8038 matches found
PT-2026-33632
A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown processing of the file /public/install/lp.sql of the component API Upload Endpoint. Such manipulation of the argument key leads to hard-coded credentials. The attack may be performed from remote. The...
CVE-2026-32324 Anviz CX7 Firmware Use of Hard-coded Cryptographic Key
Anviz CX7 Firmware is vulnerable because the application embeds reusable certificate/key material, enabling decryption of MQTT traffic and potential interaction with device messaging channels at scale...
CVE-2026-32324 Anviz CX7 Firmware Use of Hard-coded Cryptographic Key
Anviz CX7 Firmware is vulnerable because the application embeds reusable certificate/key material, enabling decryption of MQTT traffic and potential interaction with device messaging channels at scale...
CVE-2026-32324
The CVE-2026-32324 entry concerns Anviz CX7 Firmware. The affected software is the CX7 firmware’s application, which is reported to embed reusable certificate/key material. This configuration enables decryption of MQTT traffic and could allow interaction with device messaging channels at scale. T...
Use of Hard-coded Credentials
Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Use of Hard-coded Credentials via the weak default TOKENHASHSECRET. An attacker can access sensitive internal identifiers by decrypting the meta field in JWT tokens when the default secret is used,...
Use of Hard-coded Credentials
Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Use of Hard-coded Credentials due to the use of a weak default value for the secret parameter in session management when the EXPRESSSESSIONSECRET environment variable is not set. An attacker can impersonate...
EUVD-2026-23271
Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks...
Digital Knowledge KnowledgeDeliver 安全漏洞
Digital Knowledge KnowledgeDeliver is an online learning management system developed by Digital Knowledge Company. Versions of Digital Knowledge KnowledgeDeliver prior to February 24, 2026, contained security vulnerabilities. These vulnerabilities stemmed from hard-coded ASP.NET/IIS machineKey...
EUVD-2026-23031
CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process user. Exploitatio...
Use of Hard-coded Credentials
Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials when the nexus.orient.binaryListenerEnabled configuration is set to true. This option is set by default in legacy HA-C mode, but not in standalone deployments, including HA deployments. An attacker can gain...
CVE-2026-5189
CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process user. Exploitatio...
CVE-2026-5189
CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process user. Exploitatio...
PT-2026-33132
CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process user. Exploitatio...
Sonatype Nexus Repository Manager 安全漏洞
Sonatype Nexus Repository Manager NXRM is a repository manager developed by Sonatype, Inc., in the United States. It is primarily used for managing, storing, and distributing software. Versions of Sonatype Nexus Repository Manager from 3.0.0 to 3.70.5 have security vulnerabilities. These...
EUVD-2026-22310
CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able to interrogate the SNMP port...
EUVD-2026-22339
A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via...
CVE-2026-4832
CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able to interrogate the SNMP port...
CVE-2026-39810
A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via decrypting database dump...
CVE-2026-39810
A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via decrypting database dump...
CVE-2026-39810
A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via decrypting database dump...