8173 matches found
CVE-2025-2402
A hard-coded, non-random password for the object store minio of KNIME Business Hub in all versions except the ones listed below allows an unauthenticated remote attacker in possession of the password to read and manipulate swapped jobs or read and manipulate in- and output data of active jobs. It...
CVE-2025-2402 Hard-coded password for object store of KNIME Business Hub
A hard-coded, non-random password for the object store minio of KNIME Business Hub in all versions except the ones listed below allows an unauthenticated remote attacker in possession of the password to read and manipulate swapped jobs or read and manipulate in- and output data of active jobs. It...
CVE-2025-2402 Hard-coded password for object store of KNIME Business Hub
A hard-coded, non-random password for the object store minio of KNIME Business Hub in all versions except the ones listed below allows an unauthenticated remote attacker in possession of the password to read and manipulate swapped jobs or read and manipulate in- and output data of active jobs. It...
CVE-2025-2402
CVE-2025-2402 affects KNIME Business Hub. A hard-coded, non-random password for the object store (MinIO) in all versions except the listed fixes enables an unauthenticated attacker to read/manipulate swapped jobs or in/out data of active jobs, and can cause a denial-of-service by writing large da...
KNIME Business Hub 安全漏洞
KNIME Business Hub is KNIME's enterprise software for data science automation, deployment modeling, team collaboration and management workflows. A security vulnerability exists in KNIME Business Hub versions prior to 1.13.2, which stems from hard-coded passwords and could allow an unauthenticated...
Security Bulletin: Multiple Vulnerabilities in IBM Security Guardium Key Lifecycle Manager
Summary There are multiple vulnerabilities identified in IBM Security Guardium Key Lifecycle Manager. These vulnerabilties have been fixed in IBM Security Guardium Key Lifecycle Manager v4.2.0.2. Please apply the latest fix packs for the fixes. Vulnerability Details CVEID:CVE-2023-47704...
Security Bulletin: IBM Security Verify Governance is affected by multiple vulnerabilities
Summary Multiple security vulnerabilities have been addressed in the latest IBM Security Verify Governance release. Vulnerability Details CVEID:CVE-2023-33840 DESCRIPTION: IBM Security Verify Governance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary...
(0Day) CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authentication Bypass Vulnerability
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the wireless hotspot. The issue results from...
Microhard 3G/4G Cellular Ethernet and Serial Gateway Use of Default Credentials (ZSL-2018-5480)
The devices utilizes hard-coded credentials within its Linux distribution image. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the gateway. Another vulnerability could allow an authenticated attacker to gain root access. The...
CVE-2025-2555
A vulnerability classified as problematic has been found in Audi Universal Traffic Recorder App 2.0. Affected is an unknown function of the component FTP Credentials. The manipulation leads to use of hard-coded password. Attacking locally is a requirement. The complexity of an attack is rather...
CVE-2025-2556
A vulnerability classified as problematic was found in Audi UTR Dashcam 2.0. Affected by this vulnerability is an unknown functionality of the component Video Stream Handler. The manipulation leads to hard-coded credentials. The attack can only be initiated within the local network. The exploit h...
CVE-2024-12433
A vulnerability in infiniflow/ragflow versions v0.12.0 allows for remote code execution. The RPC server in RagFlow uses a hard-coded AuthKey 'authkey=b'infiniflow-token4kevinhu'' which can be easily fetched by attackers to join the group communication without restrictions. Additionally, the serve...
CVE-2025-2556
A vulnerability classified as problematic was found in Audi UTR Dashcam 2.0. Affected by this vulnerability is an unknown functionality of the component Video Stream Handler. The manipulation leads to hard-coded credentials. The attack can only be initiated within the local network. The exploit h...
CVE-2025-2555
A vulnerability classified as problematic has been found in Audi Universal Traffic Recorder App 2.0. Affected is an unknown function of the component FTP Credentials. The manipulation leads to use of hard-coded password. Attacking locally is a requirement. The complexity of an attack is rather...
CVE-2025-2556
CVE-2025-2556 concerns Audi UTR Dashcam 2.0. The vulnerability affects the Video Stream Handler component, where hard-coded credentials enable exploitation within a local network. Public disclosure has occurred. Affected versions: 2.0; mitigations available: upgrade to 2.89 (new customers) or 2.9...
CVE-2025-2556 Audi UTR Dashcam Video Stream hard-coded credentials
A vulnerability classified as problematic was found in Audi UTR Dashcam 2.0. Affected by this vulnerability is an unknown functionality of the component Video Stream Handler. The manipulation leads to hard-coded credentials. The attack can only be initiated within the local network. The exploit h...
CVE-2025-2556 Audi UTR Dashcam Video Stream hard-coded credentials
A vulnerability classified as problematic was found in Audi UTR Dashcam 2.0. Affected by this vulnerability is an unknown functionality of the component Video Stream Handler. The manipulation leads to hard-coded credentials. The attack can only be initiated within the local network. The exploit h...
CVE-2025-2555 Audi Universal Traffic Recorder App FTP Credentials hard-coded password
A vulnerability classified as problematic has been found in Audi Universal Traffic Recorder App 2.0. Affected is an unknown function of the component FTP Credentials. The manipulation leads to use of hard-coded password. Attacking locally is a requirement. The complexity of an attack is rather...
CVE-2025-2555
Audi Universal Traffic Recorder App 2.0 is affected by CVE-2025-2555 due to a hard-coded password in the FTP Credentials component. The issue enables local attack exploitation; attack complexity is high and exploitation is disclosed publicly. Upgrading to version 2.89 (new customers) or 2.90 (exi...
CVE-2024-12433
A vulnerability in infiniflow/ragflow versions v0.12.0 allows for remote code execution. The RPC server in RagFlow uses a hard-coded AuthKey 'authkey=b'infiniflow-token4kevinhu'' which can be easily fetched by attackers to join the group communication without restrictions. Additionally, the serve...