CVE-2020-37092

Netis E1+ version 1.2.32533 contains a hardcoded root account vulnerability that allows unauthenticated attackers to access the device with predefined credentials. Attackers can leverage the embedded root account with a crackable password to gain full administrative access to the network device...

CVE-2020-37092

CVE-2020-37092 affects Netis E1+ devices with firmware 1.2.32533, where a hardcoded root account allows unauthenticated attackers to gain full administrative access via a predefined crackable password. This vulnerability enables remote compromise with network access and is supported by multiple s...

CVE-2026-25202

The database account and password are hardcoded, allowing login with the account to manipulate the database in MagicInfo9 Server.This issue affects MagicINFO 9 Server: less than 21.1090.1...

Netis E1+ 信任管理问题漏洞

Netis E1+ is a wireless signal amplifier developed by the Chinese company Netis. Version 1.2.32533 of Netis E1+ contains a vulnerability related to trust management. This vulnerability stems from the presence of a hardcoded root account, allowing attackers to access devices using predefined...

FUXA 安全漏洞

FUXA is a web-based process visualization software developed by frangoteam. Version 1.2.7 of FUXA contains a security vulnerability. This vulnerability stems from the use of hardcoded keys for signing and verifying JWT tokens in the server/api/jwt-helper.js file. This could allow remote attackers...

PT-2026-5842

Name of the Vulnerable Software and Affected Versions Netis E1+ version 1.2.32533 Description The Netis E1+ device version 1.2.32533 has a hardcoded root account that allows unauthenticated attackers to access the device using predefined credentials. Attackers can exploit the embedded root accoun...

GHSA-GC24-PX2R-5QMF Bambuddy Uses Hardcoded Secret Key + Many API Endpoints do not Require Authentication

Summary 1. A hardcoded secret key used for signing JWTs is checked into source code 2. ManyAPI routes do not check authentication Details I am using the publicly available docker image at ghcr.io/maziggy/bambuddy 1. Hardcoded JWT Secret Key...

Bambuddy Uses Hardcoded Secret Key + Many API Endpoints do not Require Authentication

Summary 1. A hardcoded secret key used for signing JWTs is checked into source code 2. ManyAPI routes do not check authentication Details I am using the publicly available docker image at ghcr.io/maziggy/bambuddy 1. Hardcoded JWT Secret Key...

CVE-2026-25202

The database account and password are hardcoded, allowing login with the account to manipulate the database in MagicInfo9 Server.This issue affects MagicINFO 9 Server: less than 21.1090.1...

CVE-2026-25202

The database account and password are hardcoded, allowing login with the account to manipulate the database in MagicInfo9 Server.This issue affects MagicINFO 9 Server: less than 21.1090.1...

CVE-2026-25202

The database account and password are hardcoded, allowing login with the account to manipulate the database in MagicInfo9 Server.This issue affects MagicINFO 9 Server: less than 21.1090.1...

EUVD-2026-5093

The database account and password are hardcoded, allowing login with the account to manipulate the database in MagicInfo9 Server.This issue affects MagicINFO 9 Server: less than 21.1090.1...

CVE-2026-25202

The database account and password are hardcoded, allowing login with the account to manipulate the database in MagicInfo9 Server.This issue affects MagicINFO 9 Server: less than 21.1090.1...

CVE-2026-25202

The database account and password are hardcoded, allowing login with the account to manipulate the database in MagicInfo9 Server.This issue affects MagicINFO 9 Server: less than 21.1090.1...

CVE-2026-25202

The CVE-2026-25202 issue affects Samsung MagicINFO 9 Server prior to version 21.1090.1. The vulnerability arises from hard-coded database credentials (account and password), permitting login to the database and potential manipulation of data, with impact to confidentiality and integrity (as descr...

SAMSUNG MagicINFO 9 Server 安全漏洞

SAMSUNG MagicINFO 9 Server is an enterprise-level digital signage content management and device monitoring platform developed by South Korean company Samsung. Previous versions of SAMSUNG MagicINFO 9 Server, such as 21.1090.1, contained security vulnerabilities. These vulnerabilities stemmed from...

PT-2026-5607

Name of the Vulnerable Software and Affected Versions MagicINFO 9 Server versions prior to 21.1090.1 Description The database account and password are hardcoded, which allows login with the account to manipulate the database. This compromises the integrity and confidentiality of the database...

PT-2026-6421

Summary 1. A hardcoded secret key used for signing JWTs is checked into source code 2. ManyAPI routes do not check authentication Details I am using the publicly available docker image at ghcr.io/maziggy/bambuddy 1. Hardcoded JWT Secret Key...

PT-2026-6298

Name of the Vulnerable Software and Affected Versions Bambuddy versions prior to 0.1.7 Description Bambuddy is a self-hosted print archive and management system for Bambu Lab 3D printers. Versions before 0.1.7 include a hardcoded secret key used for signing JSON Web Tokens JWTs. Multiple API rout...

Exploit for CVE-2025-15545

CVE-2025-15545 Information Vendor: TP-Link Vendor'...