The State of Secrets Sprawl 2026: 9 Takeaways for CISOs

Secrets sprawl isn't slowing down: in 2025, it accelerated faster than most security teams anticipated.GitGuardian's State of Secrets Sprawl 2026 report analyzed billions of commits across public GitHub and uncovered 29 million new hardcoded secrets in 2025 alone, a 34% increase year over year an...

EUVD-2025-209116

Hardcoded Password Vulnerability have been found in CENTUM. Affected products contain a hardcoded password for the user account PROG used for CENTUM Authentication Mode within the system. Under the following conditions, there is a risk that an attacker could log in as the PROG user. The default...

CVE-2025-7741

Hardcoded Password Vulnerability have been found in CENTUM. Affected products contain a hardcoded password for the user account PROG used for CENTUM Authentication Mode within the system. Under the following conditions, there is a risk that an attacker could log in as the PROG user. The default...

CVE-2025-7741

The CVE-2025-7741 entry concerns a hardcoded password issue in CENTUM VP systems. A hardcoded PROG user password (CENTUM Authentication Mode) exists in CENTUM VP releases R5.01.00–R5.04.20, R6.01.00–R6.12.00, and R7.01.00. Exploitation requires local access: an attacker must obtain the hardcoded ...

CVE-2025-7741

Hardcoded Password Vulnerability have been found in CENTUM. Affected products contain a hardcoded password for the user account PROG used for CENTUM Authentication Mode within the system. Under the following conditions, there is a risk that an attacker could log in as the PROG user. The default...

CVE-2025-7741

Hardcoded Password Vulnerability have been found in CENTUM. Affected products contain a hardcoded password for the user account PROG used for CENTUM Authentication Mode within the system. Under the following conditions, there is a risk that an attacker could log in as the PROG user. The default...

PT-2026-28306

Name of the Vulnerable Software and Affected Versions CENTUM versions R5.01.00 through R5.04.20 CENTUM versions R6.01.00 through R6.12.00 CENTUM version R7.01.00 Description The affected software contains a hardcoded password for the PROG user account, used for CENTUM Authentication Mode. An...

Yokogawa CENTUM VP 安全漏洞

Yokogawa CENTUM VP is a distributed control system platform developed by Yokogawa Electric Corporation in Japan. There are security vulnerabilities in Yokogawa CENTUM VP, which stem from hardcoded passwords. This could allow attackers to log in as PROG users under certain conditions...

CVE-2025-9497 Hardcoded Upgrade Decryption Passwords

Use of Hard-coded Credentials vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.0...

CVE-2025-9497 Hardcoded Upgrade Decryption Passwords

Use of Hard-coded Credentials vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.0...

CVE-2025-9497

CVE-2025-9497 affects Microchip Time Provider 4100 (prior to v2.5.0). The vulnerability arises from hard-coded credentials used for the upgrade path, enabling a malicious manual software update. CVSS metrics indicate a high-severity issue with LOCAL attack vector and HIGH impact on confidentialit...

OpenUI 信任管理问题漏洞

OpenUI is an open-source UI program developed byWeights & Biases. Versions of OpenUI 1.0 and earlier had a trust management vulnerability, which was caused by incorrect handling of the parameter LITELLMMASTERKEY, resulting in hardcoded credentials...

CVE-2025-55263

HCL Aftermarket DPC is affected by Hardcoded Sensitive Data which allows attacker to gain access to the source code or if it is stored in insecure repositories, they can easily retrieve these hardcoded secrets...

GHSA-7972-PG2X-XR59 vLLM has Hardcoded Trust Override in Model Files Enables RCE Despite Explicit User Opt-Out

Summary Two model implementation files hardcode trustremotecode=True when loading sub-components, bypassing the user's explicit --trust-remote-code=False security opt-out. This enables remote code execution via malicious model repositories even when the user has explicitly disabled remote code...

CVE-2021-27142

An issue was discovered on FiberHome HG6245D devices through RP2613. The web management is done over HTTPS, using a hardcoded private key that has 0777 permissions...

CVE-2021-27146

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / CUadmin credentials for an ISP...

CVE-2021-27148

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded telecomadmin / nE7jA%5m credentials for an ISP...

CVE-2021-27155

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 3UJUh2VemEfUtesEchEC2d2e credentials for an ISP...

CVE-2021-27151

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded rootmet / m3tr0r00t credentials for an ISP...

CVE-2021-27164

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / aisadmin credentials for an ISP...