CVE-2024-28751

An high privileged remote attacker can enable telnet access that accepts hardcoded credentials...

CVE-2024-28987

The SolarWinds Web Help Desk WHD software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data...

CVE-2024-4844

Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator ePO on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database encryption key. This was...

CVE-2024-0368

The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.8.3 via hardcoded API Keys. This makes it possible for unauthenticated attackers to extract sensitive data including PII...

CVE-2024-57432

macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are hardcoded and do not change. User information is explicitly written into the JWT and used for subsequent privilege management, making it is possible to forge the JWT of any user to achieve...

CVE-2024-57432

macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are hardcoded and do not change. User information is explicitly written into the JWT and used for subsequent privilege management, making it is possible to forge the JWT of any user to achieve...

CVE-2024-57432

macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are hardcoded and do not change. User information is explicitly written into the JWT and used for subsequent privilege management, making it is possible to forge the JWT of any user to achieve...

CVE-2024-57432

macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are hardcoded and do not change. User information is explicitly written into the JWT and used for subsequent privilege management, making it is possible to forge the JWT of any user to achieve...

PT-2025-3439 · Unknown · Macrozheng Mall-Tiny

Name of the Vulnerable Software and Affected Versions: macrozheng mall-tiny version 1.0.1 Description: The issue concerns insecure permissions in the application. Specifically, the JWT signing keys are hardcoded and do not change. User information is explicitly written into the JWT and used for...

PT-2025-2960 · Easyvirt · Easyvirt Dcscope

Name of the Vulnerable Software and Affected Versions: EasyVirt DCScope versions 8.6.0 and earlier CO2Scope versions 1.3.0 and earlier Description: The issue allows remote attackers to generate JSON Web Tokens JWTs for privilege escalation due to a weak JWT secret. The HMAC secret used for...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Hardcoded Crypto Key CVE-2024-38314

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to Hardcoded Crypto Key CVE-2024-38314. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-38314 DESCRIPTION: IBM Maximo Application Suite - Monitor Component could...

CVE-2024-50690

SunGrow WiNet-SV200.001.00.P027 and earlier versions contains a hardcoded password that can be used to decrypt all firmware updates...

CVE-2024-50692

SunGrow WiNet-SV200.001.00.P027 and earlier versions contains hardcoded MQTT credentials that allow an attacker to send arbitrary commands to an arbitrary inverter. It is also possible to impersonate the broker, because TLS is not used to identify the real MQTT broker. This means that MQTT...

CVE-2024-50690

SunGrow WiNet-SV200.001.00.P027 and earlier versions contains a hardcoded password that can be used to decrypt all firmware updates...

CVE-2024-50692

The CVE-2024-50692 entry concerns SunGrow WiNet-SV200.001.00.P027 and earlier versions that ship with hardcoded MQTT credentials, enabling an attacker to send arbitrary commands to an inverter. TLS is not used to identify the MQTT broker, enabling impersonation and making MQTT communications susc...

CVE-2024-50690

SunGrow WiNet-SV200.001.00.P027 and earlier versions contains a hardcoded password that can be used to decrypt all firmware updates...

PT-2025-2883 · Sungrow · Sungrow Winet-Sv200

Name of the Vulnerable Software and Affected Versions: SunGrow WiNet-SV200 versions 0.001.00.P027 and earlier Description: The issue concerns a hardcoded password in the affected versions. This password can be used to decrypt all firmware updates. Recommendations: For SunGrow WiNet-SV200 versions...

CVE-2024-50690

SunGrow WiNet-SV200.001.00.P027 and earlier versions contains a hardcoded password that can be used to decrypt all firmware updates...

CVE-2024-50690

CVE-2024-50690 affects SunGrow WiNet-SV200.001.00.P027 and older; the root cause is a hardcoded password embedded in the WiNet WebUI that can be used to decrypt all firmware updates. This enables an attacker to decrypt firmware updates, potentially compromising device integrity and exposing updat...

PT-2025-2884 · Sungrow · Sungrow Winet-Sv200

Name of the Vulnerable Software and Affected Versions: SunGrow WiNet-SV200 versions 0.001.00.P027 and earlier Description: The issue concerns hardcoded MQTT credentials in the affected software, allowing an attacker to send arbitrary commands to any inverter. Additionally, the lack of TLS to...