CVE-2026-4993

Wandb OpenUI (up to 0.0.0.0/1.0) is affected by a vulnerability in backend/openui/config.py where manipulation of LITELLM_MASTER_KEY leads to hard-coded credentials. The issue enables a local attacker and the exploit has been disclosed publicly; vendor response was not provided. No further techni...

Microchip Time Provider 4100 安全漏洞

Microchip Time Provider 4100 is a precision time gateway developed by the American company Microchip. Versions of Microchip Time Provider 4100 prior to version 2.5.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of hard-coded credentials, which could lead to...

PT-2026-28307

Name of the Vulnerable Software and Affected Versions Microchip Time Provider 4100 versions prior to 2.5.0 Description A use of hard-coded credentials issue exists in Microchip Time Provider 4100, potentially allowing for malicious manual software updates. Recommendations Update Microchip Time...

PT-2026-28711

Name of the Vulnerable Software and Affected Versions wandb OpenUI versions up to 0.0.0.0/1.0 Description A security issue exists in wandb OpenUI related to hard-coded credentials. The manipulation of the LITELLM MASTER KEY argument within the file backend/openui/config.py can lead to exposure of...

CVE-2021-27797

Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system...

CVE-2025-12708

IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that could be obtained by a local user...

CVE-2026-27073

Use of Hard-coded Credentials vulnerability in Addi Addi – Cuotas que se adaptan a ti buy-now-pay-later-addi allows Password Recovery Exploitation.This issue affects Addi – Cuotas que se adaptan a ti: from n/a through = 2.0.4...

CVE-2026-4216

A weakness has been identified in i-SENS SmartLog App up to 2.6.8 on Android. This affects an unknown function of the component air.SmartLog.android. This manipulation causes hard-coded credentials. The attack can only be executed locally. The exploit has been made available to the public and cou...

CVE-2026-4219

A flaw has been found in INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App up to 1.0.2 on Android. Affected by this vulnerability is an unknown functionality of the file com/index/event/BuildConfig.java of the component ae.index.apgcs. Executing a manipulation of the argument...

CVE-2026-22900

A use of hard-coded credentials vulnerability has been reported to affect QuNetSwitch. The remote attackers can then exploit the vulnerability to gain unauthorized access. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.5.0906 and later...

CVE-2026-3873

Use of Hard-coded Credentials vulnerability in Avantra allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Avantra: before 25.3.0...

CVE-2026-1958

Use of hard-coded credentials in Klinika XP and KlinikaXP Insertino allowed an unauthorized attacker access to several internal services. Critically, this included access to the FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious...

CVE-2026-24448

Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to obtain administrative access...

CVE-2026-28255

A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts...

CVE-2026-4475

A vulnerability has been found in Yi Technology YI Home Camera 2 2.1.120171024151200. The affected element is an unknown function of the file home/web/ipc. Such manipulation leads to hard-coded credentials. Access to the local network is required for this attack to succeed. The exploit has been...

EUVD-2025-209008

IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that could be obtained by a local user...

CVE-2025-12708

IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that could be obtained by a local user...

CVE-2025-12708 Multiple Vulnerabilities in IBM Concert Software

IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that could be obtained by a local user...

CVE-2025-12708 Multiple Vulnerabilities in IBM Concert Software

IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that could be obtained by a local user...

CVE-2025-12708

CVE-2025-12708 affects IBM Concert 1.0.0 through 2.2.0 and is due to hard-coded credentials that could be obtained by a local user. The CVSSv3.1 base score is 6.2 (MEDIUM), with attack vector LOCAL and impact chain limited to Confidentiality (HIGH); no impact on Integrity or Availability is noted...