Lucene search
K

7600 matches found

CVE
CVE
added 2 hours ago5 views

CVE-2026-14969

The CVE-2026-14969 entry concerns 389-ds-base. The LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC, enabling a privileged attacker with filesystem access to detect plaintext equality across encrypted entries by ciphertext block comparison. ...

4.4CVSS5.9AI score
Exploits0References2
Cvelist
Cvelist
added 2 hours ago6 views

CVE-2026-14969 389-ds-base: 389-ds-base: static initialization vector in aes-cbc/3des-cbc attribute encryption

A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an attacker with privileged filesystem access to detect plaintext equality across encrypted entries by comparing ciphertext block...

4.4CVSS
Exploits0References2
EUVD
EUVD
added 2 hours ago5 views

EUVD-2026-42052

A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an attacker with privileged filesystem access to detect plaintext equality across encrypted entries by comparing ciphertext block...

4.4CVSS5.9AI score
Exploits0References2
Nuclei
Nuclei
added 14 hours ago60 views

Fujitsu IP Series - Hardcoded Credentials

Fujitsu Real-time Video Transmission Gear “IP series” use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. The credentials cannot be changed by the end-user and provide administrative...

7.5CVSS6.8AI score0.0299EPSS
Exploits0References5
Nuclei
Nuclei
added 14 hours ago53 views

Sony IPELA Engine IP Camera - Hardcoded Account

Multiple SONY network cameras are vulnerable to sensitive information disclosure via hardcoded credentials. id: CVE-2016-7834 info: name: Sony IPELA Engine IP Camera - Hardcoded Account author: af001 severity: high description: | Multiple SONY network cameras are vulnerable to sensitive informati...

8.8CVSS7.2AI score0.03901EPSS
Exploits0References5
Nuclei
Nuclei
added 14 hours ago22 views

Four-Faith F3x36 - Authentication Bypass

Four-Faith F3x36 router with firmware v2.0.0 contains an authentication bypass caused by hard-coded credentials in the administrative web server, letting attackers with knowledge of credentials gain administrative access via crafted HTTP requests. id: CVE-2024-9643 info: name: Four-Faith F3x36 -...

9.8CVSS7.2AI score0.0293EPSS
Exploits0References2
Nuclei
Nuclei
added 14 hours ago56 views

WAVLINK WN530HG4 - Improper Access Control

WAVLINK WN530HG4 M30HG4.V5030.191116 is susceptible to improper access control. It contains a hardcoded encryption/decryption key for its configuration files at /etcro/lighttpd/www/cgi-bin/ExportAllSettings.sh. An attacker can possibly obtain sensitive information, modify data, and/or execute...

9.8CVSS7.2AI score0.02415EPSS
Exploits1References4
Nuclei
Nuclei
added 14 hours ago34 views

Dragonfly2 < 2.1.0-beta.1 - Hardcoded JWT Secret

Dragonfly is an open source P2P-based file distribution and image acceleration system. It is hosted by the Cloud Native Computing Foundation CNCF as an Incubating Level Project. Dragonfly uses JWT to verify user. However, the secret key for JWT, "Secret Key", is hard coded, which leads to...

9.8CVSS5.8AI score0.33618EPSS
Exploits1References4
Nuclei
Nuclei
added 14 hours ago12 views

FUXA <= 1.2.7 - Hardcoded JWT Secret Authentication Bypass

FUXA v1.2.7 contains a hardcoded credentials vulnerability caused by use of a hard-coded secret key in server/api/jwt-helper.js, letting remote attackers forge admin tokens and bypass authentication, exploit requires no special conditions. id: CVE-2025-69971 info: name: FUXA = 1.2.7 - Hardcoded J...

9.8CVSS6AI score0.02036EPSS
Exploits0References3
OSV
OSV
added yesterday2 views

MAL-2026-6795 Malicious code in zod-pino444 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 560c3d47344d4da5dffac230236b5248d2f1856c221ffac7ff72d4e3b197957b Package [email protected] is a credential/secret harvester disguised behind a benign-sounding name. scripts/postinstall-agent.mjs is a...

6AI score
Exploits0References4
Nuclei
Nuclei
added yesterday99 views

Milesight Routers - Information Disclosure

A critical security vulnerability has been identified in Milesight Industrial Cellular Routers, compromising the security of sensitive credentials and permitting unauthorized access. This vulnerability stems from a misconfiguration that results in directory listing being enabled on the router...

7.5CVSS7.2AI score0.60176EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday12 views

Sitecore Experience Manager (XM) and Experience Platform (XP) - Hardcoded Credentials

Sitecore Experience Manager XM and Experience Platform XP versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access...

7.5CVSS7.4AI score0.38428EPSS
Exploits6References3
Nuclei
Nuclei
added 2 days ago12 views

NetMRI < 7.6.1 - Authentication Bypass via Hardcoded Credentials

An issue was discovered in Infoblox NETMRI before 7.6.1. Authentication Bypass via a Hardcoded credential can occur. id: CVE-2025-32815 info: name: NetMRI 7.6.1 - Authentication Bypass via Hardcoded Credentials author: iamnoooob,pdresearch severity: medium description: | An issue was discovered i...

6.5CVSS6.6AI score0.34188EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago7 views

Malicious code in vps-maintenance (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 110b8556d612185c2c6ea84731898d4f23f04658556e1ff22852f953b956e43a The package.json postinstall script executes a Node one-liner that opens a TCP connection to the hardcoded IP 185.112.147.174 on port 7007 and spawns...

6.7AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago9 views

Malicious code in vps-maintenance-paperclip-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0de46c3e339f828f4c86612ee8bf74a29edc636511e2eaa765d8a75699849da3 package.json declares a postinstall lifecycle script that runs an inline node -e payload opening a TCP socket to 185.112.147.174:7007 and piping it...

6.1AI score
Exploits0References2
Nuclei
Nuclei
added 3 days ago51 views

D-Tale 3.10.0 - 3.15.1 - Authentication Bypass & Remote Code Execution

man-group/dtale 3.10.0 contains an authentication bypass and remote code execution caused by improper input validation and a hardcoded SECRETKEY in Flask configuration, letting attackers forge session cookies and execute arbitrary code, exploit requires attacker to access the application. id:...

9.8CVSS8AI score0.77951EPSS
Exploits5References2
Nuclei
Nuclei
added 3 days ago11 views

EyesOfNetwork - Hardcoded API Key & SQL Injection

An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/apifunctions.php. id: CVE-2020-8656 info: name:...

9.8CVSS7.1AI score0.846EPSS
Exploits8References3
Nuclei
Nuclei
added 3 days ago51 views

Atlassian Questions For Confluence - Hardcoded Credentials

Atlassian Questions For Confluence contains a hardcoded credentials vulnerability. When installing versions 2.7.34, 2.7.35, and 3.0.2, a Confluence user account is created in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attack...

9.8CVSS7.4AI score0.9817EPSS
Exploits1References5
Nuclei
Nuclei
added 3 days ago117 views

Viessmann Vitogate 300 - Hardcoded Password

A critical vulnerability in Viessmann Vitogate 300 up to 2.1.3.0 allows attackers to authenticate using hardcoded credentials in the Web Management Interface. id: CVE-2023-5222 info: name: Viessmann Vitogate 300 - Hardcoded Password author: ritikchaddha severity: critical description: | A critica...

9.8CVSS6.7AI score0.74697EPSS
Exploits4References3
CVE
CVE
added 5 days ago18 views

CVE-2026-13728

WatchGuard Fireware OS on a FireCluster is affected by CVE-2026-13728. Affected versions include Fireware OS 12.1 through 12.12, and 2025.1 through 2026.2. In exception circumstances, an embedded encryption key is used to encrypt saved credentials for Access Portal resources, which constitutes th...

5.9CVSS5.7AI score0.00162EPSS
Exploits0References1
Rows per page
Query Builder