Tag
osuuu LightPicture Hardcoded Credentials Vulnerability (CVE-2026-6574)
2 rules 1 TTP 1 CVECVE-2026-6574 allows remote attackers to manipulate the 'key' argument in the /public/install/lp.sql file via the API Upload Endpoint in osuuu LightPicture <= 1.2.2, leading to hardcoded credentials exposure.
Hardcoded Storage Credentials in Mobile App and Device Firmware (CVE-2025-10681)
2 rules 1 TTP 1 CVECVE-2025-10681 describes a vulnerability where hardcoded storage credentials in a mobile app and device firmware, with inadequate permission limits and lack of expiration, could lead to unauthorized access to production storage containers.
GoHarbor Harbor v2.15.0 and Below Vulnerable to Hardcoded Credentials
2 rules 1 TTPGoHarbor Harbor version 2.15.0 and below is vulnerable to the use of hard-coded credentials, allowing an attacker to use the default password and gain unauthorized access to the web UI.
AstrBotDevs AstrBot Vulnerability Leads to Hardcoded Credentials (CVE-2026-7579)
2 rules 1 TTP 1 CVECVE-2026-7579 describes a vulnerability in AstrBotDevs AstrBot up to version 4.16.0 where improper handling of the `auth.py` file in the dashboard component leads to hardcoded credentials being exposed, enabling remote exploitation.