CVE-2025-64778 Mirion Medical EC2 Software NMIS BioDose Use of Hard-coded Credentials

NMIS/BioDose software V22.02 and previous versions contain executable binaries with plain text hard-coded passwords. These hard-coded passwords could allow unauthorized access to both the application and database...

CVE-2025-64778 Mirion Medical EC2 Software NMIS BioDose Use of Hard-coded Credentials

NMIS/BioDose software V22.02 and previous versions contain executable binaries with plain text hard-coded passwords. These hard-coded passwords could allow unauthorized access to both the application and database...

CVE-2025-64778

CVE-2025-64778 concerns NMIS/BioDose software V22.02 and earlier, where executables ship with hard-coded plaintext passwords. The root cause is embedded credentials in binary files, enabling unauthorized access to both the application and the SQL Server database under affected deployments. Public...

Use of Hard-coded Cryptographic Key

Overview arcade-mcp-server is a Model Context Protocol MCP server framework for Arcade.dev Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key via the HTTP server uses a hardcoded default worker secret "dev" that is never validated or overridden during normal...

Use of Hard-coded Cryptographic Key

Overview arcade-mcp is an Arcade.dev - Tool Calling platform for Agents Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key via the HTTP server uses a hardcoded default worker secret "dev" that is never validated or overridden during normal server startup. An...

GHSA-644F-HRFF-MF96 Duplicate Advisory: Authentication Bypass via Default JWT Secret in NocoBase docker-compose Deployments

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mv7p-34fv-4874. This link is maintained to preserve external references. Original Description A vulnerability was detected in nocobase up to 1.9.4/2.0.0-alpha.37. The affected element is an unknown function of t...

CVE-2025-13877

A vulnerability was detected in nocobase up to 1.9.4/2.0.0-alpha.37. The affected element is an unknown function of the file nocobase\packages\core\auth\src\base\jwt-service.ts of the component JWT Service. The manipulation of the argument APIKEY results in use of hard-coded cryptographic key . T...

CVE-2025-13877 nocobase JWT Service jwt-service.ts hard-coded key

A vulnerability was detected in nocobase up to 1.9.4/2.0.0-alpha.37. The affected element is an unknown function of the file nocobase\packages\core\auth\src\base\jwt-service.ts of the component JWT Service. The manipulation of the argument APIKEY results in use of hard-coded cryptographic key . T...

CVE-2025-13877

CVE-2025-13877 / GHSA : NocoBase contains an authentication bypass in Docker deployments due to insecure default JWT secret usage in the JWT Service. Public default keys in docker-compose configurations allowed forging valid tokens and impersonating admin users, enabling remote, unauthenticated a...

CVE-2025-13877 nocobase JWT Service jwt-service.ts hard-coded key

A vulnerability was detected in nocobase up to 1.9.4/2.0.0-alpha.37. The affected element is an unknown function of the file nocobase\packages\core\auth\src\base\jwt-service.ts of the component JWT Service. The manipulation of the argument APIKEY results in use of hard-coded cryptographic key . T...

PT-2025-48710

Name of the Vulnerable Software and Affected Versions nocobase versions 1.9.4 and 2.0.0-alpha.37 Description A security issue exists in nocobase that allows for remote attacks with high complexity and difficult exploitability. The issue involves the manipulation of the API KEY argument within an...

Mirion Medical EC2 Software NMIS BioDose 信任管理问题漏洞

Mirion Medical EC2 Software NMIS BioDose is a software for managing and analyzing biological dosimetry data from Mirion Medical, Germany. A trust management issue vulnerability exists in Mirion Medical EC2 Software NMIS BioDose V22.02 and prior versions, which stems from the inclusion of hard-cod...

Arcade MCP Server Framework 信任管理问题漏洞

Arcade MCP Server Framework is an open source MCP server framework from Arcade.dev. A trust management issue vulnerability exists in Arcade MCP Server Framework versions prior to 1.5.4, which stems from hard-coding the default working key, which could lead to bypassing the authentication layer...

CIRCUTOR SGE-PLC1000和CIRCUTOR SGE-PLC50 安全漏洞

The CIRCUTOR SGE-PLC1000 and CIRCUTOR SGE-PLC50 are both a network concentrator from CIRCUTOR Spain. A security vulnerability exists in the CIRCUTOR SGE-PLC1000 and CIRCUTOR SGE-PLC50 version v9.0.2, which stems from the firmware containing hard-coded keys that could lead to bypassing access...

nocobase 安全漏洞

Nocobase is a low-code platform open-sourced by NocoBase. A security vulnerability exists in nocobase version 1.9.4 and 2.0.0-alpha.37, which stems from the use of a hard-coded key for the parameter APIKEY in the file nocobasepackagescoreauthsrcasejwt-service.ts...

EUVD-2025-199909

A vulnerability was determined in motogadget mo.lock Ignition Lock up to 20251125. Affected by this vulnerability is an unknown functionality of the component NFC Handler. Executing manipulation can lead to use of hard-coded cryptographic key . The physical device can be targeted for the attack. ...

CVE-2025-6666

A vulnerability was determined in motogadget mo.lock Ignition Lock up to 20251125. Affected by this vulnerability is an unknown functionality of the component NFC Handler. Executing manipulation can lead to use of hard-coded cryptographic key . The physical device can be targeted for the attack. ...

CVE-2025-6666 motogadget mo.lock Ignition Lock NFC hard-coded key

A vulnerability was determined in motogadget mo.lock Ignition Lock up to 20251125. Affected by this vulnerability is an unknown functionality of the component NFC Handler. Executing manipulation can lead to use of hard-coded cryptographic key . The physical device can be targeted for the attack. ...

CVE-2025-6666 motogadget mo.lock Ignition Lock NFC hard-coded key

A vulnerability was determined in motogadget mo.lock Ignition Lock up to 20251125. Affected by this vulnerability is an unknown functionality of the component NFC Handler. Executing manipulation can lead to use of hard-coded cryptographic key . The physical device can be targeted for the attack. ...

CVE-2025-6666

CVE-2025-6666 affects motogadget mo.lock Ignition Lock up to 20251125. The vulnerability stems from an unknown NFC Handler functionality where manipulation can lead to use of a hard-coded cryptographic key. The attack requires physical access and is described as high complexity with difficult exp...