By weakness (CWE)
CWE-255: related vulnerabilities
CVEs classified under CWE-255. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
2 published vulnerabilities
- CVE-2026-11515MEDIUM 5.3
A hard-coded password vulnerability has been discovered in SourceCodester Barangay Resident Profiling and Information Management System version 1.0. The flaw exists in the password reset handler, allowing an attacker to reset user passwords to a predictable hard-coded value rather than the intended new password. This can be exploited remotely without authentication, potentially leading to unauthorized account takeover. The vulnerability has been publicly disclosed and is actively exploitable.
- CVE-2026-11552MEDIUM 5.3
A remote authentication bypass vulnerability exists in SourceCodester's Online Examination & Learning Management System (also marketed under an alternate name, Syllabus-aligned Learning Management and Examination System) version 1.0. An unauthenticated attacker can manipulate a password parameter in the user import function to trigger use of a hard-coded credential, gaining unauthorized access without valid authentication. The vulnerability requires no user interaction and can be exploited from the network. Public exploit details are available.