CVE-2025-55619

Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering...

PT-2025-34450 · Reolink · Reolink

Name of the Vulnerable Software and Affected Versions: Reolink version 4.54.0.4.20250526 Description: The Reolink application contains a hardcoded encryption key and initialization vector. This allows an attacker to decrypt access tokens and web session tokens through reverse engineering...

CVE-2025-55619

Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering...

CVE-2025-55619

Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering...

CVE-2025-55619

Summary: CVE-2025-55619 affects the Reolink Android app (version 4.54.0.4.20250526). The root cause is a hardcoded encryption key and IV, which attackers can leverage to decrypt access tokens and web session tokens stored in the app via reverse engineering. This vulnerability has a high impact (C...

Malicious code in k7eel2-ss (PyPI)

The package downloads and executes an executable from a hardcoded URL. The executable is classifed as Trojan and confirmed by 47 top sources. The package downloads malware from https://github.com/deprosinal/legendary-funicular github repo, namely helo.exe --- -= Per source details. Do not edit...

MAL-2025-41421 Malicious code in k7eel2-ss (PyPI)

The package downloads and executes an executable from a hardcoded URL. The executable is classifed as Trojan and confirmed by 47 top sources. The package downloads malware from https://github.com/deprosinal/legendary-funicular github repo, namely helo.exe --- -= Per source details. Do not edit...

CVE-2025-51606

CVE-2025-51606 affects hippo4j versions 1.0.0 through 1.5.0. The root cause is a hard-coded secret key used during JWT creation, enabling an attacker with access to source code or binaries to forge valid tokens and impersonate any user, including privileged ones like admin. The NVD metrics assign...

Linux Distros Unpatched Vulnerability : CVE-2022-1162

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A hardcoded password was set for accounts registered using an OmniAuth provider e.g. OAuth, LDAP, SAML in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior...

CVE-2025-9091

A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etcro/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high...

Belkin F9K1009 and Belkin F9K1010 Hardcoded Credential Vulnerabilities

The Belkin F9K1009 and Belkin F9K1010 are both a wireless router from Belkin Canada. The Belkin F9K1009 and Belkin F9K1010 have a hard-coded credential vulnerability that can be exploited by an attacker to gain access to the devices...

CVE-2025-55279

This vulnerability exists in ZKTeco WL20 due to hard-coded private key stored in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and analyzing the binary data to retrieve private key stored in the firmware of the...

Linux Distros Unpatched Vulnerability : CVE-2024-6174

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configuration...

Linux Distros Unpatched Vulnerability : CVE-2025-34034

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default...

PT-2025-32361 · Belkin · Belkin F9K1009 +1

Name of the Vulnerable Software and Affected Versions: Belkin F9K1009 versions 2.00.04 through 2.00.09 Belkin F9K1010 versions 2.00.04 through 2.00.09 Description: A critical issue exists in the Web Interface component due to hard-coded credentials. This allows for remote attacks. The exploit has...

CVE-2025-51536

Austrian Archaeological Institute AI OpenAtlas v8.11.0 as discovered to contain a hardcoded Administrator password...

CVE-2025-44963

RUCKUS Network Director RND before 4.5 allows spoofing of an administrator JWT by an attacker who knows the hardcoded value of a certain secret key...

CVE-2025-44643

Certain Draytek products are affected by Insecure Configuration. This affects AP903 v1.4.18 and AP912C v1.4.9 and AP918R v1.4.9. The setting of the password property in the ripd.conf configuration file sets a hardcoded weak password, posing a security risk. An attacker with network access could...

CVE-2025-44955

RUCKUS Network Director RND before 4.5 allows jailed users to obtain root access vis a weak, hardcoded password...

CVE-2025-44963

RUCKUS Network Director RND before 4.5 allows spoofing of an administrator JWT by an attacker who knows the hardcoded value of a certain secret key...