8048 matches found
CVE-2026-27519
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior use RC4 with a hard-coded key embedded in client-side JavaScript. Because the key is static and exposed, an attacker can decrypt protected values and defeat confidentiality protections...
CVE-2026-27519
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior use RC4 with a hard-coded key embedded in client-side JavaScript. Because the key is static and exposed, an attacker can decrypt protected values and defeat confidentiality protections...
CVE-2026-27507
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain hard-coded administrative credentials that cannot be changed by users. Knowledge of these credentials allows full administrative access to the device...
CVE-2026-27507
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain hard-coded administrative credentials that cannot be changed by users. Knowledge of these credentials allows full administrative access to the device...
CVE-2025-13776 Hard-coded database credentials in Finka software
Multiple Finka programs use hard-coded Firebird database credentials shared across all instances of this software. A malicious attacker in local network who knows default credentials is able to read and edit database content. This vulnerability has been fixed in version: Finka-FK 18.5, Finka-KPR...
CVE-2025-13776 Hard-coded database credentials in Finka software
Multiple Finka programs use hard-coded Firebird database credentials shared across all instances of this software. A malicious attacker in local network who knows default credentials is able to read and edit database content. This vulnerability has been fixed in version: Finka-FK 18.5, Finka-KPR...
CVE-2025-13776
CVE-2025-13776 concerns multiple Finka programs that use hard-coded Firebird database credentials shared across all instances. The vulnerability allows a local-network attacker who knows the default credentials to read and edit database content. Affected products and upgraded releases are: Finka-...
CVE-2026-27519
Binardat 10G08-0800GSM network switch firmware up to version V300SP10260209 uses RC4 with a hard-coded key embedded in client-side JavaScript. The static key enables an attacker to decrypt protected values, defeating confidentiality protections. Affected component: firmware (vulnerable RC4 implem...
CVE-2026-27519 Binardat 10G08-0800GSM Network Switch Hard-coded RC4 Encryption Key
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior use RC4 with a hard-coded key embedded in client-side JavaScript. Because the key is static and exposed, an attacker can decrypt protected values and defeat confidentiality protections...
CVE-2026-27519 Binardat 10G08-0800GSM Network Switch Hard-coded RC4 Encryption Key
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior use RC4 with a hard-coded key embedded in client-side JavaScript. Because the key is static and exposed, an attacker can decrypt protected values and defeat confidentiality protections...
CVE-2026-27507 Binardat 10G08-0800GSM Network Switch Hard-coded Credentials
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain hard-coded administrative credentials that cannot be changed by users. Knowledge of these credentials allows full administrative access to the device...
CVE-2026-27507
The affected product is Binardat 10G08-0800GSM network switch (firmware V300SP10260209 and earlier). The root cause is hard-coded administrative credentials in the firmware that users cannot change, which grants full administrative access when known. This creates a critical impact on confidential...
CVE-2026-27507 Binardat 10G08-0800GSM Network Switch Hard-coded Credentials
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain hard-coded administrative credentials that cannot be changed by users. Knowledge of these credentials allows full administrative access to the device...
Incorrect Calculation of Buffer Size
Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...
Incorrect Calculation of Buffer Size
Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
PT-2026-21757
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior use RC4 with a hard-coded key embedded in client-side JavaScript. Because the key is static and exposed, an attacker can decrypt protected values and defeat confidentiality protections...
PT-2026-21765
Name of the Vulnerable Software and Affected Versions Finka-FK versions prior to 18.5 Finka-KPR versions prior to 16.6 Finka-Płace versions prior to 13.4 Finka-Faktura versions prior to 18.3 Finka-Magazyn versions prior to 8.3 Finka-STW versions prior to 12.3 Description The Finka software suite...
PT-2026-21752
Name of the Vulnerable Software and Affected Versions Binardat 10G08-0800GSM network switch firmware versions V300SP10260209 and prior Description The Binardat 10G08-0800GSM network switch firmware contains hard-coded administrative credentials that cannot be altered by users. Obtaining these...
CVE-2026-2635
MLflow Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the basicauth.ini file. The fi...
CVE-2026-2635
MLflow before version 3.8.0 is affected by an authentication bypass (CVE-2026-2635) due to default credentials in basic_auth.ini, allowing remote, unauthenticated attackers to bypass authentication and execute arbitrary code with administrator privileges. Root cause: hard-coded default credential...