CVE-2025-25729

CVE-2025-25729 concerns a data disclosure in Bosscomm IF740 firmware (versions 11001.7078 & v11001.0000) and System versions 6.25 & 6.00. The root cause is information exposed via the update or boot process, enabling an attacker to obtain hardcoded cleartext credentials. The CVE entry and related...

CVE-2024-57040

TL-WR845NUNV4200909 and TL-WR845NUNV4190219 was discovered to contain a hardcoded password for the root account which can be obtained by analyzing downloaded firmware or via a brute force attack through physical access to the router...

CVE-2024-57040

TP-Link TL-WR845N devices with firmware TL-WR845NUNV4200909 and TL-WR845NUNV4190219 was discovered to contain a hardcoded password for the root account which can be obtained by analyzing downloaded firmware or via a brute force attack through physical access to the router. NOTE: The supplier has...

CVE-2024-57040

TP-Link TL-WR845N devices with firmware TL-WR845NUNV4200909 and TL-WR845NUNV4190219 was discovered to contain a hardcoded password for the root account which can be obtained by analyzing downloaded firmware or via a brute force attack through physical access to the router. NOTE: The supplier has...

CVE-2024-50688

SunGrow iSolarCloud Android application V2.1.6.20241017 and prior contains hardcoded credentials. The application regardless of the user account and the cloud uses the same MQTT credentials for exchanging the device telemetry...

CVE-2024-50688

SunGrow iSolarCloud Android application V2.1.6.20241017 and prior contains hardcoded credentials. The application regardless of the user account and the cloud uses the same MQTT credentials for exchanging the device telemetry...

PYSEC-2025-6 Exfiltrates cookies to hardcoded IP address

Published in 2021, the colabrun package is a Python library that exfiltrates user cookies to a hardcoded IP address. The package was found to exfiltrate user data to a hardcoded server, which could be used for malicious purposes...

Exfiltrates cookies to hardcoded IP address

Published in 2021, the colabrun package is a Python librarythat exfiltrates user cookies to a hardcoded IP address.The package was found to exfiltrate user data to a hardcoded server,which could be used for malicious purposes...

Exfiltrates user cookies to hardcoded server endpoint during normal operations

Published in 2020, the autodzee package is a Python librarythat bypasses Deezer API restrictions to download music.The package was found to exfiltrate user data to a hardcoded server,which could be used for malicious purposes...

PYSEC-2025-5 Exfiltrates user cookies to hardcoded server endpoint during normal operations

Published in 2020, the autodzee package is a Python library that bypasses Deezer API restrictions to download music. The package was found to exfiltrate user data to a hardcoded server, which could be used for malicious purposes...

When using the project to bypass Deezer API restrictions, project exfiltrates user data to a hardcoded server.

Published in 2019, the autodzee package is a Python librarythat bypasses Deezer API restrictions to download music.The package was found to exfiltrate user data to a hardcoded server,which could be used for malicious purposes...

PT-2025-8756 · Autodzee · Autodzee

Name of the Vulnerable Software and Affected Versions: autodzee affected versions not specified Description: The autodzee package, a Python library that bypasses Deezer API restrictions to download music, was found to exfiltrate user data to a hardcoded server. This could potentially be used for...

PT-2025-8757 · Pypi · Colabrun

Name of the Vulnerable Software and Affected Versions: colabrun affected versions not specified Description: The colabrun package is a Python library that exfiltrates user cookies to a hardcoded IP address. It was found to exfiltrate user data to a hardcoded server, which could be used for...

CVE-2024-57040

TP-Link TL-WR845N devices with firmware TL-WR845NUNV4200909 and TL-WR845NUNV4190219 was discovered to contain a hardcoded password for the root account which can be obtained by analyzing downloaded firmware or via a brute force attack through physical access to the router. NOTE: The supplier has...

CVE-2024-50688

SunGrow iSolarCloud Android app (v2.1.6.20241017 and earlier) uses hardcoded MQTT credentials for device telemetry, with the same credentials in the app and cloud. The vulnerability is described as enabling attackers to gain unauthorized access to user accounts and potentially execute arbitrary c...

PT-2025-8755 · Automslc · Automslc

Name of the Vulnerable Software and Affected Versions: automslc affected versions not specified Description: The automslc package, a Python library that bypasses Deezer API restrictions to download music, was found to exfiltrate user data to a hardcoded server. This could potentially be used for...

CVE-2024-57040

TP-Link TL-WR845N devices with firmware TL-WR845NUNV4200909 and TL-WR845NUNV4190219 was discovered to contain a hardcoded password for the root account which can be obtained by analyzing downloaded firmware or via a brute force attack through physical access to the router. NOTE: The supplier has...

CVE-2024-50688

SunGrow iSolarCloud Android application V2.1.6.20241017 and prior contains hardcoded credentials. The application regardless of the user account and the cloud uses the same MQTT credentials for exchanging the device telemetry...

CVE-2024-57040

CVE-2024-57040 affects TP-Link TL-WR845N devices running TL-WR845N(UN)_V4_190219 and TL-WR845N(UN)_V4_200909, which contain a hardcoded root password. Root access can be obtained by analyzing downloaded firmware or via brute-force attempts with physical access. Supplier states the issue was fixed...

CVE-2024-50688

SunGrow iSolarCloud Android application V2.1.6.20241017 and prior contains hardcoded credentials. The application regardless of the user account and the cloud uses the same MQTT credentials for exchanging the device telemetry...