PT-2026-22405

Name of the Vulnerable Software and Affected Versions Gradio versions 4.16.0 through 6.5.9 Description Gradio is a Python package for rapid prototyping. Applications running outside of Hugging Face Spaces, versions 4.16.0 through 6.5.9, improperly handle OAuth components like gr.LoginButton...

MAL-2026-1049 Malicious code in flycord (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b2071af47a4b327550f5614253b291b893e0741e6f2ebe3b4378a4794696d211 When the user uses the provided library, this package silently reports basic information and the result of the user's action to a hardcoded, obfuscated URL...

Parse Server: Account takeover via JWT algorithm confusion in Google auth adapter

Impact An unauthenticated attacker can forge a Google authentication token with alg: "none" to log in as any user linked to a Google account, without knowing their credentials. All deployments with Google authentication enabled are affected. Patches The fix hardcodes the expected RS256 algorithm...

Exploit for CVE-2025-1242

ICSA-26-055-03 — Gardyn Home Kit IoT Vulnerabilities CISA ICS...

Binardat 10G08-0800GSM 信任管理问题漏洞

Binardat 10G08-0800GSM is a high-performance switch from the Chinese company Binardat. The Binardat 10G08-0800GSM Network Switch V300SP10260209 and earlier versions have a vulnerability related to trust management. This vulnerability stems from hardcoded management credentials that cannot be...

TIK-SOFT多款产品 信任管理问题漏洞

TIK-SOFT Finka-FK is a product of the Polish company TIK-SOFT. TIK-SOFT Finka-FK is a financial accounting software. TIK-SOFT Finka-KPR is a financial management software. TIK-SOFT Finka-Płace is a human resources and payroll management software. Several TIK-SOFT products have vulnerabilities...

Binardat 10G08-0800GSM 加密问题漏洞

Binardat 10G08-0800GSM is a high-performance switch from the Chinese company Binardat. The Binardat 10G08-0800GSM has a security vulnerability related to encryption. This vulnerability stems from the use of a hardcoded key in the RC4 algorithm embedded within the client JavaScript, which may lead...

Hardcoded trust_remote_code=True in Model Implementations Bypasses User Security Control

This report is not public...

CVE-2025-67305

In RUCKUS Network Director RND 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical across all deployments, allowing an attacker with network access to authenticate via SSH without a password. Once authenticated, the attacker can access the...

MLflow 安全漏洞

MLflow is an open-source platform that simplifies machine learning development. It includes features like tracking experiments, packaging code for reproducible runs, and sharing and deploying models. There is a security vulnerability in MLflow, which stems from the use of hardcoded default...

CVE-2025-67304

In Ruckus Network Director RND 4.5.0.54, the OVA appliance contains hardcoded credentials for the ruckus PostgreSQL database user. In the default configuration, the PostgreSQL service is accessible over the network on TCP port 5432. An attacker can use the hardcoded credentials to authenticate...

📄 Sitecore Experience Manager / Experience Platform 10.1 Shell Upload / Hardcoded Credentials

Proof of concept exploit for a remote code execution vulnerability chain affecting Sitecore Experience Platform versions 10.x combining hardcoded credentials with file upload vulnerabilities for complete system compromise...

CVE-2025-67305

In RUCKUS Network Director RND 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical across all deployments, allowing an attacker with network access to authenticate via SSH without a password. Once authenticated, the attacker can access the...

RUCKUS Network Director 安全漏洞

RUCKUS Network Director is a wireless network monitoring software developed by RUCKUS Corporation. Versions of RUCKUS Network Director prior to 4.5.0.56 contained security vulnerabilities. These vulnerabilities stemmed from the OVA devices having hardcoded SSH keys, which could allow unauthorized...

CVE-2025-67304

In Ruckus Network Director RND 4.5.0.54, the OVA appliance contains hardcoded credentials for the ruckus PostgreSQL database user. In the default configuration, the PostgreSQL service is accessible over the network on TCP port 5432. An attacker can use the hardcoded credentials to authenticate...

CVE-2025-67304

In Ruckus Network Director RND 4.5.0.54, the OVA appliance contains hardcoded credentials for the ruckus PostgreSQL database user. In the default configuration, the PostgreSQL service is accessible over the network on TCP port 5432. An attacker can use the hardcoded credentials to authenticate...

RUCKUS Network Director 安全漏洞

Ruckus Network Director is a wireless network monitoring software developed by Ruckus Corporation. Versions of Ruckus Network Director prior to 4.5.0.54 contained security vulnerabilities. These vulnerabilities stemmed from the OVA devices having hardcoded PostgreSQL database user credentials,...

CVE-2025-67305

In RUCKUS Network Director RND 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical across all deployments, allowing an attacker with network access to authenticate via SSH without a password. Once authenticated, the attacker can access the...

PT-2026-20922

Name of the Vulnerable Software and Affected Versions Ruckus Network Director versions prior to 4.5.0.54 Description Ruckus Network Director RND contains hardcoded credentials for the PostgreSQL database user. By default, the PostgreSQL service is accessible over the network on TCP port 5432. An...

CVE-2025-67305

Affected software: RUCKUS Network Director (RND) OVA appliances prior to 4.5.0.56. Vulnerability: hardcoded SSH keys for the postgres user are identical across deployments, enabling network-authenticated SSH without a password. Impact (as stated): attacker can access the PostgreSQL database with ...