CVE-2026-32834 Easy PayPal Events & Tickets < 1.4 Authentication Bypass via QR Code Scanning

Easy PayPal Events & Tickets plugin for WordPress before version 1.4 contains a hardcoded authentication bypass vulnerability in the QR code scanning functionality that allows unauthenticated remote attackers to bypass hash verification by supplying 'test' as the hash parameter. Attackers can...

CVE-2025-68926 RustFS has a gRPC Hardcoded Token Authentication Bypass

RustFS is a distributed object storage system built in Rust. In versions prior to 1.0.0-alpha.78, RustFS implements gRPC authentication using a hardcoded static token "rustfs rpc" that is publicly exposed in the source code repository, hardcoded on both client and server sides, non-configurable...

CVE-2025-11781

Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected firmware contains a hardcoded static authentication key. An attacker with local access to the device can extract this key e.g., by analysing the firmware image or memory dump and create valid firmware updat...

PT-2025-29880 · Unknown · Netis Routers +1

Name of the Vulnerable Software and Affected Versions: Netcore and Netis routers affected versions not specified Description: A remote code execution issue exists due to an undocumented backdoor listener on UDP port 53413. An unauthenticated remote attacker can send specially crafted UDP packets ...

Schneider Electric Modicon M340 PLC Station P34模块Web Servers安全漏洞

漏洞详情：Schneider Electric Modicon M340 PLC Station P34 module是法国施耐德电气（Schneider Electric）公司的一款可编程控制器。Schneider Electric Modicon M340 PLC Station P34模块中存在安全漏洞。远程攻击者可利用该漏洞获取敏感信息，在Web服务器进程上下文中执行任意代码，绕过身份验证机制，获取受影响设备的访问权限。漏洞类型远程利用影响硬编码身份认证是远程代码执行本地文件包含否目录遍历/文件篡改远程代码包含是远程代码执行/拒绝服务攻击跨站脚本攻击是获取敏感信息影响设备版本：...