1110 matches found
SUSE CVE-2025-54471
NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations when NeuVector stores the data...
CVE-2025-56802
The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the Supplier's position is...
Use of Hard-coded Cryptographic Key
Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key for encrypting sensitive configurations when NeuVector stores data. The static key can be used to retrieve configuration data. Remediation Upgrade github.com/neuvector/neuvector/controller/cache to...
Use of Hard-coded Cryptographic Key
Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key for encrypting sensitive configurations when NeuVector stores data. The static key can be used to retrieve configuration data. Remediation Upgrade github.com/neuvector/neuvector/share to version 5.4.7...
Use of Hard-coded Cryptographic Key
Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key for encrypting sensitive configurations when NeuVector stores data. The static key can be used to retrieve configuration data. Remediation Upgrade github.com/neuvector/neuvector/controller/resource to...
Use of Hard-coded Cryptographic Key
Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key for encrypting sensitive configurations when NeuVector stores data. The static key can be used to retrieve configuration data. Remediation Upgrade github.com/neuvector/neuvector/share/utils to version...
Use of Hard-coded Cryptographic Key
Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key for encrypting sensitive configurations when NeuVector stores data. The static key can be used to retrieve configuration data. Remediation Upgrade github.com/neuvector/neuvector/controller/kv to versi...
Use of Hard-coded Cryptographic Key
Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key for encrypting sensitive configurations when NeuVector stores data. The static key can be used to retrieve configuration data. Remediation Upgrade github.com/neuvector/neuvector/controller/rest to...
NeuVector is shipping cryptographic material into its binary
Impact NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations when NeuVector stores the data. In the patched version, NeuVector leverages the Kubernetes secre...
Use of Hard-coded Cryptographic Key
Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key for encrypting sensitive configurations when NeuVector stores data. The static key can be used to retrieve configuration data. Remediation Upgrade github.com/neuvector/neuvector/controller/common to...
GHSA-H773-7GF7-9M2X NeuVector is shipping cryptographic material into its binary
Impact NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations when NeuVector stores the data. In the patched version, NeuVector leverages the Kubernetes secre...
CVE-2025-56802
The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the Supplier's position is...
CVE-2025-56802
The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the Supplier's position is...
CVE-2025-56802
The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the Supplier's position is...
CVE-2025-56802
The connected Red Hat and NVD entries confirm CVE-2025-56802 affects the Reolink desktop application and centers on a hard-coded and predictable AES encryption key used to encrypt user configuration files. This allows attackers with local access to decrypt sensitive data stored in %APPDATA%. The ...
EUVD-2025-35218
The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56802...
CVE-2025-56802
The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the Supplier's position is...
Newforma Project Center Server Information Disclosure Vulnerability (CNVD-2025-25886)
Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. Newforma Project Center Server suffers from an information...
CVE-2025-11899
Agentflow developed by Flowring has an Use of Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information, thereby logging into the system as any user. Attacker must first obtain an user ID in order to exploit...
CVE-2025-58426
desknet's NEO V4.0R1.0 to V9.0R2.0 contains a hard-coded cryptographic key, which allows an attacker to create malicious AppSuite applications...