7549 matches found
Evaluating Large Language Models in Detecting Secrets in Android Apps
Mobile apps often embed authentication secrets, such as API keys, tokens, and client IDs, to integrate with cloud services. However, developers often hardcode these credentials into Android apps, exposing them to extraction through reverse engineering. Once compromised, adversaries can exploit...
EUVD-2025-35229
The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector IV in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data...
CVE-2025-56801
The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector IV in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data. NOTE: the Supplier's position is that...
CVE-2025-56801
The Red Hat advisories describe CVE-2025-56801 as a vulnerability in the Reolink Desktop Application 8.18.12 where hardcoded hard-coded credentials function as the Initialization Vector (IV) in AES-CFB encryption, enabling local attackers to decrypt sensitive configuration data stored under %APPD...
CVE-2025-10850
The Felan Framework plugin for WordPress is vulnerable to improper authentication in versions up to, and including, 1.1.4. This is due to the hardcoded password in the 'fbajaxloginorregister' function and in the 'googleajaxloginorregister' function. This makes it possible for unauthenticated...
CVE-2025-60639
Hardcoded credentials in gsigel14 ATLAS-EPIC commit f29312c 2025-05-26...
EUVD-2025-34808
Hardcoded credentials in gsigel14 ATLAS-EPIC commit f29312c 2025-05-26...
CVE-2025-60639
Hardcoded credentials in gsigel14 ATLAS-EPIC commit f29312c 2025-05-26...
CVE-2025-60639
Hardcoded credentials in gsigel14 ATLAS-EPIC commit f29312c 2025-05-26...
CVE-2025-10850
The Felan Framework plugin for WordPress is vulnerable to improper authentication in versions up to, and including, 1.1.4. This is due to the hardcoded password in the 'fbajaxloginorregister' function and in the 'googleajaxloginorregister' function. This makes it possible for unauthenticated...
CVE-2025-10850 Felan Framework <= 1.1.4 - Hardcoded Credentials
The Felan Framework plugin for WordPress is vulnerable to improper authentication in versions up to, and including, 1.1.4. This is due to the hardcoded password in the 'fbajaxloginorregister' function and in the 'googleajaxloginorregister' function. This makes it possible for unauthenticated...
CVE-2025-10850 Felan Framework <= 1.1.4 - Hardcoded Credentials
The Felan Framework plugin for WordPress is vulnerable to improper authentication in versions up to, and including, 1.1.4. This is due to the hardcoded password in the 'fbajaxloginorregister' function and in the 'googleajaxloginorregister' function. This makes it possible for unauthenticated...
EUVD-2025-34721
The Felan Framework plugin for WordPress is vulnerable to improper authentication in versions up to, and including, 1.1.4. This is due to the hardcoded password in the 'fbajaxloginorregister' function and in the 'googleajaxloginorregister' function. This makes it possible for unauthenticated...
CVE-2025-10850
CVE-2025-10850 pertains to the Felan Framework WordPress plugin. The vulnerability arises from hardcoded credentials in the functions fb_ajax_login_or_register and google_ajax_login_or_register, enabling unauthenticated attackers to log in as existing users who registered via Facebook or Google i...
CVE-2025-56749
Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT tokens, leading to authentication bypass and unauthorized access to any user account...
CVE-2025-60639
Hardcoded credentials in gsigel14 ATLAS-EPIC commit f29312c 2025-05-26...
CVE-2025-60639
CVE-2025-60639 affects the ATLAS-EPIC project by gsiegel14, based on the consolidated records: hardcoded credentials in commit f29312c (2025-05-26). The CVSS v3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) yields a base score of 6.5 (Medium). There is no publicly documented exploitation status ...
CVE-2025-60639
Hardcoded credentials in gsigel14 ATLAS-EPIC commit f29312c 2025-05-26...
EUVD-2025-34618
Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT tokens, leading to authentication bypass and unauthorized access to any user account...
CVE-2025-56749
Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT tokens, leading to authentication bypass and unauthorized access to any user account...