CVE-2025-52159

Hardcoded credentials in default configuration of PPress 0.0.9...

PT-2025-38616

Name of the Vulnerable Software and Affected Versions PPress version 0.0.9 Description The default configuration of PPress contains hardcoded credentials. Recommendations Change the default credentials in PPress version 0.0.9...

CVE-2025-52159

Hardcoded credentials in default configuration of PPress 0.0.9...

CVE-2025-52159

CVE-2025-52159 affects PPress CMS (version 0.0.9; related note mentions 0.0.9-beta). The connected exploit documentation describes a chain leading to remote code execution via server-side template injection (SSTI) and highlights Broken/Incorrect Access Control enabling exploit progression. The ro...

CVE-2025-54807

The secret used for validating authentication tokens is hardcoded in device firmware for affected versions. An attacker who obtains the signing key can bypass authentication, gaining complete access to the system...

CVE-2025-55112

Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between th...

CVE-2025-55109

An authentication bypass vulnerability exists in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions when using an empty or default kdb keystore or a default PKCS12 keystore. A remote attacker with access to a signed third-party or demo...

PT-2025-38480

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The secret used for validating authentication tokens is hardcoded in device firmware. An attacker who obtains the signing key can bypass authentication, gaining...

CVE-2024-48842 Hardcoded passwords

Use of Hard-coded Credentials vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5 and newer versions...

CVE-2025-57174

An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4.0 through 10.7.3 and possibly other previous versions. The rfpiped service listening on TCP port 555 which uses static AES encryption keys hardcoded in the binary. These keys are identical across all...

CVE-2025-55112

Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between th...

CVE-2025-55112

Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between th...

CVE-2025-55109

An authentication bypass vulnerability exists in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions when using an empty or default kdb keystore or a default PKCS12 keystore. A remote attacker with access to a signed third-party or demo...

CVE-2025-55112 BMC Control-M/Agent hardcoded Blowfish keys

Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between th...

CVE-2025-55112 BMC Control-M/Agent hardcoded Blowfish keys

Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between th...

CVE-2025-55112

Control-M/Agent, versions 9.0.18–9.0.20 (out-of-support) configured to use a non-default Blowfish encryption implementation rely on a hardcoded key, enabling an attacker with access to network traffic and the key to decrypt traffic between the Control-M/Agent and the Server. Root cause: hardcoded...

CVE-2025-55110

CVE-2025-55110 concerns BMC Control-M/Agents that use a kdb or PKCS#12 keystore by default with a well-known, documented password. The available connected sources confirm that an attacker with read access to the keystore could disclose sensitive data using this password. The vulnerability centers...

CVE-2025-55109 BMC Control-M/Agent default SSL/TLS configuration authenticated bypass

An authentication bypass vulnerability exists in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions when using an empty or default kdb keystore or a default PKCS12 keystore. A remote attacker with access to a signed third-party or demo...

CVE-2025-55109

The CVE-2025-55109 entry describes an authentication bypass in out-of-support Control-M/Agent versions 9.0.18–9.0.20 (and potentially earlier unsupported builds) when using an empty/default kdb keystore or a default PKCS#12 keystore. A remote attacker who has access to a signed third-party or dem...

PT-2025-37942

Name of the Vulnerable Software and Affected Versions: Control-M/Agent versions 9.0.18 through 9.0.20 Description: Out-of-support versions of Control-M/Agent configured to use the non-default Blowfish cryptography algorithm utilize a hardcoded key. An attacker with network access and knowledge of...