7950 matches found
CVE-2026-21404
NAVTOR NavBox (versions up to 4.16.1.20) contains hard-coded credentials in its Windows Communication Foundation (SOAP) implementation. When SOAP is enabled, a local attacker can extract credentials and bypass the intended transfer workflow. Successful authentication to the SOAP interface grants ...
CVE-2026-21404 NAVTOR NavBox Use of Hard-coded Credentials
NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation SOAP implementation. If the SOAP functionality is enabled, a local attacker can extract credentials to bypass the intended transfer workflow. Successful authentication against the...
EUVD-2026-34321
NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation SOAP implementation. If the SOAP functionality is enabled, a local attacker can extract credentials to bypass the intended transfer workflow. Successful authentication against the...
CVE-2026-21404 NAVTOR NavBox Use of Hard-coded Credentials
NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation SOAP implementation. If the SOAP functionality is enabled, a local attacker can extract credentials to bypass the intended transfer workflow. Successful authentication against the...
CVE-2026-21404
NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation SOAP implementation. If the SOAP functionality is enabled, a local attacker can extract credentials to bypass the intended transfer workflow. Successful authentication against the...
CVE-2026-50208
High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle MITM actor could decrypt network traffic...
CVE-2026-50208 Permissive TrustAllCerts TLS Verification
High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle MITM actor could decrypt network traffic...
EUVD-2026-34220
High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle MITM actor could decrypt network traffic...
CVE-2026-49204
Technical details about CVE-2026-49204 are not publicly available in the provided documents; monitor for updates.
CVE-2026-49204 Hard-coded AWS Cognito Testing Accounts
Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation...
CVE-2026-49204 Hard-coded AWS Cognito Testing Accounts
Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation...
CVE-2026-49187
The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...
CVE-2026-49191 Exposed Hard-coded M3WebServer Backend API Key
The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages...
CVE-2026-49191 Exposed Hard-coded M3WebServer Backend API Key
The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages...
CVE-2026-49191
The CVE-2026-49191 entry concerns the production build of the M3WebServer where backend API keys are hard-coded and can be intercepted via verbose error handling pages. According to the provided data, this results in a high-impact exposure affecting confidentiality, integrity, and availability (C...
CVE-2026-49187 Hard-coded APK Resource Credentials & Scepters
The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...
CVE-2026-49187 Hard-coded APK Resource Credentials & Scepters
The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...
CVE-2026-49187
The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...
EUVD-2026-34204
The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...
CVE-2026-49187
CVE-2026-49187 concerns hard-coded APK resource files that never expire and a shared scepter that can lead to information leaks and potential misuse. According to the entry, exploitation is network-based with low attack complexity and no privileges required, causing high confidentiality impact (t...