8034 matches found
CVE-2026-4588
The CVE affects kalcaddle kodbox 1.64, specifically the Site-level API key Handler via the function shareSafeGroup in /workspace/source-code/app/controller/explorer/shareOut.class.php. The root cause is manipulation of the argument sk which leads to the use of a hard-coded cryptographic key. The ...
CVE-2026-4588 kalcaddle kodbox Site-level API key shareOut.class.php shareSafeGroup hard-coded key
A vulnerability was determined in kalcaddle kodbox 1.64. Impacted is the function shareSafeGroup of the file /workspace/source-code/app/controller/explorer/shareOut.class.php of the component Site-level API key Handler. This manipulation of the argument sk causes use of hard-coded cryptographic k...
CVE-2026-1958 Hard-coded passwords in KlinikaXP
Use of hard-coded credentials in Klinika XP and KlinikaXP Insertino allowed an unauthorized attacker access to several internal services. Critically, this included access to the FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious...
CVE-2026-1958
CVE-2026-1958 describes hard-coded credentials in KlinikaXP and KlinikaXP Insertino, enabling an unauthorized attacker to access internal services, notably the FTP server hosting update packages. The root cause is credentials embedded in the application, with exploitation potentially leading to u...
CVE-2026-1958 Hard-coded passwords in KlinikaXP
Use of hard-coded credentials in Klinika XP and KlinikaXP Insertino allowed an unauthorized attacker access to several internal services. Critically, this included access to the FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious...
CVE-2026-1958
Use of hard-coded credentials in Klinika XP and KlinikaXP Insertino allowed an unauthorized attacker access to several internal services. Critically, this included access to the FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious...
PT-2026-27124
A vulnerability was determined in kalcaddle kodbox 1.64. Impacted is the function shareSafeGroup of the file /workspace/source-code/app/controller/explorer/shareOut.class.php of the component Site-level API key Handler. This manipulation of the argument sk causes use of hard-coded cryptographic k...
PT-2026-27137
Name of the Vulnerable Software and Affected Versions GoHarbor versions prior to 2.15.0 Description The use of hard-coded credentials in GoHarbor allows attackers to use the default password and gain access to the web user interface. Recommendations Update GoHarbor to version 2.15.0 or later...
TP-Link多款产品 安全漏洞
TP-LINK Archer is a series of routers produced by TP-LINK Corporation. Several TP-Link products have security vulnerabilities. These vulnerabilities stem from hard-coded encryption keys in the configuration mechanism, which may allow authenticated attackers to decrypt configuration files, modify...
PT-2026-27121
Name of the Vulnerable Software and Affected Versions KlinikaXP versions prior to 5.39.01.01 KlinikaXP Insertino versions prior to 3.1.0.1 Description The use of hard-coded credentials in KlinikaXP and KlinikaXP Insertino allowed an unauthorized attacker access to internal services, including the...
EUVD-2026-13720
A use of hard-coded credentials vulnerability has been reported to affect QuNetSwitch. The remote attackers can then exploit the vulnerability to gain unauthorized access. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.5.0906 and later...
CVE-2026-22900
A use of hard-coded credentials vulnerability has been reported to affect QuNetSwitch. The remote attackers can then exploit the vulnerability to gain unauthorized access. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.5.0906 and later...
CVE-2026-22900
A use of hard-coded credentials vulnerability has been reported to affect QuNetSwitch. The remote attackers can then exploit the vulnerability to gain unauthorized access. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.5.0906 and later...
CVE-2026-22900 QuNetSwitch
A use of hard-coded credentials vulnerability has been reported to affect QuNetSwitch. The remote attackers can then exploit the vulnerability to gain unauthorized access. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.5.0906 and later...
CVE-2026-22900 QuNetSwitch
A use of hard-coded credentials vulnerability has been reported to affect QuNetSwitch. The remote attackers can then exploit the vulnerability to gain unauthorized access. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.5.0906 and later...
CVE-2026-22900
CVE-2026-22900 details (QuNetSwitch) : A use of hard-coded credentials vulnerability affects QuNetSwitch, enabling remote attackers to gain unauthorized access. The issue is rated CVSSv4 base score 8.8 (HIGH) with NETWORK attack vector, LOW attack complexity, no privileges required, and no user i...
EUVD-2026-13591
A vulnerability has been found in Yi Technology YI Home Camera 2 2.1.120171024151200. The affected element is an unknown function of the file home/web/ipc. Such manipulation leads to hard-coded credentials. Access to the local network is required for this attack to succeed. The exploit has been...
EUVD-2026-13600
A vulnerability was determined in Yi Technology YI Home Camera 2 2.1.120171024151200. This affects an unknown function of the component WPA/WPS. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack can only be done within the local network. This attack is...
CVE-2026-4477
A vulnerability was determined in Yi Technology YI Home Camera 2 2.1.120171024151200. This affects an unknown function of the component WPA/WPS. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack can only be done within the local network. This attack is...
CVE-2026-4475
A vulnerability has been found in Yi Technology YI Home Camera 2 2.1.120171024151200. The affected element is an unknown function of the file home/web/ipc. Such manipulation leads to hard-coded credentials. Access to the local network is required for this attack to succeed. The exploit has been...