119 matches found
CVE-2026-25600
The PDBM application relies on a static, hard‑coded secret embedded in the PDBM.exe executable. This secret is used by the application’s encryption routines, including the function responsible for decrypting credentials stored in the product’s configuration file. Because the secret is constant...
CVE-2026-25600
The PDBM application relies on a static, hard‑coded secret embedded in the PDBM.exe executable. This secret is used by the application’s encryption routines, including the function responsible for decrypting credentials stored in the product’s configuration file. Because the secret is constant...
CVE-2026-25600 Credential Exposure Vulnerability in Trac PDBM
The PDBM application relies on a static, hard‑coded secret embedded in the PDBM.exe executable. This secret is used by the application’s encryption routines, including the function responsible for decrypting credentials stored in the product’s configuration file. Because the secret is constant...
CVE-2026-25600 Credential Exposure Vulnerability in Trac PDBM
The PDBM application relies on a static, hard‑coded secret embedded in the PDBM.exe executable. This secret is used by the application’s encryption routines, including the function responsible for decrypting credentials stored in the product’s configuration file. Because the secret is constant...
DjangoBlog 安全漏洞
DjangoBlog is a blog system developed by liangliangyy using Django. Versions of DjangoBlog 2.1.0.0 and earlier had security vulnerabilities. These vulnerabilities stemmed from the use of the parameter SECRETKEY in the file djangoblog/settings.py, which resulted in hard-coded credentials,...
PYSEC-2026-63
Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 and prior to version 6.6.0, Gradio applications running outside of Hugging Face Spaces automatically enable "mocked" OAuth routes when OAuth components e.g. gr.LoginButton are used. When a user visi...
CVE-2025-69971
FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to forge valid admin tokens and bypass authentication to gain full administrative access...
GHSA-2R8F-CF6W-X5VQ Duplicate Advisory: FUXA contains a hard-coded credential vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c8m8-3jcr-6rj5. This link is maintained to preserve external references. Original Description FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a...
Duplicate Advisory: FUXA contains a hard-coded credential vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c8m8-3jcr-6rj5. This link is maintained to preserve external references. Original Description FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a...
CVE-2025-69971
FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to forge valid admin tokens and bypass authentication to gain full administrative access...
CVE-2025-69971
FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to forge valid admin tokens and bypass authentication to gain full administrative access...
EUVD-2025-206717
FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to forge valid admin tokens and bypass authentication to gain full administrative access...
CVE-2025-69971
FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to forge valid admin tokens and bypass authentication to gain full administrative access...
CVE-2025-69971
FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to forge valid admin tokens and bypass authentication to gain full administrative access...
CVE-2025-69971
FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to forge valid admin tokens and bypass authentication to gain full administrative access...
CVE-2025-69971
FUXA v1.2.7 contains a hard-coded secret in server/api/jwt-helper.js used to sign and verify JWTs, enabling remote attackers to forge admin tokens and bypass authentication to gain full administrative access. This is documented by multiple sources (NVD entry and the Nuclei template) and indicates...
PT-2026-6348
FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to forge valid admin tokens and bypass authentication to gain full administrative access...
Delta Electronics DIAView Hard-coded JWT Secret Key (CVE-2025-62581)
Binary data deltaelectronicsdiaviewcve-2025-62581.nbin...
CVE-2025-15107
CVE-2025-15107 affects actiontech sqle up to 4.2511.0, specifically the JWT Secret Handler in sqle/utils/jwt.go. The vulnerability arises from the manipulation of the argument JWTSecretKey, leading to use of a hard-coded cryptographic key. Reported as remotely exploitable with high attack complex...
One Hub 安全漏洞
One Hub is an OpenAI interface management and distribution system for Buer individual developers. A security vulnerability exists in One Hub version 0.14.27 and earlier, which stems from the use of a hard-coded key for the parameter SESSIONSECRET in the docker-compose.yml file, which could lead t...