3000 matches found
Four-Faith F3x36 - Authentication Bypass
Four-Faith F3x36 router with firmware v2.0.0 contains an authentication bypass caused by hard-coded credentials in the administrative web server, letting attackers with knowledge of credentials gain administrative access via crafted HTTP requests. id: CVE-2024-9643 info: name: Four-Faith F3x36 -...
FUXA <= 1.2.7 - Hardcoded JWT Secret Authentication Bypass
FUXA v1.2.7 contains a hardcoded credentials vulnerability caused by use of a hard-coded secret key in server/api/jwt-helper.js, letting remote attackers forge admin tokens and bypass authentication, exploit requires no special conditions. id: CVE-2025-69971 info: name: FUXA = 1.2.7 - Hardcoded J...
Sitecore Experience Manager (XM) and Experience Platform (XP) - Hardcoded Credentials
Sitecore Experience Manager XM and Experience Platform XP versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access...
Fujitsu IP Series - Hardcoded Credentials
Fujitsu Real-time Video Transmission Gear “IP series” use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. The credentials cannot be changed by the end-user and provide administrative...
CVE-2026-36616
Mercusys AC12G EU V1 with firmware AC12GEUV1200909 contains hardcoded WiFi driver credentials including a RADIUS shared secret, WPS test key, and default PSK embedded in the production firmware binary...
Exploit for CVE-2026-35904
T3 Technology CPE — Security Advisories Multiple critical vul...
NetMRI < 7.6.1 - Authentication Bypass via Hardcoded Credentials
An issue was discovered in Infoblox NETMRI before 7.6.1. Authentication Bypass via a Hardcoded credential can occur. id: CVE-2025-32815 info: name: NetMRI 7.6.1 - Authentication Bypass via Hardcoded Credentials author: iamnoooob,pdresearch severity: medium description: | An issue was discovered i...
CVE-2026-36616
Mercusys AC12G EU V1 with firmware AC12GEUV1200909 contains hardcoded WiFi driver credentials including a RADIUS shared secret, WPS test key, and default PSK embedded in the production firmware binary...
EUVD-2026-34154
Mercusys AC12G EU V1 with firmware AC12GEUV1200909 contains hardcoded WiFi driver credentials including a RADIUS shared secret, WPS test key, and default PSK embedded in the production firmware binary...
multi-layered-security-assessment
Advanced Network Attack and Defense: Multi-Layered Assessment...
Linux Distros Unpatched Vulnerability : CVE-2026-44825
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Hardcoded credentials in the Basic Authentication setup tool bin/solr auth enable in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attack...
CVE-2026-44825
Hardcoded credentials in the Basic Authentication setup tool bin/solr auth enable in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attacker to gain full administrative access to the cluster via publicly known default credentials installed silently alongside the user-specifi...
CVE-2026-44825
Summary (CVE-2026-44825) : Apache Solr’s Basic Authentication bootstrap tool (bin/solr auth enable) contains hardcoded credentials, enabling remote attackers to gain full administrative access for Solr clusters running versions 9.4.0–9.10.1 and 10.0.0. The root cause is the inclusion of default c...
EUVD-2026-33602
Hardcoded credentials in the Basic Authentication setup tool bin/solr auth enable in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attacker to gain full administrative access to the cluster via publicly known default credentials installed silently alongside the user-specifi...
CVE-2026-44825 Apache Solr: Enabling BasicAuth using bin/solr CLI configures additional insecure users
Hardcoded credentials in the Basic Authentication setup tool bin/solr auth enable in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attacker to gain full administrative access to the cluster via publicly known default credentials installed silently alongside the user-specifi...
CVE-2026-44825
Hardcoded credentials in the Basic Authentication setup tool bin/solr auth enable in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attacker to gain full administrative access to the cluster via publicly known default credentials installed silently alongside the user-specifi...
CVE-2026-44825
Hardcoded credentials in the Basic Authentication setup tool bin/solr auth enable in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attacker to gain full administrative access to the cluster via publicly known default credentials installed silently alongside the user-specifi...
Apache Solr security vulnerabilities
Apache Solr is a search server based on Lucene, developed by the Apache Foundation in the United States. This product supports faceted searching, vertical searching, and highlighting search results. Vulnerabilities exist in Apache Solr versions 9.4.0 through 9.10.1, as well as 10.0.0, due to...
KAMSOFT KS-SOMED Trust Management Vulnerabilities
KAMSOFT KS-SOMED is a comprehensive healthcare management system developed by the Polish company KAMSOFT. KAMSOFT KS-SOMED has a vulnerability related to trust management. This vulnerability stems from the use of hardcoded credentials, which may allow unauthorized attackers to access the FTP serv...
Danelec Marine Danelec MacGregor Voyage Data Recorder 信任管理问题漏洞
The Danelec Marine Danelec MacGregor Voyage Data Recorder is a series of ship navigation data recording systems developed by Danelec Marine. The Danelec Marine Danelec MacGregor Voyage Data Recorder has a vulnerability related to trust management, which stems from the default account that include...