Gladinet CentreStack < 16.4.10315.56368 Insecure Deserialization

According to its banner, the version of Gladinet CentreStack running on the remote host is prior to 16.4.10315.56368. It is, therefore, affected by an Insecure Deserialization due to the CentreStack portal's use an hardcoded machineKey. Note that the scanner has not tested for these issues but ha...

Gladinet CentreStack / Triofox < 16.12.10420.56791 Hardcoded Credentials

According to its banner, the version of Gladinet CentreStack / Triofox running on the remote host is prior to 16.12.10420.56791. It is, therefore, affected by an arbitrary local file inclusion due to the CentreStack / Triofox portal's use hardcoded values for their implementation of the AES...

Parse Server is vulnerable to Server-Side Request Forgery (SSRF) via Instagram OAuth Adapter

Impact The Instagram authentication adapter allows clients to specify a custom API URL via the apiURL parameter in authData. This enables SSRF attacks and possibly authentication bypass if malicious endpoints return fake responses to validate unauthorized users. Patches Fixed by hardcoding the...

CVE-2025-68150

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.2 and 9.1.1-alpha.1, the Instagram authentication adapter allows clients to specify a custom API URL via the apiURL parameter in authData. This enables SSRF attacks and...

CVE-2025-68150 Parse Server has Server-Side Request Forgery (SSRF) in Instagram OAuth Adapter

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.2 and 9.1.1-alpha.1, the Instagram authentication adapter allows clients to specify a custom API URL via the apiURL parameter in authData. This enables SSRF attacks and...

CVE-2025-68150

CVE-2025-68150 affects Parse Server where the Instagram OAuth adapter allows an attacker to supply a custom apiURL in authData, enabling Server-Side Request Forgery (SSRF) and potentially authentication bypass by hitting malicious endpoints. Root cause: client-provided apiURL is not validated and...

EUVD-2025-203404

An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. A hardcoded Flickr API key and secret are present in the publicly accessible Flickr Zimlet used by Zimbra Collaboration. Because these credentials are embedded directly in the Zimlet, any unauthorized party could retrieve them and...

CVE-2025-67809

An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. A hardcoded Flickr API key and secret are present in the publicly accessible Flickr Zimlet used by Zimbra Collaboration. Because these credentials are embedded directly in the Zimlet, any unauthorized party could retrieve them and...

CVE-2025-67809

An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. A hardcoded Flickr API key and secret are present in the publicly accessible Flickr Zimlet used by Zimbra Collaboration. Because these credentials are embedded directly in the Zimlet, any unauthorized party could retrieve them and...

CVE-2025-67809

An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. A hardcoded Flickr API key and secret are present in the publicly accessible Flickr Zimlet used by Zimbra Collaboration. Because these credentials are embedded directly in the Zimlet, any unauthorized party could retrieve them and...

PT-2025-51284

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration versions 10.0 and 10.1 Description A hardcoded Flickr API key and secret are present in the publicly accessible Flickr Zimlet used by Zimbra Collaboration. An attacker with access to these credentials could impersonate the...

CVE-2025-67809

Affected software: Zimbra Collaboration (ZCS) 10.0 and 10.1 with the Flickr Zimlet. Issue: hardcoded Flickr API key and secret embedded in the publicly accessible Zimlet allowed credential disclosure and potential impersonation during Flickr OAuth flows, enabling access to a user’s Flickr data if...

Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability

Gladinet CentreStack and TrioFox contain a hardcoded cryptographic keys vulnerability for their implementation of the AES cryptoscheme. This vulnerability degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially...

CVE-2025-14611

Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted...

CVE-2025-36747 Hardcoded FTP Credentials within the firmware

ShineLan-X contains a set of credentials for an FTP server was found within the firmware, allowing testers to establish an insecure FTP connection with the server. This may allow an attacker to replace legitimate files being deployed to devices with their own malicious versions, since the firmwar...

CVE-2025-36747

The CVE entry for CVE-2025-36747 describes ShineLan-X firmware containing FTP server credentials, enabling testers to establish an insecure FTP connection. This can allow an attacker to replace legitimate firmware-deployed files with malicious versions because firmware signature verification is n...

CVE-2025-36747 Hardcoded FTP Credentials within the firmware

ShineLan-X contains a set of credentials for an FTP server was found within the firmware, allowing testers to establish an insecure FTP connection with the server. This may allow an attacker to replace legitimate files being deployed to devices with their own malicious versions, since the firmwar...

Use Of Hardcoded Cryptographic Key

sureness is vulnerable to Use of Hardcoded Cryptographic Key. The vulnerability is due to the use of a hardcoded key within the application, allowing attackers who obtain or reverse engineer the key to bypass security protections or forge trusted data...

CVE-2025-14611

Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted...

CVE-2025-14611

Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted...