7548 matches found
Calero VeraSMART 信任管理问题漏洞
Calero VeraSMART is a telephone billing software developed by the American company Calero. Versions of Calero VeraSMART prior to 2026 R1 contained a trust management vulnerability. This vulnerability stemmed from the hardcoded static AES encryption key contained in the Veramark.Framework.dll, whi...
📄 Patients Waiting Area Queue Management System 1.0 SQL Injection
Patients Waiting Area Queue Management System version 1.0 is vulnerable to SQL injection due to improper sanitization on the appointmentID parameter. Authentication bypass and full database dump are possible. The application also appears to have a hardcoded JWT key, suffers from a username...
CVE-2019-25322
Heatmiser Netmonitor 3.03 contains a hardcoded credentials vulnerability in the networkSetup.htm page with predictable admin login credentials. Attackers can access the device by using the hard-coded username 'admin' and password 'admin' in the hidden form input fields...
CVE-2019-25322
Heatmiser Netmonitor 3.03 contains a hardcoded credentials vulnerability in the networkSetup.htm page with predictable admin login credentials. Attackers can access the device by using the hard-coded username 'admin' and password 'admin' in the hidden form input fields...
CVE-2019-25322 Heatmiser Netmonitor 3.03 - Hardcoded Credentials
Heatmiser Netmonitor 3.03 contains a hardcoded credentials vulnerability in the networkSetup.htm page with predictable admin login credentials. Attackers can access the device by using the hard-coded username 'admin' and password 'admin' in the hidden form input fields...
CVE-2019-25322
Heatmiser Netmonitor 3.03 contains a hardcoded admin/admin credential in the networkSetup.htm page, enabling authenticated access to the device without user interaction. Root cause: hardcoded credentials in the web interface; vulnerable component is the networkSetup.htm form input. Impact: high c...
CVE-2019-25322 Heatmiser Netmonitor 3.03 - Hardcoded Credentials
Heatmiser Netmonitor 3.03 contains a hardcoded credentials vulnerability in the networkSetup.htm page with predictable admin login credentials. Attackers can access the device by using the hard-coded username 'admin' and password 'admin' in the hidden form input fields...
Malicious code in b10connoisseur (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3b004210d186f2b625699f4d863f3ba95407f836eadfee0168be63f85124b5b7 During installation, package attempts to enumerate the environment and exfiltrates potentially sensitive data to a hardcoded location. --- Category: MALICIOUS ...
MAL-2026-870 Malicious code in b10connoisseur (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3b004210d186f2b625699f4d863f3ba95407f836eadfee0168be63f85124b5b7 During installation, package attempts to enumerate the environment and exfiltrates potentially sensitive data to a hardcoded location. --- Category: MALICIOUS ...
CVE-2025-14892
The Prime Listing Manager WordPress plugin through 1.1 allows an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions due to a hardcoded secret...
CVE-2025-14892
The Prime Listing Manager WordPress plugin through 1.1 allows an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions due to a hardcoded secret...
CVE-2025-14892 Prime Listing Manager <= 1.1 - Unauthenticated Privilege Escalation
The Prime Listing Manager WordPress plugin through 1.1 allows an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions due to a hardcoded secret...
CVE-2025-14892 Prime Listing Manager <= 1.1 - Unauthenticated Privilege Escalation
The Prime Listing Manager WordPress plugin through 1.1 allows an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions due to a hardcoded secret...
CVE-2025-14892
CVE-2025-14892 affects the WordPress plugin Prime Listing Manager (
PT-2026-7922
Heatmiser Netmonitor 3.03 contains a hardcoded credentials vulnerability in the networkSetup.htm page with predictable admin login credentials. Attackers can access the device by using the hard-coded username 'admin' and password 'admin' in the hidden form input fields...
PT-2026-7819
The Prime Listing Manager WordPress plugin through 1.1 allows an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions due to a hardcoded secret...
CVE-2026-22906
User credentials are stored using AES‑ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and recover plaintext usernames and passwords, especially when combined with the authentication bypass...
CVE-2026-25894 FUXA Unauthenticated Remote Code Execution via Hardcoded JWT Secret in Default Configuration
FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An insecure default configuration in FUXA allows an unauthenticated, remote attacker to gain administrative access and execute arbitrary code on the server. This affects FUXA through version 1.2.9 when authentication is...
CVE-2026-25894 FUXA Unauthenticated Remote Code Execution via Hardcoded JWT Secret in Default Configuration
FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An insecure default configuration in FUXA allows an unauthenticated, remote attacker to gain administrative access and execute arbitrary code on the server. This affects FUXA through version 1.2.9 when authentication is...
CVE-2026-25894
FUXA (web-based Process Visualization) contains an insecure default configuration that allows an unauthenticated, remote attacker to gain administrative access and execute arbitrary code on the server. The root cause is a hardcoded admin JWT secret in the default configuration, affecting versions...