8062 matches found
CVE-2025-59096
The default password for the extended admin user mode in the application U9ExosAdmin.exe "Kaba 9300 Administration" is hard-coded in multiple locations as well as documented in the locally stored user documentation...
CVE-2025-59096 Weak Default Password in dormakaba Kaba exos 9300
The default password for the extended admin user mode in the application U9ExosAdmin.exe "Kaba 9300 Administration" is hard-coded in multiple locations as well as documented in the locally stored user documentation...
CVE-2025-59096
CVE-2025-59096 describes a weak default password in dormakaba Kaba exos 9300 (U9ExosAdmin.exe, extended admin mode). Root cause: hard-coded default password present in multiple locations and in local user docs. Impact (per provided data): local attacker with HIGH privileges and LOCAL access could...
CVE-2025-59095 Hard-coded Key for PIN Encryption in dormakaba Kaba exos 9300
The program libraries DLL and binaries used by exos 9300 contain multiple hard-coded secrets. One notable example is the function "EncryptAndDecrypt" in the library Kaba.EXOS.common.dll. This algorithm uses a simple XOR encryption technique combined with a cryptographic key cryptoKey to transform...
CVE-2025-59095
The program libraries DLL and binaries used by exos 9300 contain multiple hard-coded secrets. One notable example is the function "EncryptAndDecrypt" in the library Kaba.EXOS.common.dll. This algorithm uses a simple XOR encryption technique combined with a cryptographic key cryptoKey to transform...
CVE-2025-59095
CVE-2025-59095 affects dormakaba Kaba exos 9300 software. Public descriptions in multiple sources indicate that DLLs/binaries (notably Kaba.EXOS.common.dll) use a hard-coded, static cryptoKey with a simple XOR-based encrypt/decrypt routine to process user PINs before storing them in MSSQL. The ro...
CVE-2025-59095 Hard-coded Key for PIN Encryption in dormakaba Kaba exos 9300
The program libraries DLL and binaries used by exos 9300 contain multiple hard-coded secrets. One notable example is the function "EncryptAndDecrypt" in the library Kaba.EXOS.common.dll. This algorithm uses a simple XOR encryption technique combined with a cryptographic key cryptoKey to transform...
PT-2026-4746
The default password for the extended admin user mode in the application U9ExosAdmin.exe "Kaba 9300 Administration" is hard-coded in multiple locations as well as documented in the locally stored user documentation...
Dormakaba Access Manager security vulnerabilities
The Dormakaba Access Manager is a smart hardware controller developed by the Dormakaba company in the United States. There are security vulnerabilities in the Dormakaba Access Manager 92xx K7 version. These vulnerabilities stem from hard-coded weak passwords in the SSH service, which may allow...
CVE-2026-22586
Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January...
CVE-2026-22586
Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January...
CVE-2026-22586
Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January...
CVE-2026-22586
Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January...
CVE-2026-22586
The CVE-2026-22586 entry concerns Salesforce Marketing Cloud Engagement, specifically modules such as CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, and View As Webpage. The root cause is a hard-coded cryptographic key that enables Web Services Protocol Manipu...
Salesforce Marketing Cloud Engagement security vulnerability
Salesforce Marketing Cloud Engagement is a digital marketing automation platform offered by the American company Salesforce. Versions of Salesforce Marketing Cloud Engagement prior to version 2026.1.21 contained security vulnerabilities, which were caused by hard-coded encryption keys. These...
PT-2026-4543
Name of the Vulnerable Software and Affected Versions Salesforce Marketing Cloud Engagement versions prior to January 21st, 2026 Description A hard-coded cryptographic key in the CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, and View As Webpage modules allows...
CVE-2025-58744
Use of Default Credentials, Hard-coded Credentials vulnerability in C2SGlobalSettings.dll in Milner ImageDirector Capture on Windows allows decryption of document archive files using credentials decrypted with hard-coded application encryption key. This issue affects ImageDirector Capture: from...
CVE-2025-58740
The use of a hard-coded encryption key in calls to the Password function in C2SGlobalSettings.dll in Milner ImageDirector Capture on Windows allows a local attacker to decrypt database credentials by reading the cryptographic key from the executable. This issue affects ImageDirector Capture: from...
CVE-2026-0622
Open 5GS WebUI uses a hard-coded JWT signing key change-me whenever the environment variable JWTSECRETKEY is unset...
CVE-2025-14115
IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 through 6.3.0.6 Interim Fix 016, and 6.4.0.0 through 6.4.0.3 Interim Fix 019 IBM® Sterling Connect:Direct for UNIX contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication,...