Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hard-Coded Credentials

Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks. "Several widely used extensions ... unintentionally transmit sensitive data over simple...

CVE-2025-43925

An issue was discovered in Unicom Focal Point 7.6.1. The database is encrypted with a hardcoded key, making it easier to recover the cleartext data...

CVE-2025-5113

The Diviotec professional series exposes a web interface. One endpoint is vulnerable to arbitrary command injection and hardcoded passwords are used...

CVE-2025-4010

The Netcom NTC 6200 and NWL 222 series expose a web interface to be configured and set up by operators. Multiple endpoints of the web interface are vulnerable to arbitrary command injection and use insecure hardcoded passwords. Remote authenticated attackers can gain arbitrary code execution with...

CVE-2025-43925

An issue was discovered in Unicom Focal Point 7.6.1. The database is encrypted with a hardcoded key, making it easier to recover the cleartext data...

CVE-2025-43925

An issue was discovered in Unicom Focal Point 7.6.1. The database is encrypted with a hardcoded key, making it easier to recover the cleartext data...

CVE-2025-43925

An issue was discovered in Unicom Focal Point 7.6.1. The database is encrypted with a hardcoded key, making it easier to recover the cleartext data...

CVE-2025-43925

CVE-2025-43925 affects Unicom Focal Point 7.6.1. The issue is that the database is encrypted with a hardcoded key, which could allow recovery of plaintext data. Multiple connected sources corroborate the vulnerability, noting the same root cause and potential impact. There is no explicit exploit ...

AUO DIR-605L and AUO DIR-816L Hardcoded Vulnerabilities

AUO DIR-605L is the first cloud router, mainly for home and small office network environments. AUO DIR-816L is a dual-band wireless router that supports 2.4GHz and 5GHz bands , and is compliant with network standards such as IEEE 802.11ac and IEEE 802.11n, with a maximum transmission rate of...

PT-2025-23623 · Unicom · Unicom Focal Point

Name of the Vulnerable Software and Affected Versions: Unicom Focal Point version 7.6.1 Description: An issue was discovered where the database is encrypted with a hardcoded key, making it easier to recover the cleartext data. Recommendations: For Unicom Focal Point version 7.6.1, consider changi...

CVE-2025-43925

An issue was discovered in Unicom Focal Point 7.6.1. The database is encrypted with a hardcoded key, making it easier to recover the cleartext data...

CVE-2025-5113

The Diviotec professional series exposes a web interface. One endpoint is vulnerable to arbitrary command injection and hardcoded passwords are used...

CVE-2025-5113 Authenticated Remote Command Injection in Diviotec NBR IP Cameras

The Diviotec professional series exposes a web interface. One endpoint is vulnerable to arbitrary command injection and hardcoded passwords are used...

CVE-2025-5113 Authenticated Remote Command Injection in Diviotec NBR IP Cameras

The Diviotec professional series exposes a web interface. One endpoint is vulnerable to arbitrary command injection and hardcoded passwords are used...

CVE-2025-5113

CVE-2025-5113 affects the Diviotec professional series IP cameras with a web interface. The issue is an authenticated remote command-injection vulnerability in one exposed endpoint, combined with hardcoded passwords. CVSS 4.0 base score 8.6 (HIGH) indicates significant impact on confidentiality, ...

CVE-2025-4010 Arbitrary Command Injection in Netcom NTC-6200 & NWL-222

The Netcom NTC 6200 and NWL 222 series expose a web interface to be configured and set up by operators. Multiple endpoints of the web interface are vulnerable to arbitrary command injection and use insecure hardcoded passwords. Remote authenticated attackers can gain arbitrary code execution with...

CVE-2025-4010

CVE-2025-4010 affects Netcomm NTC 6200 and NWL-222 series where the web interface endpoints are vulnerable to arbitrary command injection and rely on insecure hardcoded passwords. The vulnerability enables remote authenticated attackers to gain arbitrary code execution with elevated privileges. T...

Diviotec professional series 命令注入漏洞

Diviotec professional series is a series of professional video surveillance products from Diviotec Corporation, USA. A security vulnerability exists in Diviotec professional series, which is caused by arbitrary command injection and hard-coded passwords in the exposed web interface...

PT-2025-23474 · Diviotec · Diviotec Professional Series

Name of the Vulnerable Software and Affected Versions: The Diviotec professional series affected versions not specified Description: The issue concerns the exposure of a web interface in the Diviotec professional series, where one endpoint is vulnerable to arbitrary command injection. Additionall...

CVE-2025-48491

Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was present in the source code. This issue has been patched in the pre-beta version...