CVE-2026-0622

Open 5GS WebUI uses a hard-coded JWT signing key change-me whenever the environment variable JWTSECRETKEY is unset...

CVE-2026-0622 Open 5GS WebUI uses a hard-coded JWT signing key

Open 5GS WebUI uses a hard-coded JWT signing key change-me whenever the environment variable JWTSECRETKEY is unset...

CVE-2026-0622

Open5GS WebUI is affected by CVE-2026-0622: by default it uses hard-coded JWT signing keys (the string change-me) when JWT_SECRET_KEY is unset, allowing an unauthenticated network attacker to forge JWTs and gain access to protected WebUI endpoints (notably under /api/db/*). The issue arises from ...

CVE-2026-0622

Open 5GS WebUI uses a hard-coded JWT signing key change-me whenever the environment variable JWTSECRETKEY is unset...

CVE-2026-0622 Open 5GS WebUI uses a hard-coded JWT signing key

Open 5GS WebUI uses a hard-coded JWT signing key change-me whenever the environment variable JWTSECRETKEY is unset...

CVE-2025-14115

IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 through 6.3.0.6 Interim Fix 016, and 6.4.0.0 through 6.4.0.3 Interim Fix 019 IBM® Sterling Connect:Direct for UNIX contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication,...

CVE-2025-14115

CVE-2025-14115 affects IBM Sterling Connect:Direct for UNIX Container. Concrete details from connected sources: vulnerable versions are 6.3.0.0 to 6.3.0.6_iFix016 and 6.4.0.0 to 6.4.0.3_iFix019. The root cause is hard-coded credentials used for inbound authentication, outbound communication, or i...

CVE-2025-14115 IBM Sterling Connect:Direct for UNIX Container is affected by vulnerability where hard-coded credentials are embeeded in the product for its internal use.

IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 through 6.3.0.6 Interim Fix 016, and 6.4.0.0 through 6.4.0.3 Interim Fix 019 IBM® Sterling Connect:Direct for UNIX contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication,...

CVE-2025-14115 IBM Sterling Connect:Direct for UNIX Container is affected by vulnerability where hard-coded credentials are embeeded in the product for its internal use.

IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 through 6.3.0.6 Interim Fix 016, and 6.4.0.0 through 6.4.0.3 Interim Fix 019 IBM® Sterling Connect:Direct for UNIX contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication,...

CVE-2025-14115

IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 through 6.3.0.6 Interim Fix 016, and 6.4.0.0 through 6.4.0.3 Interim Fix 019 IBM® Sterling Connect:Direct for UNIX contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication,...

CVE-2026-1221

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to the database using hardcoded database credentials stored in the firmware...

CVE-2026-1221

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to the database using hardcoded database credentials stored in the firmware...

CVE-2026-1221

CVE-2026-1221 concerns the PrismX MX100 AP controller from Browan Communications. Multiple connected sources confirm a vulnerability described as the use of hard-coded credentials stored in firmware, enabling unauthenticated remote login to the database. Reported impact is high on confidentiality...

CVE-2026-1221 BROWAN COMMUNICATIONS ｜PrismX MX100 AP controller - Use of Hard-coded Credentials

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to the database using hardcoded database credentials stored in the firmware...

CVE-2026-1221 BROWAN COMMUNICATIONS ｜PrismX MX100 AP controller - Use of Hard-coded Credentials

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to the database using hardcoded database credentials stored in the firmware...

Browan Communications PrismX MX100 Trust Management Vulnerability

The Browan Communications PrismX MX100 is a wireless router produced by Browan Communications in Taiwan, China. The PrismX MX100 has a trust management vulnerability, which stems from the use of hard-coded credentials. This vulnerability could allow unverified remote attackers to log into databas...

PT-2026-3669

Name of the Vulnerable Software and Affected Versions Milner ImageDirector Capture versions 7.0.9.0 through 7.6.3.25808 Description A flaw exists in Milner ImageDirector Capture on Windows due to the use of hard-coded application encryption keys within the C2SGlobalSettings.dll component. This...

PT-2026-3541

Name of the Vulnerable Software and Affected Versions PrismX MX100 AP controller Description The PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has a flaw related to the use of hard-coded credentials. This allows unauthenticated remote attackers to gain access to the database using...

PT-2026-3581

IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 through 6.3.0.6 Interim Fix 016, and 6.4.0.0 through 6.4.0.3 Interim Fix 019 IBM® Sterling Connect:Direct for UNIX contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication,...

PT-2026-3645

Name of the Vulnerable Software and Affected Versions Open 5GS WebUI affected versions not specified Description The software utilizes a hard-coded JWT signing key 'change-me' if the JWT SECRET KEY environment variable is not set. This can allow attackers to forge JWTs and potentially gain...