Sitecore XM/XP/XC Hardcoded Credentials

Sitecore XM, XP and XC version 9.x = 9.3 or version 10.x 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access administrative API over HTTP. No source data...

CVE-2025-45784

D-Link DPH-400S/SE VoIP Phone v1.01 contains hardcoded provisioning variables, including PROVISUSERPASSWORD, which may expose sensitive user credentials. An attacker with access to the firmware image can extract these credentials using static analysis tools such as strings or xxd, potentially...

VulnCheck KEV: CVE-2025-34034

A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege...

CVE-2025-45784

D-Link DPH-400S/SE VoIP Phone v1.01 contains hardcoded provisioning variables, including PROVISUSERPASSWORD, which may expose sensitive user credentials. An attacker with access to the firmware image can extract these credentials using static analysis tools such as strings or xxd, potentially...

CVE-2025-45784

CVE-2025-45784 affects the D-Link DPH-400S/SE VoIP Phone (v1.01). The issue is due to hardcoded provisioning variables in the firmware binary (notably PROVIS_USER_PASSWORD), resulting from insecure storage of sensitive information. An attacker who can access the firmware image could extract crede...

CVE-2025-34509 Sitecore XM and XP Hardcoded Credentials

Sitecore Experience Manager XM and Experience Platform XP versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access...

CVE-2025-34509 Sitecore XM and XP Hardcoded Credentials

Sitecore Experience Manager XM and Experience Platform XP versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access...

CVE-2025-28388

OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account...

CVE-2025-28388

OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account...

CVE-2025-28388

OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account...

CVE-2025-28388

OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account...

CVE-2025-28388

OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account...

CVE-2025-28388

CVE-2025-28388 affects OpenC3 COSMOS prior to v6.0.2, where hardcoded credentials for the Service Account are disclosed. The vulnerability enables potential unauthorized access with high impact as indicated by the CVSS metrics (CRITICAL, 9.8; network attack; no privileges required; user interacti...

PT-2025-25416 · Openc3 · Openc3 Cosmos

Name of the Vulnerable Software and Affected Versions: OpenC3 COSMOS version 6.0.0 Description: The issue is related to hardcoded credentials for the Service Account. Recommendations: For OpenC3 COSMOS version 6.0.0, consider changing the hardcoded credentials for the Service Account to unique,...

Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hard-Coded Credentials

Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks. "Several widely used extensions ... unintentionally transmit sensitive data over simple...

AUO DIR-605L and AUO DIR-816L Hardcoded Vulnerabilities

AUO DIR-605L is the first cloud router, mainly for home and small office network environments. AUO DIR-816L is a dual-band wireless router that supports 2.4GHz and 5GHz bands , and is compliant with network standards such as IEEE 802.11ac and IEEE 802.11n, with a maximum transmission rate of...

Fire detection system been pwned? You’re not going to sea

TL;DR Hardcoded SSH and VNC credentials found on Consilium Salwico CS5000 panels SSH access allows OS-level interaction, and VNC access gives UI control It may be possible to disable the fire detection system Attempts to disclose vulnerability to Consilium multiple times since 2022 Consilium...

CVE-2025-46176

Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B01 and DIR-816L v2.06B01 allow attackers to remotely execute arbitrary commands via firmware analysis...

CVE-2025-46176

Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B01 and DIR-816L v2.06B01 allow attackers to remotely execute arbitrary commands via firmware analysis...

CVE-2024-34539

Hardcoded credentials in TerraMaster TOS firmware through 5.1 allow a remote attacker to successfully login to the mail or webmail server. These credentials can also be used to login to the administration panel and to perform privileged actions...