CVE-2025-56466

Hardcoded credentials in Dietly v1.25.0 for android allows attackers to gain sensitive information...

CVE-2025-56466

Hardcoded credentials in Dietly v1.25.0 for android allows attackers to gain sensitive information...

PT-2025-37053

Name of the Vulnerable Software and Affected Versions: Dietly version 1.25.0 Description: The application contains hardcoded credentials, potentially allowing attackers to gain sensitive information. Recommendations: Update to a version without hardcoded credentials. At the moment, there is no...

Linux Distros Unpatched Vulnerability : CVE-2022-23942

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure...

Exploit for CVE-2015-2231

adups-get-super-serial CVE-2015-2231 Proof of Concept The POC I was using to demonstrate CVE-2015-2231 'Get Super Serial'. Was asked by a few people to post it so they could use similar things on other ADUPS firmware based devices which have this vulnerability. Cleaning up the laptop and posting...

CVE-2025-9696

The SunPower PVS6's BluetoothLE interface is vulnerable due to its use of hardcoded encryption parameters and publicly accessible protocol details. An attacker within Bluetooth range could exploit this vulnerability to gain full access to the device's servicing interface. This access allows the...

CVE-2025-9696

The SunPower PVS6's BluetoothLE interface is vulnerable due to its use of hardcoded encryption parameters and publicly accessible protocol details. An attacker within Bluetooth range could exploit this vulnerability to gain full access to the device's servicing interface. This access allows the...

CVE-2025-9696 Use of Hard-coded Credentials in SunPower PVS6

The SunPower PVS6's BluetoothLE interface is vulnerable due to its use of hardcoded encryption parameters and publicly accessible protocol details. An attacker within Bluetooth range could exploit this vulnerability to gain full access to the device's servicing interface. This access allows the...

CVE-2025-9696 Use of Hard-coded Credentials in SunPower PVS6

The SunPower PVS6's BluetoothLE interface is vulnerable due to its use of hardcoded encryption parameters and publicly accessible protocol details. An attacker within Bluetooth range could exploit this vulnerability to gain full access to the device's servicing interface. This access allows the...

PT-2025-35584

Name of the Vulnerable Software and Affected Versions: SunPower PVS6 affected versions not specified Description: The SunPower PVS6’s BluetoothLE interface is vulnerable due to the use of hardcoded encryption parameters and publicly accessible protocol details. An attacker within Bluetooth range...

Tenda F1202 安全漏洞

The Tenda F1202 is a dual-band Wi-Fi router with fifth-generation technology from Tenda, China. A security vulnerability exists in the Tenda F1202 version 1.2.0.9, 1.2.0.14, and 1.2.0.20, which originates in the file /etcro/shadow, where an action on the input Fireitup can result in hardcoded...

SRC-2025-0002 : Samsung MagicINFO 9 Server Hard-coded Credentials Local Privilege Escalation Vulnerability

Vulnerability Details: This vulnerability allows local attackers to escalate privileges on affected installations of Samsung MagicINFO. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists wi...

Tenda AC9 安全漏洞

Tenda AC9 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in 2016. The Tenda AC9 suffers from a hard-coded vulnerability that originates from an unknown function in the file /etcro/shadow of the component management interface, which can be exploited by an attacker...

Evope 1.1.3.20 Hardcoded Cryptographic Key

The component Evope Core in Evope version 1.1.3.20 uses a hardcoded cryptographic key, which means that encryption/decryption keys are permanently embedded in the source code, rather than being securely managed. This creates a critical security flaw because anyone who gains access to or...

CVE-2025-9380

A vulnerability was identified in FNKvision Y215 CCTV Camera 10.194.120.40. Affected by this issue is some unknown functionality of the file /etc/passwd of the component Firmware. Such manipulation leads to hard-coded credentials. Local access is required to approach this attack. The exploit is...

Welotec多款产品 安全漏洞

Welotec EG400Mk2 series and Welotec EG500Mk2 series are a series of edge IoT computing gateways from Welotec, Germany. A security vulnerability exists in several Welotec products that stems from JWT keys hardcoded in the egOS WebGUI backend, which could lead to bypassing authentication and...

PT-2025-34744

Name of the Vulnerable Software and Affected Versions: egOS WebGUI affected versions not specified Description: The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass...

CVE-2025-55619

Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering...

CVE-2025-9310

A vulnerability was determined in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. Affected by this vulnerability is an unknown functionality of the file /carRentalwar/druid/login.html of the component Druid. Executing manipulation can lead to hard-coded credentials. The attack ma...

CVE-2025-55619

Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering...