CVE-2025-31953

HCL iAutomate is affected by a vulnerability due to hardcoded credentials that could lead to confidential data exposure. Affected component: HCL iAutomate (no specific versions provided in the documents). Root cause: hardcoded credentials enabling potential unauthorized access. Impact: confidenti...

PT-2025-30698 · Hcl · Hcl Iautomate

Name of the Vulnerable Software and Affected Versions: HCL iAutomate affected versions not specified Description: HCL iAutomate includes hardcoded credentials, which could lead to the exposure of confidential data if intercepted or accessed by unauthorized parties. Recommendations: At the moment,...

CVE-2025-52373

Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords used in database connections from hMailServer.ini config file...

CVE-2025-52374

Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords to other servers from hMailAdmin.exe.config file to access other hMailServer admin consoles with configured connections...

CVE-2025-43483

A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could allow the retrieval of hardcoded cryptographic keys. HP has addressed the issue in the latest software update...

CVE-2025-43483 Poly Clariti Manager - Multiple Security Vulnerabilities

A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could allow the retrieval of hardcoded cryptographic keys. HP has addressed the issue in the latest software update...

CVE-2025-43483 Poly Clariti Manager - Multiple Security Vulnerabilities

A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could allow the retrieval of hardcoded cryptographic keys. HP has addressed the issue in the latest software update...

CVE-2025-54137

HAX CMS NodeJS allows users to manage their microsite universe with a NodeJS backend. Versions 11.0.9 and below were distributed with hardcoded default credentials for the user and superuser accounts. Additionally, the application has default private keys for JWTs. Users aren't prompted to change...

CVE-2025-54137 NodeJS version of the HAX CMS application is distributed with Default Secrets

HAX CMS NodeJS allows users to manage their microsite universe with a NodeJS backend. Versions 11.0.9 and below were distributed with hardcoded default credentials for the user and superuser accounts. Additionally, the application has default private keys for JWTs. Users aren't prompted to change...

PT-2025-30501 · Poly · Poly Clariti Manager

Name of the Vulnerable Software and Affected Versions: Poly Clariti Manager versions prior to 10.12.1 Description: A security issue has been identified in Poly Clariti Manager that may allow the retrieval of hardcoded cryptographic keys. Recommendations: Update Poly Clariti Manager to version...

HAXcms with nodejs backend 安全漏洞

HAXcms with nodejs backend is an open source backend management system from HAX The Web. A security vulnerability exists in HAXcms with nodejs backend version 11.0.9 and earlier, which stems from hardcoding default credentials and JWT private keys, which could lead to unauthorized access...

NodeJS version of the HAX CMS application is distributed with Default Secrets

Summary The NodeJS version of the HAX CMS application is distributed with hardcoded default credentials for the user and superuser accounts. Additionally, the application has default private keys for JWTs. Users aren't prompted to change credentials or secrets during installation, and there is no...

GHSA-5FPV-5QVH-7CF3 NodeJS version of the HAX CMS application is distributed with Default Secrets

Summary The NodeJS version of the HAX CMS application is distributed with hardcoded default credentials for the user and superuser accounts. Additionally, the application has default private keys for JWTs. Users aren't prompted to change credentials or secrets during installation, and there is no...

CVE-2025-52374

Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords to other servers from hMailAdmin.exe.config file to access other hMailServer admin consoles with configured connections...

CVE-2025-52373

Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords used in database connections from hMailServer.ini config file...

CVE-2025-52373

Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords used in database connections from hMailServer.ini config file...

CVE-2025-4130 Hardcoded Credentials in PAVO Inc.'s PAVO Pay

Use of Hard-coded Credentials vulnerability in PAVO Inc. PAVO Pay allows Read Sensitive Constants Within an Executable. This issue affects PAVO Pay: before 13.05.2025...

CVE-2025-4130 Hardcoded Credentials in PAVO Inc.'s PAVO Pay

Use of Hard-coded Credentials vulnerability in PAVO Inc. PAVO Pay allows Read Sensitive Constants Within an Executable. This issue affects PAVO Pay: before 13.05.2025...

CVE-2025-4130

CVE-2025-4130 affects PAVO Pay prior to 13.05.2025. The issue is a hard-coded credentials flaw that enables reading of sensitive constants within an executable. Affected product: PAVO Pay (mobile payment management), with exposure described as reading sensitive constants due to embedded credentia...

CVE-2025-4049 Hardcoded SQLite password in FARA

Use of hard-coded, the same among all vulnerable installations SQLite credentials vulnerability in SIGNUM-NET FARA allows to read and manipulate local-stored database.This issue affects FARA: through 5.0.80.34...