8034 matches found
Use of Hard-coded Credentials
Overview fuxa-server is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Use of Hard-coded Credentials via the jwt-helper.js when verifying JWT tokens. An attacker can gain unauthorized administrative access by forging valid tokens...
GHSA-2R8F-CF6W-X5VQ Duplicate Advisory: FUXA contains a hard-coded credential vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c8m8-3jcr-6rj5. This link is maintained to preserve external references. Original Description FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a...
Duplicate Advisory: FUXA contains a hard-coded credential vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c8m8-3jcr-6rj5. This link is maintained to preserve external references. Original Description FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a...
CVE-2025-69971
FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to forge valid admin tokens and bypass authentication to gain full administrative access...
CVE-2025-69971
FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to forge valid admin tokens and bypass authentication to gain full administrative access...
EUVD-2025-206717
FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to forge valid admin tokens and bypass authentication to gain full administrative access...
CVE-2025-69971
FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to forge valid admin tokens and bypass authentication to gain full administrative access...
CVE-2025-69971
FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to forge valid admin tokens and bypass authentication to gain full administrative access...
PT-2026-5979
Name of the Vulnerable Software and Affected Versions FUXA version 1.2.7 Description The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to forge valid admin tokens and bypass authentication, potentially gaining full administrative access. The...
CVE-2025-69971
FUXA v1.2.7 contains a hard-coded secret in server/api/jwt-helper.js used to sign and verify JWTs, enabling remote attackers to forge admin tokens and bypass authentication to gain full administrative access. This is documented by multiple sources (NVD entry and the Nuclei template) and indicates...
CVE-2025-69971
FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to forge valid admin tokens and bypass authentication to gain full administrative access...
PT-2026-6348
FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to forge valid admin tokens and bypass authentication to gain full administrative access...
Vulnerabilities fixed in SolarWinds Web Help Desk
SolarWinds has fixed vulnerabilities in SolarWinds Web Help Desk. The vulnerabilities include the ability for unauthenticated attackers to gain access to limited functionality within the system, the use of hard-coded credentials that could grant unauthorized access to administrative functions, an...
CVE-2026-1610
A vulnerability was found in Tenda AX12 Pro V2 16.03.49.24cn. Affected by this issue is some unknown functionality of the component Telnet Service. Performing a manipulation results in hard-coded credentials. The attack is possible to be carried out remotely. A high degree of complexity is needed...
Delta Electronics DIAView Hard-coded JWT Secret Key (CVE-2025-62581)
Binary data deltaelectronicsdiaviewcve-2025-62581.nbin...
CVE-2026-1610
A vulnerability was found in Tenda AX12 Pro V2 16.03.49.24cn. Affected by this issue is some unknown functionality of the component Telnet Service. Performing a manipulation results in hard-coded credentials. The attack is possible to be carried out remotely. A high degree of complexity is needed...
CVE-2026-1610
A vulnerability was found in Tenda AX12 Pro V2 16.03.49.24cn. Affected by this issue is some unknown functionality of the component Telnet Service. Performing a manipulation results in hard-coded credentials. The attack is possible to be carried out remotely. A high degree of complexity is needed...
CVE-2026-1610 Tenda AX12 Pro V2 Telnet Service hard-coded credentials
A vulnerability was found in Tenda AX12 Pro V2 16.03.49.24cn. Affected by this issue is some unknown functionality of the component Telnet Service. Performing a manipulation results in hard-coded credentials. The attack is possible to be carried out remotely. A high degree of complexity is needed...
CVE-2026-1610
CVE-2026-1610 affects Tenda AX12 Pro V2 (firmware 16.03.49.24_cn). The Telnet Service contains a vulnerability that allows remote manipulation leading to hard-coded credentials. Exploitation is described as remote, with high complexity, and the exploit has been publicly disclosed. No remediation ...
CVE-2026-1610
A vulnerability was found in Tenda AX12 Pro V2 16.03.49.24cn. Affected by this issue is some unknown functionality of the component Telnet Service. Performing a manipulation results in hard-coded credentials. The attack is possible to be carried out remotely. A high degree of complexity is needed...