Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8023 matches found

RedhatCVE
RedhatCVEadded 2026/06/05 12:9 a.m.7 views

CVE-2026-7251

Eppendorf BioFlo 320 is vulnerable due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with remote access enabled, they can gain full control of the user interface by using this password. Once connected, the attacker would have ful...

9.8CVSS5.9AI score0.00134EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/06/05 12:0 a.m.9 views

PT-2026-47036

Name of the Vulnerable Software and Affected Versions Altium Enterprise Server affected versions not specified Description The Vault service uses a hard-coded cryptographic key to sign file download URLs. Since this key is identical across all installations, an unauthenticated network attacker ca...

10CVSS5.5AI score0.00092EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/06/05 12:0 a.m.9 views

PT-2026-47013

Name of the Vulnerable Software and Affected Versions NetMan version 204 Description NetMan contains a hard-coded backdoor account with the username and password eurek that provides administrative access. A remote, unauthenticated attacker can authenticate through the "/cgi-bin/login.cgi" endpoin...

9.8CVSS5.4AI score0.00076EPSS
Exploits0References8
NVD
NVDadded 2026/06/04 8:16 p.m.7 views

CVE-2026-21404

NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation SOAP implementation. If the SOAP functionality is enabled, a local attacker can extract credentials to bypass the intended transfer workflow. Successful authentication against the...

6.3CVSS0.00017EPSS
Exploits0References2
CVE
CVEadded 2026/06/04 7:44 p.m.23 views

CVE-2026-21404

NAVTOR NavBox (versions up to 4.16.1.20) contains hard-coded credentials in its Windows Communication Foundation (SOAP) implementation. When SOAP is enabled, a local attacker can extract credentials and bypass the intended transfer workflow. Successful authentication to the SOAP interface grants ...

6.3CVSS5.8AI score0.00017EPSS
Exploits0References2
EUVD
EUVDadded 2026/06/04 7:44 p.m.6 views

EUVD-2026-34321

NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation SOAP implementation. If the SOAP functionality is enabled, a local attacker can extract credentials to bypass the intended transfer workflow. Successful authentication against the...

6.3CVSS5.8AI score0.00017EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/06/04 7:44 p.m.6 views

CVE-2026-21404 NAVTOR NavBox Use of Hard-coded Credentials

NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation SOAP implementation. If the SOAP functionality is enabled, a local attacker can extract credentials to bypass the intended transfer workflow. Successful authentication against the...

6.3CVSS5.5AI score0.00017EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/06/04 7:44 p.m.4 views

CVE-2026-21404

NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation SOAP implementation. If the SOAP functionality is enabled, a local attacker can extract credentials to bypass the intended transfer workflow. Successful authentication against the...

6.3CVSS5.8AI score0.00017EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/06/04 7:44 p.m.24 views

CVE-2026-21404 NAVTOR NavBox Use of Hard-coded Credentials

NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation SOAP implementation. If the SOAP functionality is enabled, a local attacker can extract credentials to bypass the intended transfer workflow. Successful authentication against the...

6.3CVSS0.00017EPSS
Exploits0References2
NVD
NVDadded 2026/06/04 9:16 a.m.10 views

CVE-2026-50208

High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle MITM actor could decrypt network traffic...

9.4CVSS0.0003EPSS
Exploits0References1
EUVD
EUVDadded 2026/06/04 7:9 a.m.8 views

EUVD-2026-34220

High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle MITM actor could decrypt network traffic...

9.4CVSS5.8AI score0.0003EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/06/04 7:9 a.m.36 views

CVE-2026-50208 Permissive TrustAllCerts TLS Verification

High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle MITM actor could decrypt network traffic...

9.2CVSS0.0003EPSS
Exploits0References1
CVE
CVEadded 2026/06/04 6:35 a.m.14 views

CVE-2026-49204

Technical details about CVE-2026-49204 are not publicly available in the provided documents; monitor for updates.

6.9CVSS5.8AI score0.00043EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2026/06/04 6:35 a.m.36 views

CVE-2026-49204 Hard-coded AWS Cognito Testing Accounts

Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation...

6.9CVSS0.00043EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/06/04 6:35 a.m.4 views

CVE-2026-49204 Hard-coded AWS Cognito Testing Accounts

Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation...

6.9CVSS5.8AI score0.00043EPSS
Exploits0References1
NVD
NVDadded 2026/06/04 6:16 a.m.7 views

CVE-2026-49187

The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...

8.7CVSS0.00045EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/06/04 5:36 a.m.37 views

CVE-2026-49191 Exposed Hard-coded M3WebServer Backend API Key

The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages...

9.3CVSS0.00061EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/06/04 5:36 a.m.5 views

CVE-2026-49191 Exposed Hard-coded M3WebServer Backend API Key

The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages...

9.3CVSS5.8AI score0.00061EPSS
Exploits0References1
CVE
CVEadded 2026/06/04 5:36 a.m.13 views

CVE-2026-49191

The CVE-2026-49191 entry concerns the production build of the M3WebServer where backend API keys are hard-coded and can be intercepted via verbose error handling pages. According to the provided data, this results in a high-impact exposure affecting confidentiality, integrity, and availability (C...

9.8CVSS5.8AI score0.00061EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2026/06/04 3:50 a.m.38 views

CVE-2026-49187 Hard-coded APK Resource Credentials & Scepters

The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...

8.7CVSS0.00045EPSS
Exploits0References1
Rows per page
Query Builder