8089 matches found
PT-2025-48373
A vulnerability was determined in motogadget mo.lock Ignition Lock up to 20251125. Affected by this vulnerability is an unknown functionality of the component NFC Handler. Executing manipulation can lead to use of hard-coded cryptographic key . The physical device can be targeted for the attack. ...
CVE-2025-64304
"FOD" App uses hard-coded cryptographic keys, which may allow a local unauthenticated attacker to retrieve the cryptographic keys...
Apache Syncope Trust Management Issues Vulnerability
Apache Syncope is the United States Apache Apache Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration and more. Apache Syncope has a trust management issue vulnerability that stems from...
CVE-2025-65998
Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option. When AES is configured, the default key value, hard-coded in the source code, is always used. This allows a malicious attacker, once obtained...
CVE-2025-64304
"FOD" App uses hard-coded cryptographic keys, which may allow a local unauthenticated attacker to retrieve the cryptographic keys...
"FOD" App uses hard-coded cryptographic keys
Overview "FOD" App provided by Fuji Television Network, Inc. uses hard-coded cryptographic keys Use of hard-coded cryptographic key CWE-321 - CVE-2025-64304 The keys are used in the processing of JWT data. Impact The cryptographic keys may be retrieved. The developer considers that the impact is...
CVE-2025-64304
The CVE-2025-64304 entry concerns the FujiTV/FOD mobile app, which reportedly hard-codes cryptographic keys (CWE-321). A local, unauthenticated attacker may retrieve these keys from the app, as described in multiple sources. Documented impact centers on disclosure of cryptographic keys; the provi...
CVE-2025-64304
"FOD" App uses hard-coded cryptographic keys, which may allow a local unauthenticated attacker to retrieve the cryptographic keys...
EUVD-2025-199539
"FOD" App uses hard-coded cryptographic keys, which may allow a local unauthenticated attacker to retrieve the cryptographic keys...
CVE-2025-64304
"FOD" App uses hard-coded cryptographic keys, which may allow a local unauthenticated attacker to retrieve the cryptographic keys...
EUVD-2025-199012
A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. There are Hard-coded configuration values...
CVE-2025-54341
A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. There are Hard-coded configuration values...
PT-2025-47986
"FOD" App uses hard-coded cryptographic keys, which may allow a local unauthenticated attacker to retrieve the cryptographic keys...
FujiTelevison FOD app 安全漏洞
FujiTelevison FOD app is an on-demand mobile app from FujiTelevison Japan. A security vulnerability exists in the FujiTelevison FOD app that stems from the use of hard-coded encryption keys, which could lead to a local attacker obtaining the keys...
CVE-2025-54341
A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. There are Hard-coded configuration values...
CVE-2018-25126 TVT NVMS-9000 Hard-coded API Credentials & Command Injection
Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products contains hardcoded API credentials and an OS command injection flaw in its configuration services. The web/API interface accepts HTTP/XML requests authenticated with a fixed vendor...
CVE-2018-25126
CVE-2018-25126 affects Shenzhen TVT NVMS-9000 firmware, used in many white-labeled DVR/NVR/IPC products. The issue arises from hardcoded API credentials and an OS command injection flaw in the configuration services: the web/API interface accepts HTTP/XML requests authenticated with a fixed vendo...
GHSA-JQG8-M35Q-JH7J Apache Syncope's AES encryption stores hard-coded passwords in internal database
Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option. When AES is configured, the default key value, hard-coded in the source code, is always used. This allows a malicious attacker, once obtained...
EUVD-2025-198717
Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option. When AES is configured, the default key value, hard-coded in the source code, is always used. This allows a malicious attacker, once obtained...
Apache Syncope's AES encryption stores hard-coded passwords in internal database
Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option. When AES is configured, the default key value, hard-coded in the source code, is always used. This allows a malicious attacker, once obtained...