Lucene search
K

1190 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/28 3:32 p.m.12 views

CVE-2026-24444

SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9B9 contain a hardcoded password vulnerability in the web management interface recovery endpoints mgmt.php, npcmd.php that allows unauthenticated attackers to gain root access by submitting the hardcoded credential to the...

9.8CVSS5.8AI score0.00535EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/28 3:32 p.m.22 views

CVE-2026-24444

CVE-2026-24444 concerns SDMC NE6037 cable modem routers with firmware 7.1.6.0.25 and 7.1.6.1.9_B9. A hardcoded password in the web management interface recovery endpoints (mgmt.php, npcmd.php) allows unauthenticated users to submit the credential via HTTP and gain root access. This enables enabli...

9.8CVSS5.8AI score0.00535EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.13 views

PT-2026-44402

SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9 B9 contain a hardcoded password vulnerability in the web management interface recovery endpoints mgmt.php, npcmd.php that allows unauthenticated attackers to gain root access by submitting the hardcoded credential to the...

9.8CVSS5.8AI score0.00535EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/04/07 6:37 a.m.6 views

WordPress Text to Speech (TTS) by Mementor plugin <= 1.9.8 - Use of Hardcoded Password to Unauthenticated Remote Database Access vulnerability

Use of Hardcoded Password to Unauthenticated Remote Database Access vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin Text to Speech – TTSWP versions = 1.9.8...

7.5CVSS5.9AI score0.00335EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/31 4:59 a.m.6 views

CVE-2025-7741

Hardcoded Password Vulnerability have been found in CENTUM. Affected products contain a hardcoded password for the user account PROG used for CENTUM Authentication Mode within the system. Under the following conditions, there is a risk that an attacker could log in as the PROG user. The default...

2.1CVSS5.8AI score0.00165EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/30 12:31 a.m.10 views

EUVD-2025-209116

Hardcoded Password Vulnerability have been found in CENTUM. Affected products contain a hardcoded password for the user account PROG used for CENTUM Authentication Mode within the system. Under the following conditions, there is a risk that an attacker could log in as the PROG user. The default...

2.1CVSS5.8AI score0.00165EPSS
Exploits0References2
NVD
NVD
added 2026/03/30 12:16 a.m.8 views

CVE-2025-7741

Hardcoded Password Vulnerability have been found in CENTUM. Affected products contain a hardcoded password for the user account PROG used for CENTUM Authentication Mode within the system. Under the following conditions, there is a risk that an attacker could log in as the PROG user. The default...

2.1CVSS0.00165EPSS
Exploits0References1
CVE
CVE
added 2026/03/30 12:1 a.m.24 views

CVE-2025-7741

The CVE-2025-7741 entry concerns a hardcoded password issue in CENTUM VP systems. A hardcoded PROG user password (CENTUM Authentication Mode) exists in CENTUM VP releases R5.01.00–R5.04.20, R6.01.00–R6.12.00, and R7.01.00. Exploitation requires local access: an attacker must obtain the hardcoded ...

2.1CVSS5.8AI score0.00165EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/30 12:1 a.m.6 views

CVE-2025-7741

Hardcoded Password Vulnerability have been found in CENTUM. Affected products contain a hardcoded password for the user account PROG used for CENTUM Authentication Mode within the system. Under the following conditions, there is a risk that an attacker could log in as the PROG user. The default...

2.1CVSS5.8AI score0.00165EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/30 12:1 a.m.2 views

CVE-2025-7741

Hardcoded Password Vulnerability have been found in CENTUM. Affected products contain a hardcoded password for the user account PROG used for CENTUM Authentication Mode within the system. Under the following conditions, there is a risk that an attacker could log in as the PROG user. The default...

2.1CVSS5.8AI score0.00165EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.14 views

PT-2026-28306

Name of the Vulnerable Software and Affected Versions CENTUM versions R5.01.00 through R5.04.20 CENTUM versions R6.01.00 through R6.12.00 CENTUM version R7.01.00 Description The affected software contains a hardcoded password for the PROG user account, used for CENTUM Authentication Mode. An...

2.1CVSS6AI score0.00165EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.3 views

CVE-2026-28674

xiaoheiFS is a self-hosted financial and operational system for cloud service businesses. In versions up to and including 0.3.15, the AdminPaymentPluginUpload endpoint lets admins upload any file to plugins/payment/. It only checks a hardcoded password qweasd123456 and ignores file content. A...

7.2CVSS5.8AI score0.00341EPSS
Exploits1References1
NVD
NVD
added 2026/03/18 1:16 a.m.7 views

CVE-2026-28674

xiaoheiFS is a self-hosted financial and operational system for cloud service businesses. In versions up to and including 0.3.15, the AdminPaymentPluginUpload endpoint lets admins upload any file to plugins/payment/. It only checks a hardcoded password qweasd123456 and ignores file content. A...

7.2CVSS0.00341EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/18 12:48 a.m.4 views

EUVD-2026-12702

xiaoheiFS is a self-hosted financial and operational system for cloud service businesses. In versions up to and including 0.3.15, the AdminPaymentPluginUpload endpoint lets admins upload any file to plugins/payment/. It only checks a hardcoded password qweasd123456 and ignores file content. A...

7.2CVSS5.7AI score0.00341EPSS
Exploits1References1
CVE
CVE
added 2026/03/18 12:48 a.m.19 views

CVE-2026-28674

Product/Context: xiaoheiFS (self-hosted financial/operational system). Vulnerability: In versions ≤ 0.3.15, the AdminPaymentPluginUpload endpoint allows admins to upload any file to plugins/payment/ with only a hardcoded password (qweasd123456) and disregards file content. A background watcher (S...

7.2CVSS5.7AI score0.00341EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/03/18 12:48 a.m.32 views

CVE-2026-28674 xiaoheiFS Vulnerable to RCE via Arbitrary Payment Plugin Upload (Automatic Execution)

xiaoheiFS is a self-hosted financial and operational system for cloud service businesses. In versions up to and including 0.3.15, the AdminPaymentPluginUpload endpoint lets admins upload any file to plugins/payment/. It only checks a hardcoded password qweasd123456 and ignores file content. A...

7.2CVSS0.00341EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.8 views

PT-2026-25971

xiaoheiFS is a self-hosted financial and operational system for cloud service businesses. In versions up to and including 0.3.15, the AdminPaymentPluginUpload endpoint lets admins upload any file to plugins/payment/. It only checks a hardcoded password qweasd123456 and ignores file content. A...

7.2CVSS5.7AI score0.00341EPSS
Exploits1References4
NVD
NVD
added 2026/03/16 2:17 p.m.4 views

CVE-2016-20031

ZKTeco ZKBioSecurity 3.0 contains a local authorization bypass vulnerability in visLogin.jsp that allows attackers to authenticate without valid credentials by spoofing localhost requests. Attackers can exploit the EnvironmentUtil.getClientIp method which treats IPv6 loopback address...

6.8CVSS0.00149EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/03/15 1:35 p.m.2 views

CVE-2016-20031

ZKTeco ZKBioSecurity 3.0 contains a local authorization bypass vulnerability in visLogin.jsp that allows attackers to authenticate without valid credentials by spoofing localhost requests. Attackers can exploit the EnvironmentUtil.getClientIp method which treats IPv6 loopback address...

5.8AI score0.00149EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/15 1:35 p.m.5 views

CVE-2016-20031 ZKTeco ZKBioSecurity 3.0 Local Authorization Bypass via visLogin.jsp

ZKTeco ZKBioSecurity 3.0 contains a local authorization bypass vulnerability in visLogin.jsp that allows attackers to authenticate without valid credentials by spoofing localhost requests. Attackers can exploit the EnvironmentUtil.getClientIp method which treats IPv6 loopback address...

6.8CVSS5.8AI score0.00149EPSS
Exploits1References6
Rows per page
Query Builder