Fortinet FortiWeb 信任管理问题漏洞

Fortinet FortiWeb is a Web application layer firewall from the U.S. company Fita Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks to ensure the security of Web applications and protect sensitive database content. A...

EUVD-2025-197734

A vulnerability was found in shsuishang ShopSuite ModulithShop up to 45a99398cec3b7ad7ff9383694f0b53339f2d35a. Affected by this issue is some unknown functionality of the component RSA/OAuth2/Database. The manipulation results in hard-coded credentials. The attack can be executed remotely. The...

CVE-2025-13252

A vulnerability was found in shsuishang ShopSuite ModulithShop up to 45a99398cec3b7ad7ff9383694f0b53339f2d35a. Affected by this issue is some unknown functionality of the component RSA/OAuth2/Database. The manipulation results in hard-coded credentials. The attack can be executed remotely. The...

CVE-2025-13252 shsuishang ShopSuite ModulithShop RSA/OAuth2/Database hard-coded credentials

A vulnerability was found in shsuishang ShopSuite ModulithShop up to 45a99398cec3b7ad7ff9383694f0b53339f2d35a. Affected by this issue is some unknown functionality of the component RSA/OAuth2/Database. The manipulation results in hard-coded credentials. The attack can be executed remotely. The...

CVE-2025-13252

ShopSuite ModulithShop (up to 45a99398cec3b7ad7ff9383694f0b53339f2d35a) is affected by a vulnerability in the RSA/OAuth2/Database component that leads to hard-coded credentials. The issue can be exploited remotely, and public exploitation is noted. Several connected sources confirm the same root ...

CVE-2025-13252 shsuishang ShopSuite ModulithShop RSA/OAuth2/Database hard-coded credentials

A vulnerability was found in shsuishang ShopSuite ModulithShop up to 45a99398cec3b7ad7ff9383694f0b53339f2d35a. Affected by this issue is some unknown functionality of the component RSA/OAuth2/Database. The manipulation results in hard-coded credentials. The attack can be executed remotely. The...

ModulithShop 信任管理问题漏洞

ModulithShop is an online shopping mall system from the individual developers of Shopsuite. ModulithShop suffers from a Trust Management Issue vulnerability that stems from misbehavior of the component RSA/OAuth2/Database, which could lead to hard-coded credentials...

PT-2025-47093

Name of the Vulnerable Software and Affected Versions ShopSuite ModulithShop versions up to 45a99398cec3b7ad7ff9383694f0b53339f2d35a Description A flaw exists within ShopSuite ModulithShop related to the RSA/OAuth2/Database component, resulting in the presence of hard-coded credentials. This issu...

Brightpick Mission Control 安全漏洞

Brightpick Mission Control is a centralized control platform for mission management from Brightpick USA. A security vulnerability exists in Brightpick Mission Control that stems from the inclusion of hard-coded credentials in a client-side JavaScript package...

Use of Hard-coded Credentials

Overview AstrBot is a 易上手的多平台 LLM 聊天机器人及开发框架 Affected versions of this package are vulnerable to Use of Hard-coded Credentials for signature verification. An attacker can gain unauthorized access and execute arbitrary commands by bypassing authentication using a hard-coded JWT signing key and...

CVE-2025-9982 Hard-coded admin credentials in Quick.CMS

A vulnerability exists in QuickCMS version 6.8 where sensitive admin credentials are hardcoded in a configuration file and stored in plaintext. This flaw allows attackers with access to the source code or the server file system to retrieve authentication details, potentially leading to privilege...

CVE-2025-9982

CVE-2025-9982 affects QuickCMS 6.8. The vulnerability is due to sensitive admin credentials hardcoded in a plaintext configuration file, allowing attackers with access to the source code or server filesystem to retrieve credentials and potentially escalate privileges. Only version 6.8 was tested ...

CVE-2025-9982 Hard-coded admin credentials in Quick.CMS

A vulnerability exists in QuickCMS version 6.8 where sensitive admin credentials are hardcoded in a configuration file and stored in plaintext. This flaw allows attackers with access to the source code or the server file system to retrieve authentication details, potentially leading to privilege...

NVIDIA AIStore AuthN Hard-coded Credentials Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of NVIDIA AIStore. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AuthN authentication mechanism. The issue results from the use of hard-coded...

Use of Hard-coded Credentials

Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials in the AuthN implementation. An attacker can gain unauthorized access to sensitive information, escalate privileges, and tamper with data by leveraging hard-coded credentials. Remediation Upgrade...

Use of Hard-coded Credentials

Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials in the AuthN implementation. An attacker can gain unauthorized access to sensitive information, escalate privileges, and tamper with data by leveraging hard-coded credentials. Remediation Upgrade...

CVE-2025-34501

Deck Mate 2 is distributed with static, hard-coded credentials for the root shell and web user interface, while multiple management services SSH, HTTP, Telnet, SMB, X11 are enabled by default. If an attacker can reach these interfaces - most often through local or near-local access such as...

CVE-2025-34501

Deck Mate 2 ships with static, hard-coded credentials for the root shell and web UI, and exposes multiple management services by default (SSH, HTTP, Telnet, SMB, X11). An attacker with local or near-local access (e.g., USB or Ethernet ports under the table) can login as admin and gain full contro...

CVE-2025-34501 Shuffle Master Deck Mate 2 Hard-coded Credentials & Exposed Services

Deck Mate 2 is distributed with static, hard-coded credentials for the root shell and web user interface, while multiple management services SSH, HTTP, Telnet, SMB, X11 are enabled by default. If an attacker can reach these interfaces - most often through local or near-local access such as...

Light & Wonder Deck Mate 安全漏洞

Light & Wonder Deck Mate is an automated licensing device from Light & Wonder UK. A security vulnerability exists in the Light & Wonder Deck Mate that stems from the use of hard-coded credentials and the enabling of multiple management services by default, which could lead to unauthorized...