StarCharge Artemis AC Charger 安全漏洞

StarCharge Artemis AC Charger is an AC charger from StarCharge Singapore. A security vulnerability exists in the StarCharge Artemis AC Charger version 7-22 kW 1.0.4, which stems from the use of a hard-coded AES key, which could allow an attacker to forge or decrypt a valid login token...

EUVD-2025-35895

Deck Mate 2's firmware update mechanism accepts packages without cryptographic signature verification, encrypts them with a single hard-coded AES key shared across devices, and uses a truncated HMAC for integrity validation. Attackers with access to the update interface - typically via the unit's...

CVE-2025-34500 Shuffle Master Deck Mate 2 Insecure Update Chain

Deck Mate 2's firmware update mechanism accepts packages without cryptographic signature verification, encrypts them with a single hard-coded AES key shared across devices, and uses a truncated HMAC for integrity validation. Attackers with access to the update interface - typically via the unit's...

CVE-2025-34500

CVE-2025-34500 affects Deck Mate 2. The firmware update mechanism accepts unsigned packages, uses a single hard-coded AES key for encryption, and applies a truncated HMAC for integrity, enabling an attacker with USB/update-interface access to craft/modify firmware to execute arbitrary code as roo...

PT-2025-43687

Name of the Vulnerable Software and Affected Versions Deck Mate 2 affected versions not specified Description The firmware update mechanism for Deck Mate 2 does not verify cryptographic signatures on update packages. Updates are encrypted using a single, hard-coded AES key shared across all devic...

Light & Wonder Deck Mate 安全漏洞

Light & Wonder Deck Mate is an automated licensing device from Light & Wonder, UK. A security vulnerability exists in Light & Wonder Deck Mate that stems from a firmware update mechanism that does not validate cryptographic signatures and uses hard-coded AES keys, which could lead to the executio...

GO-2025-4018 Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret in github.com/ossf/allstar

Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret in github.com/ossf/allstar...

SUSE CVE-2025-54471

NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations when NeuVector stores the data...

CVE-2025-41109 Use of Hard-coded Credentials vulnerability in Ghost Robotics' Vision 60

Ghost Robotics Vision 60 v0.27.2 includes, among its physical interfaces, three RJ45 connectors and a USB Type-C port. The vulnerability is due to the lack of authentication mechanisms when establishing connections through these ports. Specifically, with regard to network connectivity, the robot'...

CVE-2025-41109

CVE-2025-41109 affects Ghost Robotics Vision 60 (v0.27.2). The issue arises from lack of authentication for physical interfaces (three RJ45s and a USB-C port). The device’s internal router automatically assigns IPs to any physically connected equipment, enabling an attacker who controls a rogue W...

CVE-2025-41109 Use of Hard-coded Credentials vulnerability in Ghost Robotics' Vision 60

Ghost Robotics Vision 60 v0.27.2 includes, among its physical interfaces, three RJ45 connectors and a USB Type-C port. The vulnerability is due to the lack of authentication mechanisms when establishing connections through these ports. Specifically, with regard to network connectivity, the robot'...

CVE-2025-41722

The wsc server uses a hard-coded certificate to check the authenticity of SOAP messages. An unauthenticated remote attacker can extract private keys from the Software of the affected devices...

CVE-2025-41722

CVE-2025-41722 : The set of connected sources confirms a vulnerability in the wsc server where a hard-coded certificate is used to verify SOAP messages. This configuration enables an unauthenticated remote attacker to extract private keys from the affected devices. The issue is tied to multiple a...

CVE-2025-41722 Sauter: Hard-coded Authentication Credentials

The wsc server uses a hard-coded certificate to check the authenticity of SOAP messages. An unauthenticated remote attacker can extract private keys from the Software of the affected devices...

EUVD-2025-35352

The wsc server uses a hard-coded certificate to check the authenticity of SOAP messages. An unauthenticated remote attacker can extract private keys from the Software of the affected devices...

CVE-2025-56802

The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the Supplier's position is...

Sauter modu680-AS 信任管理问题漏洞

Sauter modu680-AS is a modular automation station cum web server from Sauter, Switzerland. A trust management issue vulnerability exists in Sauter modu680-AS, which stems from the use of hard-coded certificates to verify the authenticity of SOAP messages, which could lead to private key disclosur...

Use of Hard-coded Cryptographic Key

Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key for encrypting sensitive configurations when NeuVector stores data. The static key can be used to retrieve configuration data. Remediation Upgrade github.com/neuvector/neuvector/controller/common to...

Use of Hard-coded Cryptographic Key

Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key for encrypting sensitive configurations when NeuVector stores data. The static key can be used to retrieve configuration data. Remediation Upgrade github.com/neuvector/neuvector/share to version 5.4.7...

Use of Hard-coded Cryptographic Key

Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key for encrypting sensitive configurations when NeuVector stores data. The static key can be used to retrieve configuration data. Remediation Upgrade github.com/neuvector/neuvector/controller/resource to...