CVE-2025-14611

CVE-2025-14611 affects Gladinet CentreStack and Triofox prior to 16.12.10420.56791. The root cause is hardcoded, static keys/IVs used by the AES cryptosystem (AES-256-CBC) in the web services, enabling attackers to forge or decrypt access tickets and potentially trigger arbitrary local file inclu...

EUVD-2025-203165

Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted...

CVE-2025-14611

Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted...

PT-2025-50981

Name of the Vulnerable Software and Affected Versions Gladinet CentreStack and Triofox versions prior to 16.12.10420.56791 Description Gladinet CentreStack and Triofox utilize hardcoded values in their AES cryptoscheme implementation. This weakens security, particularly for publicly exposed...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview @vitejs/plugin-rsc is a React Server Components RSC support for Vite. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere. An attacker can access the source code of any Server Function by sending a malicious HTTP...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview next is a react framework. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere. An attacker can access the source code of any Server Function by sending a malicious HTTP request to a vulnerable Server Function...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview react-server-dom-webpack is a React Server Components bindings for DOM using Webpack. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an...

CVE-2025-65823

The Meatmeet Pro was found to be shipped with hardcoded Wi-Fi credentials in the firmware, for the test network it was developed on. If an attacker retrieved this, and found the physical location of the Wi-Fi network, they could gain unauthorized access to the Wi-Fi network of the vendor...

CVE-2025-65730

Authentication Bypass via Hardcoded Credentials GoAway up to v0.62.18, fixed in 0.62.19, uses a hardcoded secret for signing JWT tokens used for authentication...

EUVD-2025-202623

The Meatmeet Pro was found to be shipped with hardcoded Wi-Fi credentials in the firmware, for the test network it was developed on. If an attacker retrieved this, and found the physical location of the Wi-Fi network, they could gain unauthorized access to the Wi-Fi network of the vendor...

EUVD-2020-30836

QiHang Media Web Digital Signage 3.0.9 contains a cleartext credentials vulnerability that allows unauthenticated attackers to access administrative login information through an unprotected XML file. Attackers can retrieve hardcoded admin credentials by requesting the '/xml/User/User.xml' file,...

CVE-2025-65823

The Meatmeet Pro was found to be shipped with hardcoded Wi-Fi credentials in the firmware, for the test network it was developed on. If an attacker retrieved this, and found the physical location of the Wi-Fi network, they could gain unauthorized access to the Wi-Fi network of the vendor...

CVE-2025-65823

The Meatmeet Pro was found to be shipped with hardcoded Wi-Fi credentials in the firmware, for the test network it was developed on. If an attacker retrieved this, and found the physical location of the Wi-Fi network, they could gain unauthorized access to the Wi-Fi network of the vendor...

CVE-2020-36896

QiHang Media Web Digital Signage 3.0.9 contains a cleartext credentials vulnerability that allows unauthenticated attackers to access administrative login information through an unprotected XML file. Attackers can retrieve hardcoded admin credentials by requesting the '/xml/User/User.xml' file,...

CVE-2020-36896

QiHang Media Web Digital Signage 3.0.9 contains a cleartext credentials vulnerability that allows unauthenticated attackers to access administrative login information through an unprotected XML file. Attackers can retrieve hardcoded admin credentials by requesting the '/xml/User/User.xml' file,...

CVE-2025-41696

An attacker can use an undocumented UART port on the PCB as a side-channel with the user hardcoded credentials obtained from CVE-2025-41692 to gain read access to parts of the filesystem of the device...

Exploit for CVE-2025-55449

CVE-2025-55449 - AstrBot Remote Code Execution RCE Vulnerabi...

PT-2025-50498

Name of the Vulnerable Software and Affected Versions Meatmeet Pro affected versions not specified Description The Meatmeet Pro device was shipped with hardcoded Wi-Fi credentials intended for its test network. An attacker obtaining these credentials and locating the vendor’s Wi-Fi network could...

CVE-2025-65823

CVE-2025-65823 affects the Meatmeet Pro device. The firmware reportedly ships with hardcoded Wi‑Fi credentials from its test network, enabling an attacker who obtains these credentials to gain unauthorized access to the vendor’s Wi‑Fi network. Additionally, a nearby attacker during initial setup ...

CVE-2025-65823

The Meatmeet Pro was found to be shipped with hardcoded Wi-Fi credentials in the firmware, for the test network it was developed on. If an attacker retrieved this, and found the physical location of the Wi-Fi network, they could gain unauthorized access to the Wi-Fi network of the vendor...