CVE-2026-42518

This vulnerability exists in e-Sushrut due to disclosure of sensitive information and hardcoded AES encryption keys in client-side JavaScript. An unauthenticated remote attacker could exploit this vulnerability by accessing the client-side code to extract sensitive information and cryptographic...

CVE-2026-42372

D-Link DIR-605L Hardware Revision A1 End-of-Life, EOL contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn35dlwbrdir605l" read from /etc/alphaconfig/imagesign. The custom telnetd binary...

CVE-2026-42376

D-Link DIR-456U Hardware Revision A1 End-of-Life, EOL contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /etc/init0.d/S80telnetd.sh with the username "Alphanetworks" and the static password "whdrv01dlobdir456U" read from /etc/config/imagesign. The custom telnetd...

CVE-2026-24444

SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9B9 contain a hardcoded password vulnerability in the web management interface recovery endpoints mgmt.php, npcmd.php that allows unauthenticated attackers to gain root access by submitting the hardcoded credential to the...

CVE-2026-11347

The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...

CVE-2026-11347

The CVE-2026-11347 entry describes vulnerabilities in the linqi application: hardcoded cryptographic keys and a weak IV-generation mechanism for AES/CBC using a limited ASCII charset. This combination enables known-plaintext attacks and allows an attacker with local access to decrypt obfuscated s...

CVE-2026-11347 Hardcoded Cryptographic Keys and Weak IV Generation in linqi

The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...

CVE-2026-11347

The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...

EUVD-2026-34811

The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...

CVE-2026-11347 Hardcoded Cryptographic Keys and Weak IV Generation in linqi

The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...

BIT-SOLR-2026-44825 Apache Solr: Enabling BasicAuth using bin/solr CLI configures additional insecure users

Hardcoded credentials in the Basic Authentication setup tool bin/solr auth enable in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attacker to gain full administrative access to the cluster via publicly known default credentials installed silently alongside the user-specifi...

PT-2026-46913

The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...

RIELLO UPS NetMan 信任管理问题漏洞

Riello UPS NetMan is a network adapter developed by the Italian company Riello UPS. The Riello UPS NetMan 204 has a vulnerability related to trust management. This vulnerability stems from a hardcoded backdoor account with a username and password of “eurek”. Unauthenticated remote attackers can...

Malicious code in sf-silly-goose-requests (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d1b2d16ce881d1e9b356ed424f8144ce9324d09010efa8761ad13ac8a46e7b60 Package uses trufflehog to detect secrets and exfiltrates them to a hardcoded location --- Category: MALICIOUS - The campaign has clearly malicious intent, lik...

CVE-2026-36616

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 contains hardcoded WiFi driver credentials including a RADIUS shared secret, WPS test key, and default PSK embedded in the production firmware binary...

EUVD-2026-34275

T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 were discovered to contain a hardcoded password for root access under the "superadmin" account...

CVE-2026-35905

T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 were discovered to contain a hardcoded password for root access under the "superadmin" account...

CVE-2026-45433

This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the device firmware. A remote attacker could exploit this vulnerability by extracting the cryptographic private key from the firmware, which could lead to decryption of HTTPS traffic and...

CVE-2026-45433

CVE-2026-45433 affects GX Earth 2022 ONT models. The issue is a hardcoded RSA private key embedded in device firmware, enabling a remote attacker to extract the key and potentially decrypt HTTPS traffic, enabling MITM attacks on the affected devices. The connected CVE listing documents this root ...

CVE-2026-45433 Hardcoded Cryptographic Key Vulnerability in GX Earth ONT Models

This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the device firmware. A remote attacker could exploit this vulnerability by extracting the cryptographic private key from the firmware, which could lead to decryption of HTTPS traffic and...