CVE-2024-1258 Juanpao JPShop API params.php hard-coded key

A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file api/config/params.php of the component API. The manipulation of the argument JWTKEYADMIN leads to use of hard-coded cryptographic k...

CVE-2024-1258 Juanpao JPShop API params.php hard-coded key

A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file api/config/params.php of the component API. The manipulation of the argument JWTKEYADMIN leads to use of hard-coded cryptographic k...

CVE-2024-1258

Juanpao JPShop API (component API) has a vulnerability in api/config/params.php where manipulating the JWT_KEY_ADMIN leads to use of a hard-coded cryptographic key. Affected versions: up to 1.5.02. The issue is tied to hard-coded keys, with reported high confidentiality impact and high attack com...

PT-2024-17664 · Juanpao · Juanpao Jpshop

Name of the Vulnerable Software and Affected Versions: Juanpao JPShop versions up to 1.5.02 Description: A vulnerability was found in the API component of Juanpao JPShop, specifically in the file api/config/params.php. The manipulation of the JWT KEY ADMIN argument leads to the use of a hard-code...

CVE-2023-51840

DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key...

CVE-2023-51840

DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key...

Android App "Spoon" uses a hard-coded API key for an external service

Overview Android App "Spoon" provided by Spoon Radio Japan Inc. uses a hard-coded API key for an external service CWE-798. Yoshihito Sakai of BroadBand Security, Inc reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

Hongdian Router H8951-4G-ESP Security Vulnerability

The Hongdian Router H8951-4G-ESP is a wireless router from China Hongdian. A security vulnerability exists in versions prior to Hongdian Router H8951-4G-ESP 2310271149, which originates from the ability to unauthorizedly download a configuration backup and decrypt the contained passwords using a...

Fedir Tsapana Simple HTTP Server PLUS Security Vulnerability

Fedir Tsapana Simple HTTP Server PLUS is an application from Fedir Tsapana that allows you to run small local HTTP servers with static content. A security vulnerability exists in Fedir Tsapana Simple HTTP Server PLUS 1.8.1-plus and earlier versions, which arises from the application containing a...

CVE-2023-46711

VR-S1000 firmware Ver. 2.37 and earlier uses a hard-coded cryptographic key which may allow an attacker to analyze the password of a specific product user...

Multiple vulnerabilities in BUFFALO VR-S1000

Overview VR-S1000 provided by BUFFALO INC. contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2023-45741 Argument injection CWE-88 - CVE-2023-46681 Use of hard-coded cryptographic key CWE-321 - CVE-2023-46711 Information disclosure CWE-200 - CVE-2023-51363...

PT-2023-8310 · Buffalo · Buffalo Vr-S1000

Name of the Vulnerable Software and Affected Versions: BUFFALO VR-S1000 versions 2.37 and earlier Description: The issue is related to the use of a hard-coded cryptographic key in the firmware, which may allow an attacker to analyze the password of a specific product user. This could potentially...

CVE-2023-48392

Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account, including administrator’s account, ...

PT-2023-7880 · Kaifa Technology · Webitr

Name of the Vulnerable Software and Affected Versions: Kaifa Technology WebITR affected versions not specified Description: The issue is related to the use of a hard-coded encryption key in the WebITR online attendance system. This allows an unauthenticated remote attacker to generate a valid tok...

CVE-2023-36647

A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens...

CVE-2023-36647

A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens...

SuperAGI Security Vulnerability

SuperAGI is an open source infrastructure application from SuperAGI Open Source. for building components, tools, frameworks, and models to implement open source AGI. A security vulnerability exists in SuperAGI version v0.0.13, which stems from a cryptographic operation using a hard-coded key that...

Dromara Lamp-Cloud Security Breach

Dromara Lamp-Cloud is based on Jdk11 + SpringCloud + SpringBoot development of microservices in the back-end rapid development platform , focusing on multi-tenant SaaS architecture solutions , can also be used as a general project non-SaaS architecture of the basic development framework , has bee...

CVE-2023-42492

EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key...

PT-2023-29847 · Unknown · Android Client

Name of the Vulnerable Software and Affected Versions: Android Client application affected versions not specified Description: The issue concerns the Android Client application's connection to an MQTT broker for exchanging messages and receiving commands. The protocol used for remote management o...