CVE-2024-47742

In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Block path traversal Most firmware names are hardcoded strings, or are constructed from fairly constrained format strings where the dynamic parts are just some hex numbers or such. However, there are a couple...

Malicious code in ethers-mew (npm)

The package contains additional code to append a hardcoded SSH key to the user's authorizedkeys file, creating a backoor, along with exfiltrating user private keys to an attack-controlled server...

CVE-2024-48192

Tenda G3 v15.01.0.52848755EN was discovered to contain a hardcoded password vulnerability in /etcro/shadow, which allows attackers to log in as root...

CVE-2024-48192

Tenda G3 v15.01.0.52848755EN was discovered to contain a hardcoded password vulnerability in /etcro/shadow, which allows attackers to log in as root...

CVE-2024-48192

CVE-2024-48192 affects Tenda G3 firmware v15.01.0.5(2848_755)_EN. A hardcoded password in the /etc_ro/shadow file allows an attacker to log in as root. The entry lists a high severity (CVSSv3.1: AV Adjacent, AC Low, PR Low, UI None, S Unchanged, C/H/I/A High) with a potential total impact. No rem...

CVE-2024-48192

Tenda G3 v15.01.0.52848755EN was discovered to contain a hardcoded password vulnerability in /etcro/shadow, which allows attackers to log in as root...

CVE-2024-48192

Tenda G3 v15.01.0.52848755EN was discovered to contain a hardcoded password vulnerability in /etcro/shadow, which allows attackers to log in as root...

PT-2024-33017 · Tenda · Tenda G3

Name of the Vulnerable Software and Affected Versions: Tenda G3 version 15.01.0.52848 755 EN Description: A hardcoded password vulnerability was discovered in the /etc ro/shadow file, which allows attackers to log in as root. This issue exists in the Tenda G3 firmware, specifically affecting the...

Malicious code in ethers-web3 (npm)

The package contains additional code to append a hardcoded SSH key to the user's authorizedkeys file, creating a backoor, along with exfiltrating user private keys to an attack-controlled server...

CVE-2024-45275

The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices...

CVE-2024-45275 MB connect line/Helmholz: Hardcoded user accounts with hard-coded passwords

The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices...

CVE-2024-45275

CVE-2024-45275 concerns a trust-management vulnerability in Helmholz Rex100 wireless routers where two hard-coded user accounts with fixed passwords enable an unauthenticated remote attacker to gain full control of the device. Public sources in the provided connected documents specify affected de...

CVE-2024-45275 MB connect line/Helmholz: Hardcoded user accounts with hard-coded passwords

The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices...

SolarWinds Web Help Desk Hardcoded Credential Vulnerability

SolarWinds Web Help Desk contains a hardcoded credential vulnerability that could allow a remote, unauthenticated user to access internal functionality and modify data...

VulnCheck KEV: CVE-2024-28987

SolarWinds Web Help Desk contains a hardcoded credential vulnerability that could allow a remote, unauthenticated user to access internal functionality and modify data...

Malicious code in spy-ai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d71096c3aa8cb143ba7fab208ab313a240e8f1f9846b17b947a01f729fc1864a Every time the user sends a message to the AI, the user IP, message as well as the response are exfiltrated to a hardcoded telegram channel. This behaviour is...

MAL-2024-12348 Malicious code in spiderai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cfee8e74f278d45135c11ee4ff3f18180cb2423e333934a8ba994f5e8ec48b9a Every time the user sends a message to the AI, the user IP, message as well as the response are exfiltrated to a hardcoded telegram channel. This behaviour is...

Malicious code in osint-tool (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 10a834a37294b0f3aaf52345444f8c5c2a15dde780c8342446c53ecc05d623c0 osint packages promise to be OSINT tool, however, when providing the username to search for, the package attempts to exfiltrate Discord tokens from the user. T...

MAL-2024-12320 Malicious code in osint-tool (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 10a834a37294b0f3aaf52345444f8c5c2a15dde780c8342446c53ecc05d623c0 osint packages promise to be OSINT tool, however, when providing the username to search for, the package attempts to exfiltrate Discord tokens from the user. T...

Malicious code in discord-token-lib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 44f591d196b048c4cad8da1cc1399681e22a2d5786fb212fda7c920aed8c2b07 osint packages promise to be OSINT tool, however, when providing the username to search for, the package attempts to exfiltrate Discord tokens from the user. T...