EUVD-2022-50826

Malicious code in bioql PyPI...

CVE-2025-10609

CVE-2025-10609 describes a Use of Hard-coded Credentials in Logo Software Inc. TigerWings ERP. Affected versions are 01.01.00 through 3.02.99; the vulnerability enables reading of sensitive constants within the executable due to hard-coded credentials. Public documents indicate remediation by upg...

CVE-2025-10609 Hardcoded Credentials in Logo Software's TigerWings ERP

Use of Hard-coded Credentials vulnerability in Logo Software Inc. TigerWings ERP allows Read Sensitive Constants Within an Executable. This issue affects TigerWings ERP: from 01.01.00 before 3.03.00...

CVE-2025-10609 Hardcoded Credentials in Logo Software's TigerWings ERP

Use of Hard-coded Credentials vulnerability in Logo Software Inc. TigerWings ERP allows Read Sensitive Constants Within an Executable. This issue affects TigerWings ERP: from 01.01.00 before 3.03.00...

AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks

Trend™ Research’s analysis of Wondershare RepairIt reveals how the AI-driven app exposed sensitive user data due to unsecure cloud storage practices and hardcoded credentials, creating risks of model tampering and supply chain attacks...

CVE-2025-57601

AiKaan Cloud Controller uses a single hardcoded SSH private key and the username proxyuser for remote terminal access to all managed IoT/edge devices. When an administrator initiates "Open Remote Terminal" from the AiKaan dashboard, the controller sends this same static private key to the target...

WordPress plugin Estonian Shipping Methods for WooCommerce 信任管理问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plug...

CVE-2025-52159

Hardcoded credentials in default configuration of PPress 0.0.9...

CVE-2025-52159

Hardcoded credentials in default configuration of PPress 0.0.9...

CVE-2025-52159

Hardcoded credentials in default configuration of PPress 0.0.9...

CVE-2025-52159

Hardcoded credentials in default configuration of PPress 0.0.9...

CVE-2025-52159

CVE-2025-52159 affects PPress CMS (version 0.0.9; related note mentions 0.0.9-beta). The connected exploit documentation describes a chain leading to remote code execution via server-side template injection (SSTI) and highlights Broken/Incorrect Access Control enabling exploit progression. The ro...

CVE-2025-52159

Hardcoded credentials in default configuration of PPress 0.0.9...

PT-2025-38616

Name of the Vulnerable Software and Affected Versions PPress version 0.0.9 Description The default configuration of PPress contains hardcoded credentials. Recommendations Change the default credentials in PPress version 0.0.9...

CVE-2024-48842 Hardcoded passwords

Use of Hard-coded Credentials vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5 and newer versions...

gosec

This is a Go AST Abstract Syntax Tree scanner for identifying security vulnerabilities in Go code. The scanner is called "gosec" and is part of the GolangCI project. It can be installed using the command "go get github.com/golangci/gosec/cmd/gosec/...". The scanner can be configured to run a subs...

CVE-2025-56466

Hardcoded credentials in Dietly v1.25.0 for android allows attackers to gain sensitive information...

📄 Sitecore XP Post-Authentication Remote Code Execution

This Metasploit module exploits Sitecore XP with a path traversal that leads to remote code execution as well as a hardcoded credential vulnerability in the ServicesAPI account to gain a foothold. This module requires Metasploit: https://metasploit.com/download Current source:...

📄 Sitecore XP Post-Authentication File Upload

This Metasploit module exploits Sitecore XP with a file upload vulnerability in PowerShell extensions and a hardcoded credential vulnerability with the ServicesAPI account to gain a foothold. This module requires Metasploit: https://metasploit.com/download Current source:...

Sitecore XP CVE-2025-34510 Post-Authentication Remote Code Execution

This module exploits CVE-2025-34510, path traversal leading to remote code execution. The module exploits also CVE-2025-34509 - hardcoded credentials of ServicesAPI account - to gain foothold. Module Options msf use exploit/windows/http/sitecorexpcve202534510 msf exploitsitecorexpcve202534510 sho...