Lucene search
K

9837 matches found

Nuclei
Nuclei
added 15 hours ago79 views

Gladinet CentreStack < 16.4.10315.56368 Use of Hard-coded Key Leads to Unauthenticated RCE

Gladinet CentreStack through 16.1.10296.56315 fixed in 16.4.10315.56368 has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors who know the machineKey to serialize a payload for server-side...

9.8CVSS7.6AI score0.93842EPSS
Exploits6References3
Nuclei
Nuclei
added 15 hours ago154 views

TOTOLINK CP450 v4.1.0cu.747_B20191224 - Hard-Coded Password Vulnerability

A critical vulnerability has been discovered in TOTOLINK CP450 version 4.1.0cu.747B20191224. This vulnerability affects an unknown part of the file /webcste/cgi-bin/product.ini of the Telnet Service component. The issue stems from the use of a hard-coded password, which can be exploited remotely...

10CVSS7AI score0.20737EPSS
Exploits1References4
NVD
NVD
added yesterday6 views

CVE-2026-14739

DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders. The fix for CVE-2026-10879 did not allocate enough memory to handle approximately 1.2-million placeholders. DBI version 1.650 sets a hard limit of 99,999 placeholders...

9.8CVSS
Exploits0References3
Nuclei
Nuclei
added yesterday72 views

EVlink City < R8 V3.4.0.1 - Authentication Bypass

A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox EVB1A all versions prior to R8 V3.4.0.1 that could allow an attacker t...

10CVSS7.2AI score0.64612EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday104 views

GitLab CE/EE - Hard-Coded Credentials

GitLab CE/EE contains a hard-coded credentials vulnerability. A hardcoded password was set for accounts registered using an OmniAuth provider e.g. OAuth, LDAP, SAML, allowing attackers to potentially take over accounts. This template attempts to passively identify vulnerable versions of GitLab...

9.8CVSS7.3AI score0.76177EPSS
Exploits3
CVE
CVE
added yesterday7 views

CVE-2026-37270

Trueview Security camera T18161-AF with firmware v4.9.60.0 contains an authentication bypass caused by improper password validation and hard-coded credentials in the firmware. This enables bypassing authentication to gain unauthorized access. The available documents do not specify exploit vectors...

5.9AI score
Exploits0References3
NVD
NVD
added 2 days ago8 views

CVE-2026-14807

ERP App developed by PROG MIS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to view application code and obtain the database account and password...

9.8CVSS0.00463EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-14807

ERP App developed by PROG MIS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to view application code and obtain the database account and password...

9.8CVSS6.1AI score0.00463EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-14807 PROG MIS|ERP App - Use of Hard-coded Credentials

ERP App developed by PROG MIS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to view application code and obtain the database account and password...

9.8CVSS0.00463EPSS
Exploits0References2
CVE
CVE
added 2 days ago19 views

CVE-2026-14807

The CVE-2026-14807 entry concerns PROG MIS’s ERP App with a Use of Hard-coded Credentials vulnerability. The connected documentation confirms unauthenticated remote access that could log in and reveal application code, enabling retrieval of the database account and password. Reported CVSS metrics...

9.8CVSS6.1AI score0.00463EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-41816

ERP App developed by PROG MIS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to view application code and obtain the database account and password...

9.8CVSS6.1AI score0.00463EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-41458

In exception circumstances, WatchGuard Fireware OS on a FireCluster may use a hard-coded encryption key to encrypt saved credentials for Access Portal resources. This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to and including 2026.2. This vulnerability does no...

5.9CVSS5.7AI score0.00162EPSS
Exploits0References2
NVD
NVD
added 5 days ago10 views

CVE-2026-13728

In exception circumstances, WatchGuard Fireware OS on a FireCluster may use a hard-coded encryption key to encrypt saved credentials for Access Portal resources. This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to and including 2026.2. This vulnerability does no...

5.9CVSS0.00162EPSS
Exploits0References1
CVE
CVE
added 6 days ago17 views

CVE-2026-13768

CVE-2026-13768 affects Gardyn Home Kit and Gardyn Studio. The root cause is exposure of a privileged iothubowner credential, which enables a malicious user to invoke IoTHub Registry Manager functions to obtain connection information for all Gardyn devices and to execute commands on a specific dev...

10CVSS6AI score0.00559EPSS
Exploits1References3
Cvelist
Cvelist
added 6 days ago40 views

CVE-2026-13728 WatchGuard Firebox Hardcoded Fallback Encryption Key in Access Portal Resource Credential Database

In exception circumstances, WatchGuard Fireware OS on a FireCluster may use a hard-coded encryption key to encrypt saved credentials for Access Portal resources. This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to and including 2026.2. This vulnerability does no...

5.9CVSS0.00162EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-13728

In exception circumstances, WatchGuard Fireware OS on a FireCluster may use a hard-coded encryption key to encrypt saved credentials for Access Portal resources. This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to and including 2026.2. This vulnerability does no...

5.9CVSS5.7AI score0.00162EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-58466

AutoBangumi before 3.2.8 contains a hard-coded default credentials vulnerability that allows unauthenticated attackers to authenticate as the administrator by using the publicly known default credentials seeded at startup via adddefaultuser in the database user module when the users table is empt...

9.8CVSS5.8AI score0.00505EPSS
Exploits0References5
OSV
OSV
added 6 days ago4 views

UBUNTU-CVE-2026-53326

In the Linux kernel, the following vulnerability has been resolved: debugobjects: Don't call fillpool in early boot hardirq context When booting a debug PREEMPTRT kernel on an ARM64 system, a "inconsistent HARDIRQ-ON-W - IN-HARDIRQ-W usage" lockdep warning message was reported to the console...

5.7AI score0.00172EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 6 days ago10 views

PT-2026-55288

Name of the Vulnerable Software and Affected Versions AutoBangumi versions prior to 3.2.8 Description An issue exists where hard-coded default credentials are seeded at startup via the add default user function in the database user module when the users table is empty. This allows unauthenticated...

9.8CVSS6AI score0.00505EPSS
Exploits0References9
NVD
NVD
added 2026/07/01 5:16 p.m.6 views

CVE-2026-58453

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a hard-coded credentials vulnerability that allows network-adjacent attackers to gain unauthorized access by using the default admin username with an empty password accepted by the anykaipc HTTP service on port 80...

9.8CVSS0.0169EPSS
Exploits0References3
Rows per page
Query Builder