212 matches found
CVE-2026-26334 Calero VeraSMART < 2026 R1 Hardcoded Static AES Keys Allow Decryption of Service Credentials
Calero VeraSMART versions prior to 2026 R1 contain hardcoded static AES encryption keys within Veramark.Framework.dll Veramark.Core.Config class. These keys are used to encrypt the password of the service account stored in C:\VeraSMART Data\app.settings. An attacker with local access to the...
PT-2026-8031
Name of the Vulnerable Software and Affected Versions Calero VeraSMART versions prior to 2026 R1 Description The software contains hardcoded static AES encryption keys within the Veramark.Framework.dll module, specifically in the Veramark.Core.Config class. These keys are used to encrypt the...
WAGO Industrial-Managed-Switch 0852-1322和WAGO Industrial-Managed-Switch 0852-1328 安全漏洞
WAGO Industrial-Managed-Switch 0852-1322 and WAGO Industrial-Managed-Switch 0852-1328 are industrial-grade managed Ethernet switches from the German company WAGO. Both devices have security vulnerabilities. These vulnerabilities stem from the use of hardcoded keys for AES-ECB encryption, which...
CVE-2026-2103
Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt a...
Gladinet CentreStack/Triofox Access Ticket Forge
This module forges access tickets for the Gladinet CentreStack/Triofox /storage/filesvr.dn endpoint. The vulnerability exists because the application uses hardcoded cryptographic keys in GladCtrl64.dll to encrypt/decrypt access tickets. The access ticket is an encrypted string that contains: -...
FUXA 安全漏洞
FUXA is a web-based process visualization software developed by frangoteam. Version 1.2.7 of FUXA contains a security vulnerability. This vulnerability stems from the use of hardcoded keys for signing and verifying JWT tokens in the server/api/jwt-helper.js file. This could allow remote attackers...
Exploit for CVE-2025-15545
CVE-2025-15545 Information Vendor: TP-Link Vendor'...
Explorance Blue security vulnerabilities
Explorance Blue is a learning experience management software developed by the Canadian company Explorance. Versions of Explorance Blue prior to 8.14.12 contained security vulnerabilities. These vulnerabilities stemmed from the use of reversible symmetric encryption with hardcoded static keys to...
Dormakaba Exos 9300 security vulnerabilities
Dormakaba Exos 9300 is an access control and security management system developed by the American company Dormakaba. Dormakaba Exos 9300 has security vulnerabilities; these vulnerabilities stem from multiple hardcoded keys contained in the program libraries and binary files, along with a weak...
Security Bulletin: IBM Controller is vulnerable to exposure of sensitive information
Summary There is a vulnerability in IBM Controller due to the use of hardcoded cryptographic keys for signing session cookies. This Security Bulletin addresses CVE-2025-36326. Vulnerability Details CVEID:CVE-2025-36326 DESCRIPTION: IBM Controller could allow an attacker to obtain sensitive...
CVE-2025-14611
CVE-2025-14611 affects Gladinet CentreStack and Triofox prior to 16.12.10420.56791. The root cause is hardcoded, static keys/IVs used by the AES cryptosystem (AES-256-CBC) in the web services, enabling attackers to forge or decrypt access tickets and potentially trigger arbitrary local file inclu...
Exploit for CVE-2025-38001
Lab: CVE-2025-41744 - Use of Default Cryptographic Key in Spre...
Twonky Server Log Leak Authentication Bypass
This module leverages an authentication bypass in Twonky Server 8.5.2. By exploiting an authorization flaw to access a privileged web API endpoint and leak application logs, encrypted administrator credentials are leaked CVE-2025-13315. The exploit will then decrypt these credentials using...
📄 Brocade Fabric OS Weak Crypto / Key Compromise
This analysis focuses on some older flaws with Brocade Fabric OS versions prior to 9.2.2 related to man-in-the-middle, weak cryptography, and hardcoded key compromise vulnerabilities...
Twonky Server <= 8.5.2 Multiple Vulnerabilities - Version Check
Twonky Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:lynxtechnology:twonkyserver";...
EUVD-2025-131909
Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the encryptionhelper.dart file...
CVE-2025-63289
Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the encryptionhelper.dart file...
CVE-2025-63289
Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the encryptionhelper.dart file...
CVE-2025-63289
Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the encryptionhelper.dart file...
CVE-2025-63289
Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the encryptionhelper.dart file...