CVE-2026-0622

Open 5GS WebUI uses a hard-coded JWT signing key change-me whenever the environment variable JWTSECRETKEY is unset...

CVE-2026-0622 Open 5GS WebUI uses a hard-coded JWT signing key

Open 5GS WebUI uses a hard-coded JWT signing key change-me whenever the environment variable JWTSECRETKEY is unset...

CVE-2026-0622 Open 5GS WebUI uses a hard-coded JWT signing key

Open 5GS WebUI uses a hard-coded JWT signing key change-me whenever the environment variable JWTSECRETKEY is unset...

CVE-2026-0622

Open5GS WebUI is affected by CVE-2026-0622: by default it uses hard-coded JWT signing keys (the string change-me) when JWT_SECRET_KEY is unset, allowing an unauthenticated network attacker to forge JWTs and gain access to protected WebUI endpoints (notably under /api/db/*). The issue arises from ...

PT-2026-3645

Name of the Vulnerable Software and Affected Versions Open 5GS WebUI affected versions not specified Description The software utilizes a hard-coded JWT signing key 'change-me' if the JWT SECRET KEY environment variable is not set. This can allow attackers to forge JWTs and potentially gain...

PT-2026-3665

Name of the Vulnerable Software and Affected Versions Milner ImageDirector Capture versions 7.0.9 through 7.6.3.25808 Description The software uses a hard-coded encryption key within the Password function in C2SGlobalSettings.dll on Windows. A local attacker can exploit this to decrypt database...

SUSE CVE-2025-15107

A security vulnerability has been detected in actiontech sqle up to 4.2511.0. The impacted element is an unknown function of the file sqle/utils/jwt.go of the component JWT Secret Handler. The manipulation of the argument JWTSecretKey leads to use of hard-coded cryptographic key . The attack is...

Hanwha Vision Camera Use of Hard-coded Cryptographic Key (CVE-2025-52601)

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered a vulnerability in Device Manager that a hardcoded encryption key for sensitive information. An attacker can use key to decrypt sensitive information. T...

GO-2025-4269 SQLE's JWT Secret Handler can be manipulated to use hard-coded cryptographic key in github.com/actiontech/sqle

SQLE's JWT Secret Handler can be manipulated to use hard-coded cryptographic key in github.com/actiontech/sqle...

CVE-2022-23440

A use of hard-coded cryptographic key vulnerability CWE-321 in the registration mechanism of FortiEDR collectors versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow a local attacker to disable and uninstall the collectors from the end-points within the same deployment...

CVE-2022-23650

Netmaker is a platform for creating and managing virtual overlay networks using WireGuard. Prior to versions 0.8.5, 0.9.4, and 010.0, there is a hard-coded cryptographic key in the code base which can be exploited to run admin commands on a remote server if the exploiter know the address and...

CVE-2022-0664

Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker prior to 0.8.5,0.9.4,0.10.0,0.10.1...

CVE-2024-39888

A vulnerability has been identified in Mendix Encryption All versions = V10.0.0 V10.0.2. Affected versions of the module define a specific hard-coded default value for the EncryptionKey constant, which is used in projects where no individual EncryptionKey was specified. This could allow to an...

Use Of Hard-coded Cryptographic Key

github.com/neuvector/neuvector is vulnerable to use of hard-coded cryptographic key. The vulnerability is due to a cryptographic key being hard-coded and embedded in the source code at compilation time, which allows an attacker with access to the code or binaries to recover the key and decrypt...

Use Of A Hard-Coded Cryptographic Key

org.apache.streampark, streampark is vulnerable to Use of a Hard-Coded Cryptographic Key. The vulnerability is due to the use of a fixed, immutable encryption key in the application, which allows an attacker to recover the key through code analysis and decrypt sensitive data or forge encrypted...

CVE-2025-15107

A security vulnerability has been detected in actiontech sqle up to 4.2511.0. The impacted element is an unknown function of the file sqle/utils/jwt.go of the component JWT Secret Handler. The manipulation of the argument JWTSecretKey leads to use of hard-coded cryptographic key . The attack is...

CVE-2025-15108

A vulnerability was detected in PandaXGO PandaX up to fb8ff40f7ce5dfebdf66306c6d85625061faf7e5. This affects an unknown function of the file config.yml of the component JWT Secret Handler. The manipulation of the argument key results in use of hard-coded cryptographic key . The attack may be...

CVE-2025-15105

A security flaw has been discovered in getmaxun maxun up to 0.0.28. Impacted is an unknown function of the file /getmaxun/maxun/blob/develop/server/src/routes/auth.ts. Performing manipulation of the argument apikey results in use of hard-coded cryptographic key . Remote exploitation of the attack...

Use of Hard-coded Cryptographic Key

Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key in the config.yml file. An attacker can gain unauthorized access to sensitive information by exploiting the presence of a hard-coded cryptographic key. Remediation A fix was pushed into the master...

CVE-2025-15108

A vulnerability was detected in PandaXGO PandaX up to fb8ff40f7ce5dfebdf66306c6d85625061faf7e5. This affects an unknown function of the file config.yml of the component JWT Secret Handler. The manipulation of the argument key results in use of hard-coded cryptographic key . The attack may be...