CVE-2025-4378

Cleartext Transmission of Sensitive Information, Use of Hard-coded Credentials vulnerability in Ataturk University ATA-AOF Mobile Application allows Authentication Abuse, Authentication Bypass. This issue affects ATA-AOF Mobile Application: before 20.06.2025...

PT-2025-26759

Name of the Vulnerable Software and Affected Versions: Ataturk University ATA-AOF Mobile Application versions prior to 20.06.2025 Description: The issue affects the Ataturk University ATA-AOF Mobile Application, allowing for authentication abuse and bypass due to cleartext transmission of sensiti...

5V Technologies Blue Angel Software Suite 安全漏洞

5V Technologies Blue Angel Software Suite is a management and control software suite deployed on embedded Linux devices from 5V Technologies, Taiwan, China. A security vulnerability exists in 5V Technologies Blue Angel Software Suite that stems from the presence of hard-coded credentials that cou...

Detecting Hard-Coded Credentials in Software Repositories Via LLMs

Software developers frequently hard-code credentials such as passwords, generic secrets, private keys, and generic tokens in software repositories, even though it is strictly advised against due to the severe threat to the security of the software. These credentials create attack surfaces...

D-Link DPH-400S/SE VoIP Phone 安全漏洞

D-Link DPH-400S/SE VoIP Phone is a VoIP phone from China AUO D-Link. A security vulnerability exists in D-Link DPH-400S/SE VoIP Phone version v1.01, which originates from hard-coded credentials and could lead to the disclosure of sensitive information...

Use of Hard-coded Credentials

Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials for the Service Account. An attacker could use the Service Account as a backdoor to the system using the leaked credentials. Remediation Upgrade openc3 to version 6.0.2 or higher. References - GitHub Commit...

OpenC3 COSMOS 安全漏洞

OpenC3 COSMOS is an OpenC3 open source application. A security vulnerability exists in OpenC3 COSMOS versions prior to v6.0.2 that stems from the use of hard-coded credentials for service accounts...

CVE-2025-5751

WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to bypass authentication on affected installations of WOLFBOX Level 2 EV Charger. Authentication is not required to exploit this...

CVE-2025-5751

WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to bypass authentication on affected installations of WOLFBOX Level 2 EV Charger. Authentication is not required to exploit this...

CVE-2025-5751 WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Authentication Bypass Vulnerability

WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to bypass authentication on affected installations of WOLFBOX Level 2 EV Charger. Authentication is not required to exploit this...

CVE-2025-5751

The CVE-2025-5751 issue affects WOLFBOX Level 2 EV Charger and stems from the management card handling: lack of personalization enables authentication bypass. Physical access is required to exploit, with no user interaction needed. The vulnerability allows an attacker to bypass authentication on ...

CVE-2025-5751 WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Authentication Bypass Vulnerability

WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to bypass authentication on affected installations of WOLFBOX Level 2 EV Charger. Authentication is not required to exploit this...

CVE-2025-3321 Use of Hard-coded Credentials in OnlineSuite

A predefined administrative account is not documented and cannot be deactivated. This account cannot be misused from the network, only by local users on the server...

CVE-2025-3321

CVE-2025-3321 affects B.Braun OnlineSuite. The issue is a predefined administrative account that is undocumented and cannot be deactivated, exploitable only by local users on the server (not over the network). Impact is high across confidentiality, integrity, and availability according to the CVS...

CVE-2025-3321 Use of Hard-coded Credentials in OnlineSuite

A predefined administrative account is not documented and cannot be deactivated. This account cannot be misused from the network, only by local users on the server...

(0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Authentication Bypass Vulnerability

This vulnerability allows physically present attackers to bypass authentication on affected installations of WOLFBOX Level 2 EV Charger. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of management cards. The issue results from the lack ...

WOLFBOX Level 2 EV Charger 信任管理问题漏洞

The WOLFBOX Level 2 EV Charger is an electric vehicle charger from WOLFBOX. The WOLFBOX Level 2 EV Charger suffers from a trust management issue vulnerability that stems from hard-coded credentials on the management card, which could lead to authentication bypass...

CVE-2025-5379

A vulnerability classified as critical was found in NuCom NC-WR744G 8.5.5 Build 20200530.307. This vulnerability affects unknown code of the component Console Application. The manipulation of the argument CMCCAdmin/useradmin/CUAdmin leads to hard-coded credentials. The attack can be initiated...

CVE-2025-5379

A vulnerability classified as critical was found in NuCom NC-WR744G 8.5.5 Build 20200530.307. This vulnerability affects unknown code of the component Console Application. The manipulation of the argument CMCCAdmin/useradmin/CUAdmin leads to hard-coded credentials. The attack can be initiated...

CVE-2025-5379 NuCom NC-WR744G Console Application hard-coded credentials

A vulnerability classified as critical was found in NuCom NC-WR744G 8.5.5 Build 20200530.307. This vulnerability affects unknown code of the component Console Application. The manipulation of the argument CMCCAdmin/useradmin/CUAdmin leads to hard-coded credentials. The attack can be initiated...