22 matches found
MAL-2026-4594 Malicious code in koishi-plugin-fusheng-car (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 35bbb2f7cdae32f1a5012363b81298fd339c96b83718db535d77c0bdc0f936ec lib/index.js contains a hardcoded base64-encoded QQ user ID 'Mjc1OTcyMDE2MQ==' decoding to '2759720161' checked inside the plugin's permission gate...
CVE-2021-27160
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / 888888 credentials for an ISP...
EUVD-2021-9780
Malicious code in bioql PyPI...
EUVD-2025-18524
Malicious code in bioql PyPI...
CVE-2025-34509
Sitecore Experience Manager XM and Experience Platform XP versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access...
CVE-2025-34509
Sitecore Experience Manager XM and Experience Platform XP versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access...
CVE-2025-34509
Sitecore XM/XP affected: Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974 PRE, all 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE; root cause is a hardcoded user account that allows unauthenticated, remote access to the ad...
CVE-2014-5396
The web interface in Schrack Technik microControl with firmware before 1.7.0 937 has a hardcoded password of not for the "user" account, which makes it easier for remote attackers to obtain access via unspecified vectors...
CVE-2021-22644
Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key...
CVE-2024-45275
The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices...
CVE-2024-45275
CVE-2024-45275 concerns a trust-management vulnerability in Helmholz Rex100 wireless routers where two hard-coded user accounts with fixed passwords enable an unauthenticated remote attacker to gain full control of the device. Public sources in the provided connected documents specify affected de...
CVE-2024-45275 MB connect line/Helmholz: Hardcoded user accounts with hard-coded passwords
The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices...
Novell ZENworks Asset Management 7.5 Remote File Access
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Novell ZENworks Asset Management 7.5 Remote File Access', 'Description' = %q This module exploits a hardcoded user and password for the GetFile...
PT-2023-3271 · NetGear · Netgear Rax30
Name of the Vulnerable Software and Affected Versions: NETGEAR RAX30 affected versions not specified Description: This issue allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR RAX30 routers. The specific flaw exists within the system configuration, whe...
CVE-2021-22644
Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key...
CVE-2021-22644
Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key...
PT-2022-9259 · Ovarro · Ovarro Tbox Twinsoft
Name of the Vulnerable Software and Affected Versions: Ovarro TBox TWinSoft affected versions not specified Description: The issue concerns the use of a custom hardcoded user TWinSoft with a hardcoded key in Ovarro TBox TWinSoft. Recommendations: At the moment, there is no information about a new...
Vulnerability fixed in Confluence
A vulnerability has been fixed in Questions for Confluence, a plug-in for Confluence. An unauthenticated outside malicious person could exploit the exploit the vulnerability to see all pages of information that are visible to users within the Confluence Users user group. This is because of the us...
Ovarro TWinSoft 信任管理问题漏洞
Ovarro TWinSoft is an application platform from Ovarro Germany. One that can be used anytime, anywhere to access web features using its mobile devices and PCs. A security vulnerability exists in Ovarro TWinSoft that stems from TWinSoft's use of a custom hardcoded user TWinSoft with a hardcoded ke...
Novell ZENworks Asset Management 7.5 Configuration Access
This module exploits a hardcoded user and password for the GetConfig maintenance task in Novell ZENworks Asset Management 7.5. The vulnerability exists in the Web Console and can be triggered by sending a specially crafted request to the rtrlet component, allowing a remote unauthenticated user to...