1110 matches found
CVE-2025-11899
Agentflow developed by Flowring has an Use of Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information, thereby logging into the system as any user. Attacker must first obtain an user ID in order to exploit...
CVE-2025-11899 Flowring Technology|Agentflow - Use of Hard-coded Cryptographic Key
Agentflow developed by Flowring has an Use of Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information, thereby logging into the system as any user. Attacker must first obtain an user ID in order to exploit...
EUVD-2025-34859
Agentflow developed by Flowring has an Use of Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information, thereby logging into the system as any user. Attacker must first obtain an user ID in order to exploit...
CVE-2025-11899 Flowring Technology|Agentflow - Use of Hard-coded Cryptographic Key
Agentflow developed by Flowring has an Use of Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information, thereby logging into the system as any user. Attacker must first obtain an user ID in order to exploit...
CVE-2025-11899
CVE-2025-11899 affects Flowring’s Agentflow. The vulnerability arises from a hard-coded cryptographic key, enabling unauthenticated remote attackers to generate verification information and log in as any user after obtaining a user ID. Connected sources corroborate the issue across NVD/Red Hat an...
CVE-2025-58426
desknet's NEO V4.0R1.0 to V9.0R2.0 contains a hard-coded cryptographic key, which allows an attacker to create malicious AppSuite applications...
CVE-2025-58426
desknet's NEO V4.0R1.0 to V9.0R2.0 contains a hard-coded cryptographic key, which allows an attacker to create malicious AppSuite applications...
EUVD-2025-34744
desknet's NEO V4.0R1.0 to V9.0R2.0 contains a hard-coded cryptographic key, which allows an attacker to create malicious AppSuite applications...
CVE-2025-58426
desknet's NEO V4.0R1.0 to V9.0R2.0 contains a hard-coded cryptographic key, which allows an attacker to create malicious AppSuite applications...
CVE-2025-58426
The CVE concerns desknet’s NEO across versions V4.0R1.0–V9.0R2.0, where a hard-coded cryptographic key enables an attacker to create malicious AppSuite applications. This is the underlying root cause described in multiple connected sources, with impact stated as attacker-authored AppSuite apps be...
Multiple vulnerabilities in desknet's NEO
Overview desknets NEO provided by NEOJAPAN Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting CWE-79 - CVE-2025-24833, CVE-2025-54760, CVE-2025-55072 Reflected cross-site scripting CWE-79 - CVE-2025-52583 Stored cross-site scripting CWE-79 - CVE-2025-54859 Improper...
Creativeitem Academy LMS 安全漏洞
Creativeitem Academy LMS is an online learning management system from Creativeitem Bangladesh. A security vulnerability exists in Creativeitem Academy LMS version 6.14 and earlier, which stems from the use of a hard-coded default JWT key for token signing, which could lead to authentication bypas...
Hospital Management System session function hard-coded key vulnerability
Hospital Management System a hospital management system. Hospital Management System has a hard-coded key vulnerability that arises from the incorrect manipulation of the secret parameter by the session function in the express-session component, for which no detailed vulnerability details are...
CVE-2025-11609
A flaw has been found in code-projects Hospital Management System 1.0. Affected is the function session of the component express-session. This manipulation of the argument secret with the input secret causes use of hard-coded cryptographic key . The attack can be initiated remotely. The attack is...
EUVD-2025-33870
A flaw has been found in code-projects Hospital Management System 1.0. Affected is the function session of the component express-session. This manipulation of the argument secret with the input secret causes use of hard-coded cryptographic key . The attack can be initiated remotely. The attack is...
CVE-2025-11609
A flaw has been found in code-projects Hospital Management System 1.0. Affected is the function session of the component express-session. This manipulation of the argument secret with the input secret causes use of hard-coded cryptographic key . The attack can be initiated remotely. The attack is...
CVE-2025-11609
A flaw has been found in code-projects Hospital Management System 1.0. Affected is the function session of the component express-session. This manipulation of the argument secret with the input secret causes use of hard-coded cryptographic key . The attack can be initiated remotely. The attack is...
CVE-2025-11609 code-projects Hospital Management System express-session hard-coded key
A flaw has been found in code-projects Hospital Management System 1.0. Affected is the function session of the component express-session. This manipulation of the argument secret with the input secret causes use of hard-coded cryptographic key . The attack can be initiated remotely. The attack is...
CVE-2025-11609 code-projects Hospital Management System express-session hard-coded key
A flaw has been found in code-projects Hospital Management System 1.0. Affected is the function session of the component express-session. This manipulation of the argument secret with the input secret causes use of hard-coded cryptographic key . The attack can be initiated remotely. The attack is...
CVE-2025-11609
CVE-2025-11609 affects code-projects Hospital Management System 1.0, specifically the session function of the express-session component. The vulnerability arises from manipulation of the secret argument, causing use of a hard-coded cryptographic key. A remote attack is possible and the issue is d...