1110 matches found
CVE-2024-33625
CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass authentication...
CVE-2024-31410
The devices which CyberPower PowerPanel manages use identical certificates based on a hard-coded cryptographic key. This can allow an attacker to impersonate any client in the system and send malicious data...
CVE-2024-30207
A vulnerability has been identified in SIMATIC RTLS Locating Manager 6GT2780-0DA00 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA10 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA20 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA30 All versions...
CVE-2024-30207
A vulnerability has been identified in SIMATIC RTLS Locating Manager 6GT2780-0DA00 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA10 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA20 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA30 All versions...
CVE-2024-30207
A vulnerability has been identified in SIMATIC RTLS Locating Manager 6GT2780-0DA00 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA10 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA20 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA30 All versions...
CVE-2024-30207
The CVE-2024-30207 entry describes vulnerabilities in Siemens SIMATIC RTLS Locating Manager components (multiple SKUs: 6GT2780-0DA00/0DA10/0DA20/0DA30 and 6GT2780-1EA10/1EA20/1EA30) where communications between client and server rely on symmetric cryptography with a hard-coded key. The underlying...
"OfferBox" App uses a hard-coded secret key
Overview "OfferBox" App provided by i-plug inc. uses a hard-coded secret key for JWT CWE-321. Yuta Yamate of Rakuten Group, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact The hard-coded secret key for...
CVE-2023-39465
Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to explo...
CVE-2023-39465
Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to explo...
CVE-2023-32169
D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...
CVE-2023-39465
CVE-2023-39465 is tied to Triangle MicroWorks SCADA Data Gateway . The issue is in the TmwCrypto class, due to the use of a hard-coded cryptographic key and a hard-coded certificate, enabling remote disclosure of sensitive information without authentication. The vulnerability is documented across...
Softing Secure Integration Server 安全漏洞
Softing Secure Integration Server is a secure integration server from Softing Germany. It provides a powerful OPC UA data integration layer and supports interface abstraction, aggregation, data preprocessing and security supervision. A security vulnerability exists in Softing Secure Integration...
Motorola GuideMe 安全漏洞
Motorola GuideMe is an application from Motorola USA. A security vulnerability exists in Motorola GuideMe, which stems from a hard-coded AES key vulnerability that could allow a local attacker to read arbitrary files...
D-Link D-View 安全漏洞
D-Link D-View is a web-based design network device management software from China's D-Link Corporation. A security vulnerability exists in D-Link D-View, which originates from A hard-coded encryption key authentication bypass vulnerability is exploited...
Broadcom Brocade SANnav 信任管理问题漏洞
Broadcom Brocade SANnav is a suite of SAN management platforms from Broadcom USA. A security vulnerability exists in Brocade SANnav versions v2.3.1 and v2.3.0a, which stems from the inclusion of a hard-coded key used by Docker to access a remote registry via TLS. A TLS connection with an exposed...
PT-2025-6256 · Fortinet · Fortimanager
Name of the Vulnerable Software and Affected Versions: FortiManager versions 6.4 through 7.6.1 FortiManager version 7.0 Description: The issue is related to the use of a hard-coded cryptographic key in the FortiManager interface, which can allow a remote attacker to disclose confidential...
CVE-2024-1920 osuuu LightPicture TokenVerify.php handle hard-coded key
A vulnerability, which was classified as critical, has been found in osuuu LightPicture up to 1.2.2. This issue affects the function handle of the file /app/middleware/TokenVerify.php. The manipulation leads to use of hard-coded cryptographic key . The attack may be initiated remotely. The...
PT-2024-18422 · Unknown · Osuuu Lightpicture
Name of the Vulnerable Software and Affected Versions: osuuu LightPicture versions up to 1.2.2 Description: A critical issue has been found in osuuu LightPicture, affecting the function handle of the file /app/middleware/TokenVerify.php. The manipulation leads to the use of a hard-coded...
Yealink Config Encrypt Tool Security Vulnerability
YeaLink Yealink Config Encrypt Tool is a configuration encryption tool from China YeaLink. A security vulnerability exists in Yealink Config Encrypt Tool versions prior to 1.2, which stems from the disclosure of a hard-coded AES key used to encrypt configuration documents, resulting in the...
CVE-2024-1258
A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file api/config/params.php of the component API. The manipulation of the argument JWTKEYADMIN leads to use of hard-coded cryptographic k...