EVlink City < R8 V3.4.0.1 - Authentication Bypass

A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox EVB1A all versions prior to R8 V3.4.0.1 that could allow an attacker t...

Security Bulletin: IBM Operational Decision Manager - Multiple CVEs addressed related to SOLR and its dependencies (such as Jetty) affecting ODM-9.0.0 and older versions

Summary This Security bulletin addresses vulnerabilities in Apache Solr and its dependencies including Eclipse Jetty that might affect IBM Operational Decision Manager version 9.0.0 and older versions. Vulnerability Details CVEID:CVE-2026-2332 DESCRIPTION: In Eclipse Jetty, the HTTP/1.1 parser is...

GitLab CE/EE - Hard-Coded Credentials

GitLab CE/EE contains a hard-coded credentials vulnerability. A hardcoded password was set for accounts registered using an OmniAuth provider e.g. OAuth, LDAP, SAML, allowing attackers to potentially take over accounts. This template attempts to passively identify vulnerable versions of GitLab...

EUVD-2026-37646

Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners for Japan and outside Japan; Wireless LAN Adapters for Room Air Conditioners for Japan and outside Japan; Wireless LAN Adapters for Packaged Air Conditioners for Japan and outside Japan; Refrigerators for...

CVE-2026-5667

Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners for Japan and outside Japan; Wireless LAN Adapters for Room Air Conditioners for Japan and outside Japan; Wireless LAN Adapters for Packaged Air Conditioners for Japan and outside Japan; Refrigerators for...

CVE-2026-5667 Information Disclosure, Information Tampering, or Denial-of-Service (DoS) Vulnerability in Multiple Home Appliances

Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners for Japan and outside Japan; Wireless LAN Adapters for Room Air Conditioners for Japan and outside Japan; Wireless LAN Adapters for Packaged Air Conditioners for Japan and outside Japan; Refrigerators for...

CVE-2026-5667

Technical details (affected models, root cause specifics, versions, and fixes) are not publicly available in the provided documents. Monitor for updates as more information may be released.

PT-2026-50362

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric Room Air Conditioners affected versions not specified Mitsubishi Electric Wireless LAN Adapters for Room Air Conditioners affected versions not specified Mitsubishi Electric Wireless LAN Adapters for Packaged Air Conditione...

CVE-2026-22312

CVE-2026-22312 affects Radiflow iSAP Smart Collector. The device exposes a webserver REST API authenticated with a constant token, enabling an unauthenticated client to access system settings, modify configuration, and execute commands (e.g., system reboot). CVSS 3.1 indicates NETWORK attack vect...

CVE-2026-10557

The Yarbo Android and iOS applications contain hard-coded MQTT broker credentials that are identical for all users and all devices. These credentials are embedded in the application binary and are readily extractable via APK decompilation. The credentials provide access to cloud MQTT brokers...

EUVD-2026-36473

The Aqara IAM/SSO Gateway gw-builder.aqara.com used a hardcoded OAuth client credential, which is an instance of "CWE-798: Use of Hard-coded Credentials." This issue has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 9.1 Critical. When combined with CVE-2026-50082, CVE-50084, a...

CVE-2026-10557

CVE-2026-10557 concerns the Yarbo Android/iOS mobile applications, where hard-coded MQTT broker credentials are embedded in the application binary and identical across all users/devices. These credentials are extractable via APK decompilation and provide access to cloud MQTT brokers carrying real...

EUVD-2026-36434

The Yarbo Android and iOS applications contain hard-coded MQTT broker credentials that are identical for all users and all devices. These credentials are embedded in the application binary and are readily extractable via APK decompilation. The credentials provide access to cloud MQTT brokers...

CVE-2026-10557 Yarbo Android/iOS Mobile Application and Cloud Infrastructure Use of Hard-coded Credentials

The Yarbo Android and iOS applications contain hard-coded MQTT broker credentials that are identical for all users and all devices. These credentials are embedded in the application binary and are readily extractable via APK decompilation. The credentials provide access to cloud MQTT brokers...

CVE-2026-10557 Yarbo Android/iOS Mobile Application and Cloud Infrastructure Use of Hard-coded Credentials

The Yarbo Android and iOS applications contain hard-coded MQTT broker credentials that are identical for all users and all devices. These credentials are embedded in the application binary and are readily extractable via APK decompilation. The credentials provide access to cloud MQTT brokers...

CVE-2026-7368 Yarbo Android/iOS Mobile Application and Cloud Infrastructure Missing Authorization

The Yarbo cloud does not enforce per-device or per-user authorization. Any client possessing valid credentials, whether the shared hard-coded credentials or legitimate per-user credentials, can subscribe to wildcard topics covering all robots globally, and can publish to any robot's command topic...

CVE-2026-7368

The CVE covers Yarbo Android/iOS mobile app and Yarbo cloud infrastructure where per-device/user authorization is not enforced. The system allows any client with valid credentials to subscribe to wildcard topics for all robots and publish to any robot’s command topic using only the robot’s serial...

EUVD-2026-36433

The Yarbo cloud does not enforce per-device or per-user authorization. Any client possessing valid credentials, whether the shared hard-coded credentials or legitimate per-user credentials, can subscribe to wildcard topics covering all robots globally, and can publish to any robot's command topic...

CVE-2026-11849 IEI Integration Corp｜iRM-IEI Remote Management - Hard-coded Credentials

The iRM-IEI Remote Management developed by IEI Integration Corp has a Hardcoded Credentials vulnerability, allowing unauthenticated remote attackers to exploit hard-coded credentials to gain administrative privileges on the database...

CVE-2026-11849 IEI Integration Corp｜iRM-IEI Remote Management - Hard-coded Credentials

The iRM-IEI Remote Management developed by IEI Integration Corp has a Hardcoded Credentials vulnerability, allowing unauthenticated remote attackers to exploit hard-coded credentials to gain administrative privileges on the database...