EUVD-2026-23714

A security vulnerability has been detected in liangliangyy DjangoBlog up to 2.1.0.0. Affected is an unknown function of the file owntracks/views.py of the component Amap API Call Handler. Such manipulation of the argument key leads to use of hard-coded cryptographic key . The attack may be launch...

CVE-2025-60250

Unitree Go2, G1, H1, and B2 devices through 2025-09-20 decrypt BLE packet data by using the df98b715d5c6ed2b25817b6f2554124a key and the 2841ae97419c2973296a0d4bdfe19a4f IV...

Unitree多款产品 安全漏洞

Unitree Go2 is a robot dog, Unitree G1 is a humanoid robot, Unitree H1 is a humanoid robot, Unitree Go2 is a robot dog, Unitree G1 is a humanoid robot, Unitree H1 is a humanoid robot, Unitree H1 is a humanoid robot. A security vulnerability exists in several Unitree products that stems from the u...

CVE-2019-10907

Airsonic 10.2.1 uses Spring's default remember-me mechanism based on MD5, with a fixed key of airsonic in GlobalSecurityConfig.java. An attacker able to capture cookies might be able to trivially bruteforce offline the passwords of associated users...

itech iLabClient 安全漏洞

itech iLabClient is a powerful sender-side lab data receiving software from itech. A security vulnerability exists in itech iLabClient version 3.7.1, which stems from the use of the hard-coded key YngAYdgAE/kKZYu2F2wm6w== to allow local users to read and write to the database...

Philips IntelliSpace Perinatal 安全漏洞

Philips IntelliSpace Perinatal is an obstetric care information management solution for the healthcare industry from Philips Netherlands. A security vulnerability exists in Philips IntelliSpace Perinatal version 4.1 and prior versions, which stems from the creation of tokens using a username,...

CVE-2024-2413

Intumit SmartRobot uses a fixed encryption key for authentication. Remote attackers can use this key to encrypt a string composed of the user's name and timestamp to generate an authentication code. With this authentication code, they can obtain administrator privileges and subsequently execute...

SmartStar Software CWS Trust Management Issue Vulnerability

SmartStar Software CWS is a Web-based integration platform from China-based SmartStar Software. A trust management issue exists in SmartStar Software CWS v10.25. The vulnerability stems from a low-privileged specific account using a fixed key for authentication purposes, which can be exploited by...

xkeys Seal encryption used fixed key for all encryption

...

Insufficient Entropy

Overview Affected versions of this package are vulnerable to Insufficient Entropy via the getKey function, due to inefficient implementation of the AES-256-CBC cryptographic algorithm. The provided encrypt function is less secure when hex encoding and trimming are applied, leaving half of the bit...

CVE-2023-25403

CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. The program uses a fixed JWT key, and the stored key uses username format characters. Any user who logged in within 24 hours. A token can be forged with his username to bypass authentication...

CVE-2023-25403

CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. The program uses a fixed JWT key, and the stored key uses username format characters. Any user who logged in within 24 hours. A token can be forged with his username to bypass authentication...

Mozilla: Keystroke Side-Channel Leakage

The Mozilla Foundation Security Advisory describes this flaw as: Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed...

kvf-admin 信任管理问题漏洞

kvf-admin is a rapid development framework, scaffolding, backend management system, and permissions system for kalvinGit individual developers. kvf-admin suffers from a trust management issue vulnerability that originates from setting a fixed key in the com.kalvin.kvf.common.shiro.ShiroConfig fil...

CVE-2020-25180

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm...

PT-2021-7762 · Rockwell Automation · Isagraf Runtime

Name of the Vulnerable Software and Affected Versions: Rockwell Automation ISaGRAF Runtime versions 4.x through 5.x Description: The issue concerns the encryption of passwords used to execute privileged commands in the ISaGRAF Runtime. Specifically, a fixed key value is used with the tiny...

DEBIAN-CVE-2021-3565

A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentialit...

Tibco ObfuscationEngine 5.11 - Fixed Key Password Decryption

Exploit Title: Tibco ObfuscationEngine 5.11 - Fixed Key Password Decryption Date: December 8th 2020 Exploit Author: Tess Sluijter Vendor Homepage: https://www.tibco.com Version: 5.11x and before Tested on: MacOS, Linux, Windows Tibco password decryption exploit Background Tibco's documentation...

Tibco ObfuscationEngine 5.11 - Fixed Key Password Decryption Exploit

Exploit Title: Tibco ObfuscationEngine 5.11 - Fixed Key Password Decryption Exploit Author: Tess Sluijter Vendor Homepage: https://www.tibco.com Version: 5.11x and before Tested on: MacOS, Linux, Windows Tibco password decryption exploit Background Tibco's documentation states that there are thre...

CVE-2020-10884

This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP...