WordPress Visual Website Collaboration, Feedback & Project Management – Atarim plugin <= 3.22.6 - Hardcoded Credentials vulnerability

Hardcoded Credentials vulnerability discovered by Lucio Sá in WordPress Plugin Atarim versions = 3.22.6...

CVE-2024-2038

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible fo...

CVE-2024-2038

CVE-2024-2038 affects the Visual Website Collaboration, Feedback & Project Management – Atarim WordPress plugin. The vulnerability arises from hardcoded credentials used to authenticate all incoming API requests, enabling unauthorized access. Exploitation allows unauthenticated attackers to modif...

CVE-2024-2038 Visual Website Collaboration, Feedback & Project Management – Atarim <= 3.22.6 - Hardcoded Credentials

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible fo...

CVE-2024-2038 Visual Website Collaboration, Feedback & Project Management – Atarim <= 3.22.6 - Hardcoded Credentials

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible fo...

PT-2024-18654 · WordPress · Atarim

Name of the Vulnerable Software and Affected Versions: The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress versions up to, and including, 3.22.6 Description: The issue is due to the use of hardcoded credentials to authenticate all incoming API requests...

SUSE CVE-2024-35917

In the Linux kernel, the following vulnerability has been resolved: s390/bpf: Fix bpfplt pointer arithmetic Kui-Feng Lee reported a crash on s390x triggered by the dummystops/dummyinitptrarg test 1: 0x2 bpfstructopstestrun+0x156/0x250 sysbpf+0xa1a/0xd00 s390xsysbpf+0x44/0x50 dosyscall+0x244/0x300...

CVE-2024-36080

Westermo EDW-100 devices through 2024-05-03 have a hidden root user account with a hardcoded password that cannot be changed. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network...

CVE-2024-36080

Westermo EDW-100 devices through 2024-05-03 have a hidden root user account with a hardcoded password that cannot be changed. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network...

CVE-2024-36080

Westermo EDW-100 devices through 2024-05-03 have a hidden root user account with a hardcoded password that cannot be changed. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network...

CVE-2024-36080

CVE-2024-36080 affects Westermo EDW-100 serial-to-Ethernet converters up to 2024-05-03, with a hidden root user and a hard-coded password that cannot be changed. The vulnerability enables high-impact, unauthenticated access (CVSS v3.1 base score 9.8) and potential credential disclosure. Public so...

CVE-2024-4844

Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator ePO on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database encryption key. This was...

CVE-2024-4844

Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator ePO on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database encryption key. This was...

CVE-2024-4844

CVE-2024-4844 concerns Trellix ePolicy Orchestrator (ePO) on Premise prior to 5.10 Service Pack 1 Update 2. The issue is a hardcoded credential in the keystore, allowing an attacker with admin privileges on the ePO server to read the orion.keystore contents and access the ePO database encryption ...

Siemens SIMATIC CN 4100 Hardcoded Credential Vulnerability

The Siemens SIMATIC CN 4100 is a communication node from Siemens, Germany. A security vulnerability exists in the Siemens SIMATIC CN 4100 due to an affected device containing undocumented users and credentials. An attacker could exploit the vulnerability to misuse the credentials to compromise th...

PT-2024-33110 · Trellix · Trellix Epolicy Orchestrator

Name of the Vulnerable Software and Affected Versions: Trellix ePolicy Orchestrator ePO on Premise versions prior to 5.10 Service Pack 1 Update 2 Description: A hardcoded credentials issue allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file,...

CVE-2024-34025

CVE-2024-34025 affects CyberPower PowerPanel Business software. The vulnerability stems from a hard-coded set of authentication credentials in the PowerPanel business application code, which could allow an attacker to bypass authentication and gain administrator privileges (CVSS v3.1 base 9.8). A...

CVE-2024-33867

An issue was discovered in linqi before 1.4.0.1 on Windows. There is a hardcoded password salt...

CVE-2024-33867

An issue was discovered in linqi before 1.4.0.1 on Windows. There is a hardcoded password salt...

CVE-2024-34211

TOTOLINK CP450 v4.1.0cu.747B20191224 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root...