CVE-2025-45466

Unitree Go1 = Go120220511 is vulnerale to Incorrect Access Control due to authentication credentials being hardcoded in plaintext...

CVE-2025-31953

HCL iAutomate includes hardcoded credentials which may result in potential exposure of confidential data if intercepted or accessed by unauthorized parties...

CVE-2025-45466

Unitree Go1 = Go120220511 is vulnerale to Incorrect Access Control due to authentication credentials being hardcoded in plaintext...

PT-2025-30848 · Unitree · Unitree Go 1

Name of the Vulnerable Software and Affected Versions: Unitree Go1 versions through Go1 2022 05 11 Description: The Unitree Go1 is susceptible to an incorrect access control issue. This is due to authentication credentials being hardcoded in plaintext. Recommendations: Unitree Go1 versions throug...

CVE-2025-45466

CVE-2025-45466 affects Unitree Go1 (and Go1_2022_05_11 and older) due to hardcoded plaintext credentials causing an Improper Access Control vulnerability. The issue enables network-based access with no user interaction, requiring low privileges and low attack complexity; the impact is high confid...

CVE-2025-54137

HAX CMS NodeJS allows users to manage their microsite universe with a NodeJS backend. Versions 11.0.9 and below were distributed with hardcoded default credentials for the user and superuser accounts. Additionally, the application has default private keys for JWTs. Users aren't prompted to change...

CVE-2025-31953

HCL iAutomate includes hardcoded credentials which may result in potential exposure of confidential data if intercepted or accessed by unauthorized parties...

CVE-2025-31953

HCL iAutomate includes hardcoded credentials which may result in potential exposure of confidential data if intercepted or accessed by unauthorized parties...

CVE-2025-31953

HCL iAutomate is affected by a vulnerability due to hardcoded credentials that could lead to confidential data exposure. Affected component: HCL iAutomate (no specific versions provided in the documents). Root cause: hardcoded credentials enabling potential unauthorized access. Impact: confidenti...

CVE-2025-31953 HCL iAutomate is affected by hardcoded credentials

HCL iAutomate includes hardcoded credentials which may result in potential exposure of confidential data if intercepted or accessed by unauthorized parties...

CVE-2025-31953 HCL iAutomate is affected by hardcoded credentials

HCL iAutomate includes hardcoded credentials which may result in potential exposure of confidential data if intercepted or accessed by unauthorized parties...

PT-2025-30698 · Hcl · Hcl Iautomate

Name of the Vulnerable Software and Affected Versions: HCL iAutomate affected versions not specified Description: HCL iAutomate includes hardcoded credentials, which could lead to the exposure of confidential data if intercepted or accessed by unauthorized parties. Recommendations: At the moment,...

CVE-2025-54137

HAX CMS NodeJS allows users to manage their microsite universe with a NodeJS backend. Versions 11.0.9 and below were distributed with hardcoded default credentials for the user and superuser accounts. Additionally, the application has default private keys for JWTs. Users aren't prompted to change...

HAXcms with nodejs backend 安全漏洞

HAXcms with nodejs backend is an open source backend management system from HAX The Web. A security vulnerability exists in HAXcms with nodejs backend version 11.0.9 and earlier, which stems from hardcoding default credentials and JWT private keys, which could lead to unauthorized access...

NodeJS version of the HAX CMS application is distributed with Default Secrets

Summary The NodeJS version of the HAX CMS application is distributed with hardcoded default credentials for the user and superuser accounts. Additionally, the application has default private keys for JWTs. Users aren't prompted to change credentials or secrets during installation, and there is no...

CVE-2025-4130 Hardcoded Credentials in PAVO Inc.'s PAVO Pay

Use of Hard-coded Credentials vulnerability in PAVO Inc. PAVO Pay allows Read Sensitive Constants Within an Executable. This issue affects PAVO Pay: before 13.05.2025...

CVE-2025-4130

CVE-2025-4130 affects PAVO Pay prior to 13.05.2025. The issue is a hard-coded credentials flaw that enables reading of sensitive constants within an executable. Affected product: PAVO Pay (mobile payment management), with exposure described as reading sensitive constants due to embedded credentia...

CVE-2025-4130 Hardcoded Credentials in PAVO Inc.'s PAVO Pay

Use of Hard-coded Credentials vulnerability in PAVO Inc. PAVO Pay allows Read Sensitive Constants Within an Executable. This issue affects PAVO Pay: before 13.05.2025...

PT-2025-30359 · Unknown · Haxcms-Nodejs

Name of the Vulnerable Software and Affected Versions: HAX CMS NodeJS versions 11.0.9 and below Description: HAX CMS NodeJS is distributed with hardcoded default credentials for user and superuser accounts and default private keys for JWTs. Users are not prompted to change these credentials or...

CVE-2025-6982 Hardcoded DES Decryption Keys in TP-Link Archer C50 V3/V4/V5 and C20 V5

Use of Hard-coded Credentials in TP-Link Archer C50 V3 = 180703/V4 = 250117 /V5 = 200407 , and C20 V5 USV5260419 or EUV5260317 allows attackers to decrypt the config.xml files...