CVE-2024-13820 Melhor Envio <= 2.15.9 - Unauthenticated Sensitive Information Exposure via Hardcoded Hash

The Melhor Envio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.15.9 via the 'run' function, which uses a hardcoded hash. This makes it possible for unauthenticated attackers to extract sensitive data including environment information,...

CVE-2024-13820 Melhor Envio <= 2.15.11 - Unauthenticated Sensitive Information Exposure via Hardcoded Hash

The Melhor Envio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.15.11 via the 'run' function, which uses a hardcoded hash. This makes it possible for unauthenticated attackers to extract sensitive data including environment information...

CVE-2024-13820

CVE-2024-13820 (Melhor Envio plugin for WordPress): The vulnerability is an unauthenticated sensitive information exposure via a hardcoded hash in the plugin’s run() function, affecting Melhor Envio versions up to 2.15.11 (per Wordfence). Impact per sources includes exposure of environment inform...

PT-2025-15392 · Senron · Senron 7Kt Pac1260 Data Manager

Name of the Vulnerable Software and Affected Versions: SENRON 7KT PAC1260 Data Manager affected versions not specified Description: A vulnerability has been identified where affected devices contain hardcoded credentials for remote access to the device operating system with root privileges. This...

CVE-2025-3426

We observed that Intellispace Portal binaries doesn’t have any protection mechanisms to prevent reverse engineering. Specifically, the app’s code is not obfuscated, and no measures are in place to protect against decompilation, disassembly, or debugging. As a result, attackers can reverse-enginee...

CVE-2025-3426 Use of default hardcoded credentials

We observed that Intellispace Portal binaries doesn’t have any protection mechanisms to prevent reverse engineering. Specifically, the app’s code is not obfuscated, and no measures are in place to protect against decompilation, disassembly, or debugging. As a result, attackers can reverse-enginee...

CVE-2025-3426 Use of default hardcoded credentials

We observed that Intellispace Portal binaries doesn’t have any protection mechanisms to prevent reverse engineering. Specifically, the app’s code is not obfuscated, and no measures are in place to protect against decompilation, disassembly, or debugging. As a result, attackers can reverse-enginee...

CVE-2025-3426

The CVE-2025-3426 entry describes lack of reverse engineering protections in Philips IntelliSpace Portal binaries, enabling discovery of hardcoded credentials. Affected products are IntelliSpace Portal 12 and earlier and Advanced Visualization Workspace 15. Technical details from connected source...

PT-2025-15271 · Philips · Advanced Visualization Workspace +1

Name of the Vulnerable Software and Affected Versions: Intellispace Portal versions 12 and prior Advanced Visualization Workspace version 15 Description: The issue is related to the lack of protection mechanisms in the Intellispace Portal binaries, making it possible for attackers to...

Esri Portal for ArcGIS < Security 2025 Update 1 Hardcoded Credentials

The version of Esri Portal for ArcGIS installed is missing Security 2025 Update 1. It is, therefore, affected by a hardcoded credentials vulnerability: - A hardcoded credential vulnerability exists in a specific deployment pattern for Esri Portal for ArcGIS versions 11.4 and below that may allow ...

CVE-2025-30406

Gladinet CentreStack through 16.1.10296.56315 fixed in 16.4.10315.56368 has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors who know the machineKey to serialize a payload for server-side...

Gladinet CentreStack 安全漏洞

Gladinet CentreStack is a premier mobile access and secure sharing solution from Gladinet USA. provides self-hosted cloud storage. A security vulnerability exists in Gladinet CentreStack that stems from hardcoding a machineKey resulting in a deserialization vulnerability that could lead to remote...

CVE-2025-2538

A hardcoded credential vulnerability exists in a specific deployment pattern for Esri Portal for ArcGIS versions 11.4 and below that may allow a remote unauthenticated attacker to gain administrative access to the system...

CVE-2025-30137

An issue was discovered in the G-Net GNET APK 2.6.2. Hardcoded credentials exist in in APK for ports 9091 and 9092. The GNET mobile application contains hardcoded credentials that provide unauthorized access to the dashcam's API endpoints on ports 9091 and 9092. Once the GNET SSID is connected to...

CVE-2025-30113

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Hardcoded Credentials exist in the APK for Ports 9091 and 9092. The dashcam's Android application contains hardcoded credentials that allow unauthorized access to device settings through ports 9091 and 9092. These...

CVE-2025-30109

In the IROAD APK 5.2.5, there are Hardcoded Credentials in the APK for ports 9091 and 9092. The mobile application for the dashcam contains hardcoded credentials that allow an attacker on the local Wi-Fi network to access API endpoints and retrieve sensitive device information, including live and...

CVE-2025-30123

An issue was discovered on ROADCAM X3 devices. The mobile app APK Viidure contains hardcoded FTP credentials for the FTPX user account, enabling attackers to gain unauthorized access and extract sensitive recorded footage from the device...

CVE-2024-8551

CVE-2024-8551 : A path traversal vulnerability affects modelscope/agentscope in the save-workflow and load-workflow functionality, present in versions prior to the fix. An attacker can read and write arbitrary JSON files on the filesystem, potentially exposing or modifying sensitive data (config ...

DELL SmartFabric OS10 Hardcoded Password Vulnerability

DELL SmartFabric OS10 Software is a software-defined network operating system from Dell Networks, based on Linux and open source technologies, and is primarily used to enable flexible management and automated deployment of data center network resources. DELL SmartFabric OS10 suffers from a...

CVE-2025-30137

An issue was discovered in the G-Net GNET APK 2.6.2. Hardcoded credentials exist in in APK for ports 9091 and 9092. The GNET mobile application contains hardcoded credentials that provide unauthorized access to the dashcam's API endpoints on ports 9091 and 9092. Once the GNET SSID is connected to...