CVE-2025-66237 Sunbird DCIM dcTrack and Power IQ Use of Hard-coded Credentials

DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host...

CVE-2025-66237 Sunbird DCIM dcTrack and Power IQ Use of Hard-coded Credentials

DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host...

CVE-2025-66237

DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host...

EUVD-2025-201280

DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host...

ALLNET ALL-RUT22GW v3.3.8 安全漏洞

ALLNET ALL-RUT22GW is a wireless router from ALLNET Germany. A security vulnerability exists in ALLNET ALL-RUT22GW v3.3.8, which stems from the inclusion of hard-coded credentials in the libicos.so library...

Sunbird DCIM dcTrack 信任管理问题漏洞

Sunbird DCIM dcTrack is an asset monitoring management software from Sunbird DCIM, Inc. A trust management issue vulnerability exists in Sunbird DCIM dcTrack that stems from the use of default and hard-coded credentials, which could lead to database management or system command execution...

PT-2025-49147

Name of the Vulnerable Software and Affected Versions dcTrack affected versions not specified Description dcTrack platforms are susceptible to unauthorized access due to the use of default and hard-coded credentials. An attacker gaining access through these credentials could administer the...

AI Service Secret Disclosure

Most of the web applications rely on various public services to provide features to their users. In secure designs, consuming these private or cloud services will require authentication like API and private keys, username and password based credentials and similar sensitive data. Developers...

CVE-2018-25126 TVT NVMS-9000 Hard-coded API Credentials & Command Injection

Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products contains hardcoded API credentials and an OS command injection flaw in its configuration services. The web/API interface accepts HTTP/XML requests authenticated with a fixed vendor...

CVE-2018-25126

CVE-2018-25126 affects Shenzhen TVT NVMS-9000 firmware, used in many white-labeled DVR/NVR/IPC products. The issue arises from hardcoded API credentials and an OS command injection flaw in the configuration services: the web/API interface accepts HTTP/XML requests authenticated with a fixed vendo...

Fortinet FortiWeb Trust Management Issue Vulnerability

Fortinet FortiWeb is a Web application layer firewall from the U.S. company Fita Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks to ensure the security of Web applications and protect sensitive database content. A...

CVE-2025-59669

A use of hard-coded credentials vulnerability in Fortinet FortiWeb 7.6.0, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker with shell access to the device to connect to redis service and access its data...

CVE-2025-59669

A use of hard-coded credentials vulnerability in Fortinet FortiWeb 7.6.0, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker with shell access to the device to connect to redis service and access its data...

CVE-2025-59669

A use of hard-coded credentials vulnerability in Fortinet FortiWeb 7.6.0, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker with shell access to the device to connect to redis service and access its data...

EUVD-2025-198011

A use of hard-coded credentials vulnerability in Fortinet FortiWeb 7.6.0, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker with shell access to the device to connect to redis service and access its data...

CVE-2025-59669

A use of hard-coded credentials vulnerability in Fortinet FortiWeb 7.6.0, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker with shell access to the device to connect to redis service and access its data...

CVE-2025-59669

A use of hard-coded credentials vulnerability in Fortinet FortiWeb 7.6.0, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker with shell access to the device to connect to redis service and access its data...

CVE-2025-59669

CVE-2025-59669 applies to Fortinet FortiWeb: hard-coded credentials allow an authenticated attacker with shell access to connect to the Redis service on FortiWeb devices and access Redis data. Affected are FortiWeb versions 7.0, 7.2, 7.4 (all variants) and 7.6.0. Public details across CNVD/Red Ha...

CVE-2025-13252

A vulnerability was found in shsuishang ShopSuite ModulithShop up to 45a99398cec3b7ad7ff9383694f0b53339f2d35a. Affected by this issue is some unknown functionality of the component RSA/OAuth2/Database. The manipulation results in hard-coded credentials. The attack can be executed remotely. The...

PT-2025-47364

Name of the Vulnerable Software and Affected Versions FortiWeb versions 7.0 through 7.6.0 FortiWeb version 7.4 FortiWeb version 7.2 Description A hard-coded credentials issue exists in FortiWeb that could allow an authenticated attacker with shell access to the device to connect to the redis...