8034 matches found
CVE-2026-25803 3DP-MANAGER Uses Hard-coded Credentials
3DP-MANAGER is an inbound generator for 3x-ui. In version 2.0.1 and prior, the application automatically creates an administrative account with known default credentials admin/admin upon the first initialization. Attackers with network access to the application's login interface can gain full...
CVE-2026-25803
CVE-2026-25803 – 3DP-MANAGER uses hard-coded admin credentials . The Red Hat, NVD, and related feeds report that, through version 2.0.1 and earlier, 3DP-MANAGER automatically creates an administrative account with default credentials (admin/admin) on first initialization. If an attacker can reach...
CVE-2026-25803 3DP-MANAGER Uses Hard-coded Credentials
3DP-MANAGER is an inbound generator for 3x-ui. In version 2.0.1 and prior, the application automatically creates an administrative account with known default credentials admin/admin upon the first initialization. Attackers with network access to the application's login interface can gain full...
CVE-2026-25753
PlaciPy (educational placement system) v1.0.0 has a hard-coded, static default password for all newly created student accounts, enabling mass account takeover. The vulnerability, described across multiple sources (NVD, Red Hat, CVE lists, OSV, ENISA, Attackerkb), states that any attacker who know...
CVE-2026-25753 PlaciPy has a Hard-Coded Default Password for All Student Accounts (Account Takeover)
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the...
CVE-2026-25753
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the...
CVE-2026-25753 PlaciPy has a Hard-Coded Default Password for All Student Accounts (Account Takeover)
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the...
CVE-2026-2103
Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt a...
CVE-2026-2103
Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt a...
CVE-2026-2103
Infor SyteLine ERP is affected by CVE-2026-2103 due to hard-coded static cryptographic keys used to encrypt stored credentials (passwords, DB connection strings, API keys). The keys are identical across all installations, enabling an attacker with access to the application binary and database to ...
CVE-2026-2103
Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt a...
CVE-2026-2103 Use of Hard-Coded Cryptographic Key for Password Storage
Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt a...
CVE-2026-2103 Use of Hard-Coded Cryptographic Key for Password Storage
Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt a...
EUVD-2026-5665
Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt a...
PT-2026-6779
Name of the Vulnerable Software and Affected Versions PlaciPy version 1.0.0 Description PlaciPy, a placement management system for educational institutions, uses a hard-coded, static default password for all newly created student accounts in version 1.0.0. This allows for mass account takeover,...
PT-2026-6732
Name of the Vulnerable Software and Affected Versions Infor SyteLine ERP affected versions not specified Description The software utilizes hard-coded, static cryptographic keys for encrypting stored credentials, including user passwords, database connection strings, and API keys. These encryption...
Use of Hard-coded Credentials
Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials via the deriveVaultKey function. An attacker can recover a significant portion of the cryptographic key by brute-forcing the remaining unpredictable bytes if they have physical access to the device...
Use of Hard-coded Credentials
Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials via the deriveVaultKey function. An attacker can recover a significant portion of the cryptographic key by brute-forcing the remaining unpredictable bytes if they have physical access to the device...
CVE-2025-69971
FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to forge valid admin tokens and bypass authentication to gain full administrative access...
Bambuddy 安全漏洞
Bambuddy is a self-hosted printing management system for 3D printers developed by MartinNYHC’s individual developer. Versions of Bambuddy prior to 0.1.7 contained security vulnerabilities. These vulnerabilities stemmed from hard-coded keys and the lack of authentication checks on ManyAPI routes,...