PT-2025-8755 · Automslc · Automslc

Name of the Vulnerable Software and Affected Versions: automslc affected versions not specified Description: The automslc package, a Python library that bypasses Deezer API restrictions to download music, was found to exfiltrate user data to a hardcoded server. This could potentially be used for...

CVE-2024-50688

SunGrow iSolarCloud Android app (v2.1.6.20241017 and earlier) uses hardcoded MQTT credentials for device telemetry, with the same credentials in the app and cloud. The vulnerability is described as enabling attackers to gain unauthorized access to user accounts and potentially execute arbitrary c...

Malicious code in transaction-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c1efc9cf33a18e7f3c4294c39aabadf136974e4e2ee56c874ba337ac609c6b77 The only thing the package does is send out all the given data about a cryptocurrency transaction, including the private key, to a hardcoded webhook. Feedback...

MAL-2025-191909 Malicious code in transaction-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c1efc9cf33a18e7f3c4294c39aabadf136974e4e2ee56c874ba337ac609c6b77 The only thing the package does is send out all the given data about a cryptocurrency transaction, including the private key, to a hardcoded webhook. Feedback...

CVE-2024-57790

IXON B.V. IXrouter IX2400 Industrial Edge Gateway v3.0 was discovered to contain hardcoded root credentials stored in the non-volatile flash memory. This vulnerability allows physically proximate attackers to gain root access via UART or SSH...

CVE-2024-57790

IXON B.V. IXrouter IX2400 Industrial Edge Gateway v3.0 was discovered to contain hardcoded root credentials stored in the non-volatile flash memory. This vulnerability allows physically proximate attackers to gain root access via UART or SSH...

CVE-2023-26566

Sangoma FreePBX 1805 through 2203 on Linux contains hardcoded credentials for the Asterisk REST Interface ARI, which allows remote attackers to reconfigure Asterisk and make external and internal calls via HTTP and WebSocket requests sent to the API...

CVE-2024-34211

TOTOLINK CP450 v4.1.0cu.747B20191224 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root...

CVE-2024-36049

Aptos Wisal payroll accounting before 7.1.6 uses hardcoded credentials in the Windows client to fetch the complete list of usernames and passwords from the database server, using an unencrypted connection. This allows attackers in a machine-in-the-middle position read and write access to personal...

CVE-2024-36782

TOTOLINK CP300 V2.0.4-B20201102 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root...

CVE-2024-33867

An issue was discovered in linqi before 1.4.0.1 on Windows. There is a hardcoded password salt...

CVE-2024-31810

TOTOLINK EX200 V4.0.3c.7646B20201211 was discovered to contain a hardcoded password for root at /etc/shadow.sample...

CVE-2024-35344

Certain Anpviz products contain a hardcoded cryptographic key stored in the firmware of the device. This affects IPC-D250, IPC-D260, IPC-B850, IPC-D850, IPC-D350, IPC-D3150, IPC-D4250, IPC-D380, IPC-D880, IPC-D280, IPC-D3180, MC800N, YM500L, YM800NN2, YMF50B, YM800SV2, YM500L8, and YM200E10...

CVE-2024-57790

IXON B.V. IXrouter IX2400 Industrial Edge Gateway v3.0 was discovered to contain hardcoded root credentials stored in the non-volatile flash memory. This vulnerability allows physically proximate attackers to gain root access via UART or SSH...

CVE-2024-57790

CVE-2024-57790 affects IXON B.V. IXrouter IX2400 (Industrial Edge Gateway) v3.0. A hardcoded root credential stored in non-volatile flash enables physically proximate attackers to obtain root access via UART or SSH. The vulnerability is categorized with physical attack vector, low authentication,...

PT-2025-6758 · Ixon B.V. · Ixrouter Ix2400

Name of the Vulnerable Software and Affected Versions: IXON B.V. IXrouter IX2400 Industrial Edge Gateway version 3.0 Description: The issue concerns hardcoded root credentials stored in the non-volatile flash memory. This allows physically proximate attackers to gain root access via UART or SSH...

CVE-2024-57790

IXON B.V. IXrouter IX2400 Industrial Edge Gateway v3.0 was discovered to contain hardcoded root credentials stored in the non-volatile flash memory. This vulnerability allows physically proximate attackers to gain root access via UART or SSH...

Ivanti Policy Secure 22.x < 22.7R1.3 RCE

The Ivanti Policy Secure installed on the remote host is prior to 22.7R1.3. It is, therefore, affected by multiple vulnerabilities in the admin portal: - External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remo...

CVE-2024-35395

TOTOLINK CP900L v4.1.5cu.798B20221228 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root...

CVE-2024-35396

TOTOLINK CP900L v4.1.5cu.798B20221228 was discovered to contain a hardcoded password for telnet in /webcste/cgi-bin/product.ini, which allows attackers to log in as root...