7554 matches found
OESA-2025-1785 cloud-init security update
Cloud-init is the defacto multi-distribution package that handles early initialization of a cloud instance. Security Fixes: cloud-init is an industry-standard multi-distribution method for cross-platform cloud instance initialization by Canonical. There is a security vulnerability in cloud-init...
OESA-2025-1784 cloud-init security update
Cloud-init is the defacto multi-distribution package that handles early initialization of a cloud instance. Security Fixes: cloud-init is an industry-standard multi-distribution method for cross-platform cloud instance initialization by Canonical. There is a security vulnerability in cloud-init...
OESA-2025-1783 cloud-init security update
Cloud-init is the defacto multi-distribution package that handles early initialization of a cloud instance. Security Fixes: cloud-init is an industry-standard multi-distribution method for cross-platform cloud instance initialization by Canonical. There is a security vulnerability in cloud-init,...
When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration.
...
CVE-2025-5023
Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Corporation photovoltaic system monitor “EcoGuideTAB” PV-DR004J all versions and PV-DR004JA all versions allows an attacker within the Wi-Fi communication range between the units of the product measurement unit and display unit to...
Important: cloud-init
Issue Overview: When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration. CVE-2024-6174 Affected Packages: cloud-init Issue Correction: Run dnf update cloud-init...
Important: cloud-init
Issue Overview: When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration. CVE-2024-6174 Affected Packages: cloud-init Note: This advisory is applicable to Amazon...
CVE-2025-4855
The Support Board plugin for WordPress is vulnerable to unauthorized access/modification/deletion of data due to use of hardcoded default secrets in the sbencryption function in all versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to bypass authorization...
CVE-2025-4855
The Support Board plugin for WordPress is vulnerable to unauthorized access/modification/deletion of data due to use of hardcoded default secrets in the sbencryption function in all versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to bypass authorization...
CVE-2025-37103 Hardcoded Credential Exposure Allows Unauthorized Access in Web Interface
Hard-coded login credentials were found in HPE Networking Instant On Access Points, allowing anyone with knowledge of it to bypass normal device authentication. Successful exploitation could allow a remote attacker to gain administrative access to the system...
CVE-2025-37103 Hardcoded Credential Exposure Allows Unauthorized Access in Web Interface
Hard-coded login credentials were found in HPE Networking Instant On Access Points, allowing anyone with knowledge of it to bypass normal device authentication. Successful exploitation could allow a remote attacker to gain administrative access to the system...
PT-2025-28804
Name of the Vulnerable Software and Affected Versions: The Support Board plugin for WordPress versions up to, and including, 3.8.0 Description: The issue allows unauthorized access, modification, or deletion of data due to the use of hardcoded default secrets in the sb encryption function. This...
CVE-2025-45813
ENENSYS IPGuard v2 2.10.0 was discovered to contain hardcoded credentials...
CVE-2025-45813
ENENSYS IPGuard v2 2.10.0 was discovered to contain hardcoded credentials...
CVE-2025-45813
ENENSYS IPGuard v2 2.10.0 was discovered to contain hardcoded credentials...
CVE-2025-45813
ENENSYS IPGuard v2 2.10.0 was discovered to contain hardcoded credentials...
CVE-2025-45813
ENENSYS IPGuard v2 2.10.0 was discovered to contain hardcoded credentials...
PT-2025-27662 · Enensys · Enensys Ipguard
Name of the Vulnerable Software and Affected Versions: ENENSYS IPGuard v2 version 2.10.0 Description: The issue concerns hardcoded credentials in the software. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world inciden...
CVE-2025-45813
CVE-2025-45813 concerns ENENSYS IPGuard v2.10.0 with hardcoded credentials. Affected component is the IPGuard device/software; root cause is hardcoded credential storage leading to potential unauthenticated access. Impact is high confidentiality, integrity, and availability risk per the CVSS vect...
PT-2025-27659
Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager Unified CM versions 15.0.1.13010-1 through 15.0.1.13017-1 Cisco Unified Communications Manager Session Management Edition Unified CM SME versions 15.0.1.13010-1 through 15.0.1.13017-1 Description A...