Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7555 matches found

RedhatCVE
RedhatCVEadded 2025/04/26 6:26 a.m.15 views

CVE-2025-43916

Sonos api.sonos.com through 2025-04-21, when the /login/v3/oauth endpoint is used, accepts a redirecturi containing userinfo in the authority component, which is not consistent with RFC 6819 section 5.2.3.5. An authorization code may be sent to an attacker-controlled destination. This might have...

3.4CVSS7AI score0.00178EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/04/26 5:28 a.m.10 views

CVE-2025-28031

TOTOLINK A810R V4.1.2cu.5182B20201026 was discovered to contain a hardcoded password for the telnet service in product.ini...

6.5CVSS7.6AI score0.00244EPSS
Exploits1References1
NVD
NVDadded 2025/04/25 9:15 p.m.12 views

CVE-2025-32985

NETSCOUT nGeniusONE before 6.4.0 b2350 has Hardcoded Credentials that can be obtained from JAR files...

9.8CVSS0.00389EPSS
Exploits0References1
OSV
OSVadded 2025/04/25 9:15 p.m.7 views

CVE-2025-32985

NETSCOUT nGeniusONE before 6.4.0 b2350 has Hardcoded Credentials that can be obtained from JAR files...

9.8CVSS5.8AI score0.00389EPSS
Exploits0References1
CVE
CVEadded 2025/04/25 12:0 a.m.73 views

CVE-2025-32985

CVE-2025-32985 affects NETSCOUT nGeniusONE prior to version 6.4.0 b2350. Root cause: hardcoded credentials embedded in a JAR file, enabling credential disclosure that leads to a high-impact loss of confidentiality, integrity, and availability (CVSS 3.1 base score 9.8). The vulnerability is descri...

9.8CVSS6.7AI score0.00389EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologiesadded 2025/04/25 12:0 a.m.5 views

PT-2025-17943 · Netscout · Netscout Ngeniusone

Name of the Vulnerable Software and Affected Versions: NETSCOUT nGeniusONE versions prior to 6.4.0 b2350 Description: The issue concerns hardcoded credentials in NETSCOUT nGeniusONE that can be obtained from JAR files. Recommendations: For versions prior to 6.4.0 b2350, update to version 6.4.0...

9.8CVSS6.4AI score0.00389EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2025/04/25 12:0 a.m.6 views

CVE-2025-32985

NETSCOUT nGeniusONE before 6.4.0 b2350 has Hardcoded Credentials that can be obtained from JAR files...

9.5AI score0.00389EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/04/25 12:0 a.m.9 views

CVE-2025-32985

NETSCOUT nGeniusONE before 6.4.0 b2350 has Hardcoded Credentials that can be obtained from JAR files...

0.00389EPSS
Exploits0References1
SUSE CVE
SUSE CVEadded 2025/04/24 3:24 a.m.1 views

SUSE CVE-2025-30206

Dpanel is a Docker visualization panel system which provides complete Docker management functions. The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers to generate valid JWT tokens and compromise the host machine. This security flaw allows attackers ...

9.8CVSS7.3AI score0.00721EPSS
Exploits0References3
Veracode
Veracodeadded 2025/04/23 3:39 p.m.10 views

Authentication Bypass

Dpanel is vulnerable to Authentication Bypass. The vulnerability is due to use of a hardcoded JWT secret due to the default configuration embedding a static secret, allowing attackers to forge valid tokens and gain unauthorized administrative access...

9.8CVSS6.8AI score0.00721EPSS
Exploits0References2Affected Software1
NVD
NVDadded 2025/04/22 4:15 p.m.28 views

CVE-2025-28031

TOTOLINK A810R V4.1.2cu.5182B20201026 was discovered to contain a hardcoded password for the telnet service in product.ini...

6.5CVSS0.00244EPSS
Exploits1References1
OSV
OSVadded 2025/04/22 4:15 p.m.3 views

CVE-2025-28031

TOTOLINK A810R V4.1.2cu.5182B20201026 was discovered to contain a hardcoded password for the telnet service in product.ini...

6.5CVSS5.8AI score0.00244EPSS
Exploits1References1
CNNVD
CNNVDadded 2025/04/22 12:0 a.m.1 views

TOTOLINK A810R 安全漏洞

TOTOLINK A810R is a wireless dual-band router from China's Gion Electronics TOTOLINK. A trust management issue vulnerability exists in TOTOLINK A810R version V4.1.2cu.5182B20201026, which stems from the presence of hardcoded passwords in product.ini. An attacker can exploit the vulnerability to...

6.5CVSS7AI score0.00244EPSS
Exploits1References1
CVE
CVEadded 2025/04/22 12:0 a.m.71 views

CVE-2025-28031

CVE-2025-28031 affects TOTOLINK A810R (version 4.1.2cu.5182_B20201026). The root cause is a hardcoded password for the Telnet service stored in product.ini, enabling authentication exposure over the network. The CVSS reflects network access, high confidentiality impact, no integrity or availabili...

6.5CVSS7.7AI score0.00244EPSS
Exploits1References1Affected Software1
Packet Storm News
Packet Storm Newsadded 2025/04/22 12:0 a.m.4 views

SolarWinds Web Help Desk Hardcoded Credential

SolarWinds Web Help Desk proof of concept hardcoded credential exploit that retrieves the 25 most recent tickets...

9.1CVSS7AI score0.93159EPSS
Exploits5
Positive Technologies
Positive Technologiesadded 2025/04/22 12:0 a.m.4 views

PT-2025-17554 · Totolink · Totolink A810R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A810R version 4.1.2cu.5182 B20201026 Description: The issue concerns a hardcoded password for the telnet service, which is stored in the product.ini file. Recommendations: For version 4.1.2cu.5182 B20201026, consider changing the...

6.5CVSS6.4AI score0.00244EPSS
Exploits1References7
Vulnrichment
Vulnrichmentadded 2025/04/22 12:0 a.m.6 views

CVE-2025-28031

TOTOLINK A810R V4.1.2cu.5182B20201026 was discovered to contain a hardcoded password for the telnet service in product.ini...

7.7AI score0.00244EPSS
Exploits1References1
Cvelist
Cvelistadded 2025/04/22 12:0 a.m.22 views

CVE-2025-28031

TOTOLINK A810R V4.1.2cu.5182B20201026 was discovered to contain a hardcoded password for the telnet service in product.ini...

0.00244EPSS
Exploits1References1
NVD
NVDadded 2025/04/21 2:15 p.m.14 views

CVE-2025-43916

Sonos api.sonos.com through 2025-04-21, when the /login/v3/oauth endpoint is used, accepts a redirecturi containing userinfo in the authority component, which is not consistent with RFC 6819 section 5.2.3.5. An authorization code may be sent to an attacker-controlled destination. This might have...

3.4CVSS0.00178EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/04/21 12:0 a.m.22 views

CVE-2025-43916

Sonos api.sonos.com through 2025-04-21, when the /login/v3/oauth endpoint is used, accepts a redirecturi containing userinfo in the authority component, which is not consistent with RFC 6819 section 5.2.3.5. An authorization code may be sent to an attacker-controlled destination. This might have...

3.4CVSS0.00178EPSS
Exploits0References1
Rows per page
Query Builder