CVE-2026-40636

Dell ECS (3.8.1.0–3.8.1.7) and Dell ObjectScale versions before 4.3.0.0 contain a hard-coded credential issue. An unauthenticated, locally-accessible attacker could potentially obtain filesystem access. CVSS 3.1 base score 9.8 (CRITICAL) indicates high impact on confidentiality, integrity, and av...

CVE-2026-40636

Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to filesystem access for attacker...

CVE-2026-40636

Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to filesystem access for attacker...

PT-2026-39588

Name of the Vulnerable Software and Affected Versions Dell ECS versions 3.8.1.0 through 3.8.1.7 Dell ObjectScale versions prior to 4.3.0.0 Description An issue involving the use of hard-coded credentials allows an unauthenticated attacker with local access to potentially gain filesystem access...

Dell ECS和Dell ObjectScale 信任管理问题漏洞

Dell ECS and Dell ObjectScale are both products of the American company Dell. Dell ECS is an scalable, manageable, and elastic enterprise-level object storage solution. Dell ObjectScale is an object storage platform. There were security management vulnerabilities in versions 3.8.1.0 to 3.8.1.7 of...

CVE-2026-41930

Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin container with pre-configured database credentials. Attackers can connect to the phpMyAdmin port to...

Yarbo 信任管理问题漏洞

Yarbo is a modular intelligent courtyard maintenance robot developed by the American company Yarbo. Version 2.3.9 of Yarbo contains a vulnerability related to trust management. This vulnerability stems from hard-coded administrator credentials, which could allow attackers who are aware of these...

CVE-2026-8032

A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The impacted element is an unknown function of the file /cdemos/echs/priv/echs.js. This manipulation of the argument ADMINKEY causes hard-coded credentials. The attack is possible to be carried out remotely. The exploit has...

CVE-2026-41930

Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin container with pre-configured database credentials. Attackers can connect to the phpMyAdmin port to...

CVE-2026-8032 PicoTronica e-Clinic Healthcare System ECHS echs.js hard-coded credentials

A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The impacted element is an unknown function of the file /cdemos/echs/priv/echs.js. This manipulation of the argument ADMINKEY causes hard-coded credentials. The attack is possible to be carried out remotely. The exploit has...

CVE-2026-8032

A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The impacted element is an unknown function of the file /cdemos/echs/priv/echs.js. This manipulation of the argument ADMINKEY causes hard-coded credentials. The attack is possible to be carried out remotely. The exploit has...

CVE-2026-8032 PicoTronica e-Clinic Healthcare System ECHS echs.js hard-coded credentials

A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The impacted element is an unknown function of the file /cdemos/echs/priv/echs.js. This manipulation of the argument ADMINKEY causes hard-coded credentials. The attack is possible to be carried out remotely. The exploit has...

CVE-2026-8032

CVE-2026-8032 affects PicoTronica e-Clinic Healthcare System ECHS (v5.7). In echs.js (path: /cdemos/echs/priv/echs.js), an argument manipulation of ADMIN_KEY leads to hard-coded credentials exposed in the remote-access component. The issue enables remote exploitation with a published exploit; imp...

CVE-2026-41930 Vvveb < 1.0.8.2 Hard-coded Credentials Information Disclosure via phpMyAdmin

Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin container with pre-configured database credentials. Attackers can connect to the phpMyAdmin port to...

CVE-2026-41930

Vvveb

EUVD-2026-27885

Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin container with pre-configured database credentials. Attackers can connect to the phpMyAdmin port to...

CVE-2026-41930 Vvveb < 1.0.8.2 Hard-coded Credentials Information Disclosure via phpMyAdmin

Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin container with pre-configured database credentials. Attackers can connect to the phpMyAdmin port to...

CVE-2026-41930

Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin container with pre-configured database credentials. Attackers can connect to the phpMyAdmin port to...

Vvveb 访问控制错误漏洞

Vvveb is a powerful and easy-to-use CMS developed by Givan’s individual developers. It is used to build websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.2 contained an access control vulnerability. This vulnerability stemmed from hard-coded credentials in the...

PT-2026-38219

Name of the Vulnerable Software and Affected Versions Vvveb versions prior to 1.0.8.2 Description A hard-coded credentials issue exists in the docker-compose-apache.yaml configuration. This allows unauthenticated attackers to access the bundled phpMyAdmin container using pre-configured database...