CVE-2026-42518

The CVE concerns e-Sushrut HMIS where sensitive data and hardcoded AES keys are exposed in client-side JavaScript. An unauthenticated remote attacker could access the client code to extract cryptographic keys, potentially compromising confidentiality and weakening cryptographic protections. Docum...

PT-2026-35890

Name of the Vulnerable Software and Affected Versions e-Sushrut affected versions not specified Description Sensitive information and hardcoded AES Advanced Encryption Standard, a symmetric block cipher used for encrypting and decrypting data encryption keys are disclosed in client-side JavaScrip...

Datavines 加密问题漏洞

Datavines is a data quality monitoring and evaluation platform developed by Datavane. Versions of Datavines from 13,607,45e14a4982468cfdbcf75c85cde63bae71 onwards have a security vulnerability related to encryption. This vulnerability stems from the handling of the tokenSecret parameter in the...

Align My Invisalign App 安全漏洞

Align My Invisalign App is an application developed by Align Company, designed to support orthodontic treatment. Version 3.12.4 of Align My Invisalign App contains a security vulnerability, which stems from the use of hardcoded encryption keys for the parameter CDAACCESSTOKEN...

Wahoo Fitness SYSTM App 安全漏洞

The Wahoo Fitness SYSTM App is a comprehensive structured training app developed by Wahoo Fitness in the United States. The Wahoo Fitness SYSTM App versions 7.2.1 and earlier contained security vulnerabilities, which stemmed from the use of hardcoded encryption keys for the SEGMENTWRITEKEY...

Sumi Interactive GRID Organiser 安全漏洞

Sumi Interactive GRID Organizer is an activity planning and management application developed by Sumi Interactive in China. Versions of Sumi Interactive GRID Organizer prior to 1.0.5 contained security vulnerabilities, which were caused by the use of hardcoded encryption keys for the Parameter...

PropertyGuru AgentNet Singapore App 安全漏洞

The PropertyGuru AgentNet Singapore App is a mobile application used by PropertyGuru in Singapore as an real estate agency. The PropertyGuru AgentNet Singapore App versions prior to 23.7.10 contained a security vulnerability, which was caused by the use of hardcoded encryption keys for parameters...

Noelse Individuals & Pro App 安全漏洞

Noelse Individuals & Pro App is a financial services app developed by the French company Noelse, designed for individual and professional users to manage online accounts, handle payments, and access financial tools. The Noelse Individuals & Pro App versions 2.1.7 and earlier contain security...

Shinrays Games Goods Triple App 安全漏洞

Shinrays Games Goods Triple App is an application for trading virtual game goods by Shinrays Games. Versions of Shinrays Games Goods Triple App 1.200 and earlier contained a security vulnerability. This vulnerability stemmed from incorrect handling of parameters AESIV/AESPASSWORD in the jRwTX.jav...

Kalcaddle Kodbox 安全漏洞

Kalcaddle Kodbox is a private cloud storage and online collaborative office platform developed by Kalcaddle Corporation. A security vulnerability exists in the kalcaddle kodbox version 1.64, which stems from the Site-level API key Handler component using hardcoded keys...

Shannon 信任管理问题漏洞

Shannon is an open-source white-box penetration testing tool developed by KeygraphHQ. Shannon has a vulnerability related to trust management, which stems from hardcoded API keys in router configurations. This vulnerability could allow unauthenticated attackers to make proxy requests and...

CVE-2025-67305

In RUCKUS Network Director RND 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical across all deployments, allowing an attacker with network access to authenticate via SSH without a password. Once authenticated, the attacker can access the...

RUCKUS Network Director 安全漏洞

RUCKUS Network Director is a wireless network monitoring software developed by RUCKUS Corporation. Versions of RUCKUS Network Director prior to 4.5.0.56 contained security vulnerabilities. These vulnerabilities stemmed from the OVA devices having hardcoded SSH keys, which could allow unauthorized...

CVE-2025-67305

In RUCKUS Network Director RND 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical across all deployments, allowing an attacker with network access to authenticate via SSH without a password. Once authenticated, the attacker can access the...

CVE-2025-67305

Affected software: RUCKUS Network Director (RND) OVA appliances prior to 4.5.0.56. Vulnerability: hardcoded SSH keys for the postgres user are identical across deployments, enabling network-authenticated SSH without a password. Impact (as stated): attacker can access the PostgreSQL database with ...

CVE-2025-67305

In RUCKUS Network Director RND 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical across all deployments, allowing an attacker with network access to authenticate via SSH without a password. Once authenticated, the attacker can access the...

CVE-2026-26334

Calero VeraSMART versions prior to 2026 R1 contain hardcoded static AES encryption keys within Veramark.Framework.dll Veramark.Core.Config class. These keys are used to encrypt the password of the service account stored in C:\\VeraSMART Data\\app.settings. An attacker with local access to the...

CVE-2026-26334

Calero VeraSMART versions prior to 2026 R1 contain hardcoded static AES encryption keys within Veramark.Framework.dll Veramark.Core.Config class. These keys are used to encrypt the password of the service account stored in C:\VeraSMART Data\app.settings. An attacker with local access to the...

CVE-2026-26334

Affected software: Calero VeraSMART (versions prior to 2026 R1). Vulnerability: Hardcoded static AES keys present within Veramark.Framework.dll (Veramark.Core.Config class) are used to encrypt the password of the service account stored in C:\VeraSMART Data\app.settings. Impact chain: An attacker ...

CVE-2026-26334 Calero VeraSMART < 2026 R1 Hardcoded Static AES Keys Allow Decryption of Service Credentials

Calero VeraSMART versions prior to 2026 R1 contain hardcoded static AES encryption keys within Veramark.Framework.dll Veramark.Core.Config class. These keys are used to encrypt the password of the service account stored in C:\VeraSMART Data\app.settings. An attacker with local access to the...