CVE-2025-9497

Use of Hard-coded Credentials vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.0...

CVE-2025-9497

Use of Hard-coded Credentials vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.0...

CVE-2026-4993

A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function of the file backend/openui/config.py. The manipulation of the argument LITELLMMASTERKEY leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the...

CVE-2026-4993

A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function of the file backend/openui/config.py. The manipulation of the argument LITELLMMASTERKEY leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the...

CVE-2026-4993 wandb OpenUI config.py hard-coded credentials

A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function of the file backend/openui/config.py. The manipulation of the argument LITELLMMASTERKEY leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the...

CVE-2026-4993

Wandb OpenUI (up to 0.0.0.0/1.0) is affected by a vulnerability in backend/openui/config.py where manipulation of LITELLM_MASTER_KEY leads to hard-coded credentials. The issue enables a local attacker and the exploit has been disclosed publicly; vendor response was not provided. No further techni...

CVE-2026-4993 wandb OpenUI config.py hard-coded credentials

A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function of the file backend/openui/config.py. The manipulation of the argument LITELLMMASTERKEY leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the...

PT-2026-28307

Name of the Vulnerable Software and Affected Versions Microchip Time Provider 4100 versions prior to 2.5.0 Description A use of hard-coded credentials issue exists in Microchip Time Provider 4100, potentially allowing for malicious manual software updates. Recommendations Update Microchip Time...

PT-2026-28711

Name of the Vulnerable Software and Affected Versions wandb OpenUI versions up to 0.0.0.0/1.0 Description A security issue exists in wandb OpenUI related to hard-coded credentials. The manipulation of the LITELLM MASTER KEY argument within the file backend/openui/config.py can lead to exposure of...

Microchip Time Provider 4100 安全漏洞

Microchip Time Provider 4100 is a precision time gateway developed by the American company Microchip. Versions of Microchip Time Provider 4100 prior to version 2.5.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of hard-coded credentials, which could lead to...

CVE-2021-27438

The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 all firmware versions prior to 02A04.1...

CVE-2021-27452

The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E all firmware versions prior to v04A00.1...

CVE-2021-27797

Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system...

CVE-2025-12708

IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that could be obtained by a local user...

CVE-2026-27073

Use of Hard-coded Credentials vulnerability in Addi Addi – Cuotas que se adaptan a ti buy-now-pay-later-addi allows Password Recovery Exploitation.This issue affects Addi – Cuotas que se adaptan a ti: from n/a through = 2.0.4...

CVE-2025-70041

An issue pertaining to CWE-259: Use of Hard-coded Password was discovered in oslabs-beta ThermaKube master...

CVE-2025-67112

Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote authenticated users to decrypt, modify, and re-encrypt device configurations, enabling credential manipulatio...

CVE-2026-3963

A security flaw has been discovered in perfree go-fastdfs-web up to 1.3.7. This affects the function rememberMeManager of the file src/main/java/com/perfree/config/ShiroConfig.java of the component Apache Shiro RememberMe. Performing a manipulation results in use of hard-coded cryptographic key...

CVE-2026-4588

A vulnerability was determined in kalcaddle kodbox 1.64. Impacted is the function shareSafeGroup of the file /workspace/source-code/app/controller/explorer/shareOut.class.php of the component Site-level API key Handler. This manipulation of the argument sk causes use of hard-coded cryptographic k...

CVE-2026-4216

A weakness has been identified in i-SENS SmartLog App up to 2.6.8 on Android. This affects an unknown function of the component air.SmartLog.android. This manipulation causes hard-coded credentials. The attack can only be executed locally. The exploit has been made available to the public and cou...