Adobe ColdFusion 信任管理问题漏洞

Adobe ColdFusion is a dynamic Web server platform maintained by Adobe. Adobe ColdFusion suffers from a trust management issue vulnerability that stems from the use of hard-coded credentials, which can be exploited by an attacker to cause elevation of privilege...

HPE Networking Instant On Access Points 安全漏洞

HPE Networking Instant On Access Points is a wireless network access point from HPE America. A security vulnerability exists in HPE Networking Instant On Access Points that stems from hard-coded login credentials that could lead to bypassing device authentication...

PT-2025-28754 · Adobe · Coldfusion

Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier Description: The issue is related to the use of hard-coded credentials, which could result in privilege escalation. An attacker could leverage this to gain unauthorized access to...

PT-2025-28660 · Hewlett Packard · Hpe Networking Instant On Access Points

Name of the Vulnerable Software and Affected Versions: HPE Networking Instant On Access Points versions 3.2.0 and earlier HPE Aruba Instant On Access Points versions 3.2.0.1 and earlier Aruba Instant On APs versions 3.2.0 and earlier Description: HPE Networking and Aruba Instant On Access Points...

CVE-2025-52492

A vulnerability has been discovered in the firmware of Paxton Paxton10 before 4.6 SR6. The firmware file, rootfs.tar.gz, contains hard-coded credentials for the Twilio API. A remote attacker who obtains a copy of the firmware can extract these credentials. This could allow the attacker to gain...

CVE-2025-3920

A vulnerability was identified in SUR-FBD CMMS where hard-coded credentials were found within a compiled DLL file. These credentials correspond to a built-in administrative account of the software. An attacker with local access to the system or the application's installation directory could extra...

CVE-2025-3920 Hard-coded Password in SUR-FBD CMMS

A vulnerability was identified in SUR-FBD CMMS where hard-coded credentials were found within a compiled DLL file. These credentials correspond to a built-in administrative account of the software. An attacker with local access to the system or the application's installation directory could extra...

CVE-2025-3920

CVE-2025-3920 affects SUR-FBD CMMS: hard-coded credentials exist inside a compiled DLL that maps to a built-in admin account. An attacker with local access could extract these credentials and potentially fully compromise the application's administrative functions. The issue has been fixed in vers...

CVE-2025-52492

A vulnerability has been discovered in the firmware of Paxton Paxton10 before 4.6 SR6. The firmware file, rootfs.tar.gz, contains hard-coded credentials for the Twilio API. A remote attacker who obtains a copy of the firmware can extract these credentials. This could allow the attacker to gain...

CVE-2025-52492

In Paxton Paxton10 firmware (versions before 4.6 SR6), the rootfs.tar.gz payload contains hard-coded Twilio API credentials. A remote attacker who obtains a firmware copy can extract these credentials, potentially gaining unauthorized access to the associated Twilio account, leading to informatio...

Paxton10 安全漏洞

Paxton10 is a system that combines access control and video management features from Paxton UK. A security vulnerability exists in Paxton10 versions prior to 4.6 SR6, which stems from firmware containing hard-coded credentials that could lead to information disclosure and service interruption...

SUR-FBD CMMS 安全漏洞

SUR-FBD CMMS is a computerized maintenance management system from the Polish company SUR-FBD. A security vulnerability exists in SUR-FBD CMMS that stems from the presence of hard-coded credentials in a DLL file, which could lead to full control of the application...

PT-2025-28185 · Twilio +1 · Twilio Api +1

Name of the Vulnerable Software and Affected Versions: Paxton10 versions prior to 4.6 SR6 Description: A vulnerability has been discovered in the firmware of Paxton10, where the firmware file, rootfs.tar.gz, contains hard-coded credentials for the Twilio API. A remote attacker who obtains a copy ...

PT-2025-28141 · Unknown · Sur-Fbd Cmms

Name of the Vulnerable Software and Affected Versions: SUR-FBD CMMS versions prior to 2025.03.27 Description: A vulnerability was identified in SUR-FBD CMMS where hard-coded credentials were found within a compiled DLL file. These credentials correspond to a built-in administrative account of the...

Cisco Unified Communications Manager (CUCM) Static SSH Credentials (cisco-sa-cucm-ssh-m4UBdpE7)

According to its self-reported version, Cisco Unified Communications Products is affected by a hard-coded credentials vulnerability. - A vulnerability in Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow ...

ENENSYS IPGuard v2 安全漏洞

ENENSYS IPGuard v2 is a software from ENENSYS France for securing IP streaming transmissions. A security vulnerability exists in ENENSYS IPGuard v2 version 2.10.0 that originates from hard-coded credentials...

PT-2025-29411 · Lb Link · Lb-Link Bl-Ac3600

Name of the Vulnerable Software and Affected Versions: LB-LINK BL-AC3600 version 1.0.22 Description: A critical vulnerability exists in LB-LINK BL-AC3600 version 1.0.22. The issue affects some unknown functionality of the file /etc/shadow. Manipulation of the input root:blinkadmin leads to the...

CVE-2025-4378

Cleartext Transmission of Sensitive Information, Use of Hard-coded Credentials vulnerability in Ataturk University ATA-AOF Mobile Application allows Authentication Abuse, Authentication Bypass. This issue affects ATA-AOF Mobile Application: before 20.06.2025...

Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability

Fortinet FortiOS contains a use of hard-coded credentials vulnerability that could allow an attacker to cipher sensitive data in FortiOS configuration backup file via knowledge of the hard-coded key...

CVE-2025-4378

Cleartext Transmission of Sensitive Information, Use of Hard-coded Credentials vulnerability in Ataturk University ATA-AOF Mobile Application allows Authentication Abuse, Authentication Bypass. This issue affects ATA-AOF Mobile Application: before 20.06.2025...