Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7554 matches found

Cvelist
Cvelistadded 2025/06/18 12:0 a.m.6 views

CVE-2025-45784

D-Link DPH-400S/SE VoIP Phone v1.01 contains hardcoded provisioning variables, including PROVISUSERPASSWORD, which may expose sensitive user credentials. An attacker with access to the firmware image can extract these credentials using static analysis tools such as strings or xxd, potentially...

0.00489EPSS
Exploits1References2
CVE
CVEadded 2025/06/18 12:0 a.m.31 views

CVE-2025-45784

CVE-2025-45784 affects the D-Link DPH-400S/SE VoIP Phone (v1.01). The issue is due to hardcoded provisioning variables in the firmware binary (notably PROVIS_USER_PASSWORD), resulting from insecure storage of sensitive information. An attacker who can access the firmware image could extract crede...

9.8CVSS6.2AI score0.00489EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2025/06/18 12:0 a.m.2 views

CVE-2025-45784

D-Link DPH-400S/SE VoIP Phone v1.01 contains hardcoded provisioning variables, including PROVISUSERPASSWORD, which may expose sensitive user credentials. An attacker with access to the firmware image can extract these credentials using static analysis tools such as strings or xxd, potentially...

9.3AI score0.00489EPSS
Exploits1References2
NVD
NVDadded 2025/06/17 7:15 p.m.11 views

CVE-2025-34509

Sitecore Experience Manager XM and Experience Platform XP versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access...

7.5CVSS0.38428EPSS
Exploits6References2
OSV
OSVadded 2025/06/17 7:15 p.m.0 views

CVE-2025-34509

Sitecore Experience Manager XM and Experience Platform XP versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access...

7.5CVSS5.8AI score0.38428EPSS
Exploits6References2
Vulnrichment
Vulnrichmentadded 2025/06/17 6:20 p.m.9 views

CVE-2025-34509 Sitecore XM and XP Hardcoded Credentials

Sitecore Experience Manager XM and Experience Platform XP versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access...

7.5CVSS7.3AI score0.38428EPSS
Exploits6References2
Cvelist
Cvelistadded 2025/06/17 6:20 p.m.16 views

CVE-2025-34509 Sitecore XM and XP Hardcoded Credentials

Sitecore Experience Manager XM and Experience Platform XP versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access...

7.5CVSS0.38428EPSS
Exploits6References2
CVE
CVEadded 2025/06/17 6:20 p.m.85 views

CVE-2025-34509

Sitecore XM/XP affected: Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974 PRE, all 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE; root cause is a hardcoded user account that allows unauthenticated, remote access to the ad...

7.5CVSS8.2AI score0.38428EPSS
In wildExploits6References2Affected Software4
Positive Technologies
Positive Technologiesadded 2025/06/17 12:0 a.m.5 views

PT-2025-25745

Name of the Vulnerable Software and Affected Versions Sitecore Experience Manager XM and Experience Platform XP versions 10.1 through 10.1.4 rev. 011974 PRE Sitecore Experience Manager XM and Experience Platform XP versions 10.2 Sitecore Experience Manager XM and Experience Platform XP versions...

7.5CVSS10AI score0.38428EPSS
Exploits6References18
RedhatCVE
RedhatCVEadded 2025/06/15 12:21 a.m.3 views

CVE-2025-28388

OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account...

9.8CVSS7.1AI score0.00507EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2025/06/14 12:0 a.m.6 views

PT-2025-25490 · Apache · Apache Nuttx Rtos

Name of the Vulnerable Software and Affected Versions: Apache NuttX RTOS versions 6.22 through 12.9.0 Description: An issue was discovered in the Apache NuttX RTOS apps/examples/xmlrpc application, where a device stats structure stored remotely provided parameters with a hardcoded buffer size,...

9.8CVSS6.5AI score0.00625EPSS
Exploits0References12
NVD
NVDadded 2025/06/13 2:15 p.m.11 views

CVE-2025-28388

OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account...

9.8CVSS0.00507EPSS
Exploits1References5
OSV
OSVadded 2025/06/13 2:15 p.m.2 views

CVE-2025-28388

OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account...

9.8CVSS7.1AI score
Exploits0References5
Cvelist
Cvelistadded 2025/06/13 12:0 a.m.8 views

CVE-2025-28388

OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account...

0.00507EPSS
Exploits1References5
Positive Technologies
Positive Technologiesadded 2025/06/13 12:0 a.m.2 views

PT-2025-25416 · Openc3 · Openc3 Cosmos

Name of the Vulnerable Software and Affected Versions: OpenC3 COSMOS version 6.0.0 Description: The issue is related to hardcoded credentials for the Service Account. Recommendations: For OpenC3 COSMOS version 6.0.0, consider changing the hardcoded credentials for the Service Account to unique,...

9.8CVSS6.4AI score0.00507EPSS
Exploits1References7
CVE
CVEadded 2025/06/13 12:0 a.m.46 views

CVE-2025-28388

CVE-2025-28388 affects OpenC3 COSMOS prior to v6.0.2, where hardcoded credentials for the Service Account are disclosed. The vulnerability enables potential unauthorized access with high impact as indicated by the CVSS metrics (CRITICAL, 9.8; network attack; no privileges required; user interacti...

9.8CVSS6.7AI score0.00507EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichmentadded 2025/06/13 12:0 a.m.4 views

CVE-2025-28388

OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account...

6.7AI score0.00507EPSS
Exploits1References5
RedhatCVE
RedhatCVEadded 2025/06/12 3:21 p.m.4 views

CVE-2025-22463

A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt the stored environment password...

7.3CVSS7AI score0.0033EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/06/12 3:21 p.m.4 views

CVE-2025-22455

A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials...

8.8CVSS8.5AI score0.00344EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/06/11 12:0 a.m.2 views

PT-2025-26164 · D Link · D-Link Dph-400S/Se Voip Phone

Name of the Vulnerable Software and Affected Versions: D-Link DPH-400S/SE VoIP Phone version 1.01 Description: The issue concerns hardcoded provisioning variables, including PROVIS USER PASSWORD, which may expose sensitive user credentials. An attacker with access to the firmware image can extrac...

10CVSS6.1AI score0.00489EPSS
Exploits1References12
Rows per page
Query Builder