan, China. A security vulnerability exists in 5V Technologies Blue Angel Software Suite that stems from the presence of hard-coded credentials that cou...

TOTOLINK T10 Trust Management Issue Vulnerability

TOTOLINK T10 is a wireless network system router from China's Gion Electronics TOTOLINK. The TOTOLINK T10 suffers from a trust management issue vulnerability that stems from the use of hard-coded passwords in the file /etc/shadow.sample. An attacker could exploit the vulnerability to cause...

PT-2025-26759

Name of the Vulnerable Software and Affected Versions: Ataturk University ATA-AOF Mobile Application versions prior to 20.06.2025 Description: The issue affects the Ataturk University ATA-AOF Mobile Application, allowing for authentication abuse and bypass due to cleartext transmission of sensiti...

VulnCheck KEV: CVE-2023-22463

KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Furthermor...

Detecting Hard-Coded Credentials in Software Repositories Via LLMs

Software developers frequently hard-code credentials such as passwords, generic secrets, private keys, and generic tokens in software repositories, even though it is strictly advised against due to the severe threat to the security of the software. These credentials create attack surfaces...

CVE-2025-6139

A vulnerability, which was classified as problematic, has been found in TOTOLINK T10 4.1.8cu.5207. Affected by this issue is some unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can only be initiated within the local network...

D-Link DPH-400S/SE VoIP Phone 安全漏洞

D-Link DPH-400S/SE VoIP Phone is a VoIP phone from China AUO D-Link. A security vulnerability exists in D-Link DPH-400S/SE VoIP Phone version v1.01, which originates from hard-coded credentials and could lead to the disclosure of sensitive information...

Hard-Coded 'b' Password in Sitecore XP Sparks Major RCE Risk in Enterprise Deployments

Cybersecurity researchers have disclosed three security flaws in the popular Sitecore Experience Platform XP that could be chained to achieve pre-authenticated remote code execution. Sitecore Experience Platform is an enterprise-oriented software that provides users with tools for content...

Unspecified Vulnerability in Ivanti Workspace Control (CNVD-2025-15108)

Ivanti Workspace Control is a desktop management solution from Ivanti. Ivanti Workspace Control suffers from a security vulnerability that originates from hard-coded keys, which can be exploited by an attacker to decrypt stored SQL credentials...

Sitecore Experience Platform和Sitecore Experience Manager 信任管理问题漏洞

Sitecore Experience Platform XP and Sitecore Experience Manager XM are both products of Sitecore, Denmark.Sitecore Experience Platform is a suite of customer digital experience platforms.Sitecore Sitecore Experience Platform is a customer digital experience platform and Sitecore Experience Manage...

Unspecified Vulnerability in Ivanti Workspace Control

Ivanti Workspace Control is a desktop management solution from Ivanti. A security vulnerability exists in Ivanti Workspace Control, which is rooted in a hard-coded key that can be exploited by an attacker to decrypt stored environment variable credentials and obtain sensitive information...

CVE-2025-6139

A vulnerability, which was classified as problematic, has been found in TOTOLINK T10 4.1.8cu.5207. Affected by this issue is some unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can only be initiated within the local network...

CVE-2025-6139

A vulnerability, which was classified as problematic, has been found in TOTOLINK T10 4.1.8cu.5207. Affected by this issue is some unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can only be initiated within the local network...

CVE-2025-6139 TOTOLINK T10 shadow.sample hard-coded password

A vulnerability, which was classified as problematic, has been found in TOTOLINK T10 4.1.8cu.5207. Affected by this issue is some unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can only be initiated within the local network...