KNIME Business Hub 安全漏洞

KNIME Business Hub is KNIME's enterprise software for data science automation, deployment modeling, team collaboration and management workflows. A security vulnerability exists in KNIME Business Hub versions prior to 1.13.2, which stems from hard-coded passwords and could allow an unauthenticated...

Security Bulletin: Multiple Vulnerabilities in IBM Security Guardium Key Lifecycle Manager

Summary There are multiple vulnerabilities identified in IBM Security Guardium Key Lifecycle Manager. These vulnerabilties have been fixed in IBM Security Guardium Key Lifecycle Manager v4.2.0.2. Please apply the latest fix packs for the fixes. Vulnerability Details CVEID:CVE-2023-47704...

Security Bulletin: IBM Security Verify Governance is affected by multiple vulnerabilities

Summary Multiple security vulnerabilities have been addressed in the latest IBM Security Verify Governance release. Vulnerability Details CVEID:CVE-2023-33840 DESCRIPTION: IBM Security Verify Governance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary...

(0Day) CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the wireless hotspot. The issue results from...

Microhard 3G/4G Cellular Ethernet and Serial Gateway Use of Default Credentials (ZSL-2018-5480)

The devices utilizes hard-coded credentials within its Linux distribution image. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the gateway. Another vulnerability could allow an authenticated attacker to gain root access. The...

CVE-2025-2555

A vulnerability classified as problematic has been found in Audi Universal Traffic Recorder App 2.0. Affected is an unknown function of the component FTP Credentials. The manipulation leads to use of hard-coded password. Attacking locally is a requirement. The complexity of an attack is rather...

CVE-2025-2556

A vulnerability classified as problematic was found in Audi UTR Dashcam 2.0. Affected by this vulnerability is an unknown functionality of the component Video Stream Handler. The manipulation leads to hard-coded credentials. The attack can only be initiated within the local network. The exploit h...

CVE-2024-12433

A vulnerability in infiniflow/ragflow versions v0.12.0 allows for remote code execution. The RPC server in RagFlow uses a hard-coded AuthKey 'authkey=b'infiniflow-token4kevinhu'' which can be easily fetched by attackers to join the group communication without restrictions. Additionally, the serve...

CVE-2025-2556

A vulnerability classified as problematic was found in Audi UTR Dashcam 2.0. Affected by this vulnerability is an unknown functionality of the component Video Stream Handler. The manipulation leads to hard-coded credentials. The attack can only be initiated within the local network. The exploit h...

CVE-2025-2555

A vulnerability classified as problematic has been found in Audi Universal Traffic Recorder App 2.0. Affected is an unknown function of the component FTP Credentials. The manipulation leads to use of hard-coded password. Attacking locally is a requirement. The complexity of an attack is rather...

CVE-2025-2556

CVE-2025-2556 concerns Audi UTR Dashcam 2.0. The vulnerability affects the Video Stream Handler component, where hard-coded credentials enable exploitation within a local network. Public disclosure has occurred. Affected versions: 2.0; mitigations available: upgrade to 2.89 (new customers) or 2.9...

CVE-2025-2556 Audi UTR Dashcam Video Stream hard-coded credentials

A vulnerability classified as problematic was found in Audi UTR Dashcam 2.0. Affected by this vulnerability is an unknown functionality of the component Video Stream Handler. The manipulation leads to hard-coded credentials. The attack can only be initiated within the local network. The exploit h...

CVE-2025-2556 Audi UTR Dashcam Video Stream hard-coded credentials

A vulnerability classified as problematic was found in Audi UTR Dashcam 2.0. Affected by this vulnerability is an unknown functionality of the component Video Stream Handler. The manipulation leads to hard-coded credentials. The attack can only be initiated within the local network. The exploit h...

CVE-2025-2555 Audi Universal Traffic Recorder App FTP Credentials hard-coded password

A vulnerability classified as problematic has been found in Audi Universal Traffic Recorder App 2.0. Affected is an unknown function of the component FTP Credentials. The manipulation leads to use of hard-coded password. Attacking locally is a requirement. The complexity of an attack is rather...

CVE-2025-2555

Audi Universal Traffic Recorder App 2.0 is affected by CVE-2025-2555 due to a hard-coded password in the FTP Credentials component. The issue enables local attack exploitation; attack complexity is high and exploitation is disclosed publicly. Upgrading to version 2.89 (new customers) or 2.90 (exi...

CVE-2024-12433

A vulnerability in infiniflow/ragflow versions v0.12.0 allows for remote code execution. The RPC server in RagFlow uses a hard-coded AuthKey 'authkey=b'infiniflow-token4kevinhu'' which can be easily fetched by attackers to join the group communication without restrictions. Additionally, the serve...

CVE-2024-12433 Remote Code Execution in infiniflow/ragflow

A vulnerability in infiniflow/ragflow versions v0.12.0 allows for remote code execution. The RPC server in RagFlow uses a hard-coded AuthKey 'authkey=b'infiniflow-token4kevinhu'' which can be easily fetched by attackers to join the group communication without restrictions. Additionally, the serve...

CVE-2024-12433

CVE-2024-12433 affects infiniflow/ragflow v0.12.0. The RPC server uses a hard-coded AuthKey (authkey=b'infiniflow-token4kevinhu') and deserializes incoming data with pickle.loads() on connection.recv(), enabling remote code execution. Fixed in v0.14.0. A PoC/proof-of-concept is available in publi...

Esri ArcGIS Enterprise 信任管理问题漏洞

Esri Portal for ArcGIS is a Web-based geographic information system GIS platform. A hard-coded credentials vulnerability exists in Esri Portal for ArcGIS, which can be exploited by an attacker to gain administrative access to the system...

Audi Universal Traffic Recorder App 安全漏洞

The Audi Universal Traffic Recorder App is a special app for traffic recorders from Audi, which can be used to connect to a traffic recorder, view previews, lock videos, and other operations. A security vulnerability exists in the Audi Universal Traffic Recorder App version 2.0, which stems from...