Wiz Research Discovers One in Five Organizations Exposed to Systemic Risks in Vibe-Coded Applications - Here's How to Secure Them

New research reveals four common security risks systematically affecting vibe-coded applications - with remediation strategies curated together with Lovable...

PT-2025-38486

Name of the Vulnerable Software and Affected Versions Cognex device affected versions not specified Description An attacker with adjacent access, without authentication, can retrieve a hard-coded password embedded in the software. This password can be used to decrypt sensitive network traffic...

Dover Fueling Solutions多款产品 安全漏洞

Dover Fueling Solutions MAGLINK LX Console and others are products of Dover Fueling Solutions.Dover Fueling Solutions MAGLINK LX Console is an integrated console for fuel stations and oil distribution. This console is designed to help manage the various operations of a fuel station, including...

Cognex多款产品 安全漏洞

Cognex In-Sight Explorer and Cognex In-Sight Camera Firmware are both products of Cognex Corporation, U.S.A. Cognex In-Sight Explorer is a tool that has the ability to debug and program the software of its line of smart cameras.Cognex In-Sight Camera Firmware is firmware for a range of smart...

CVE-2024-48842

Use of Hard-coded Credentials vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5 and newer versions...

CVE-2024-48842 Hardcoded passwords

Use of Hard-coded Credentials vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5 and newer versions...

CVE-2024-48842

CVE-2024-48842 affects ABB FLXEON controllers (through 9.3.5 and newer). The vulnerability arises from hard-coded credentials in the product, combined with improper input validation leading to remote code execution. The ICSA/CISA summary notes credentials handling weaknesses (passwords may be sto...

ABB FLXEON 信任管理问题漏洞

ABB FLXEON is a family of building automation controllers from ABB Switzerland. ABB FLXEON 9.3.5 and earlier versions and later versions are vulnerable to a trust management issue that stems from the use of hard-coded credentials...

PT-2025-38158

Name of the Vulnerable Software and Affected Versions: ABB FLXEON versions through 9.3.5 and newer versions Description: The product contains hard-coded credentials. Recommendations: Versions through 9.3.5 and newer versions: At the moment, there is no information about a newer version that...

BMC Control-M 安全漏洞

BMC Control-M is an application from BMC, Inc. simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M versions 9.0.18 through 9.0.20, which stems from the Blowfish encryption algorithm that uses a hard-coded key, and could...

Ceragon EtherHaul series 操作系统命令注入漏洞

The Ceragon EtherHaul series is a point-to-point infinite link device from Ceragon USA. A security vulnerability exists in the Ceragon EtherHaul series versions 7.4.0 through 10.7.3 and earlier, which stems from the use of hard-coded static AES encryption keys by the rfpiped service, which could...

CVE-2025-10250

A weakness has been identified in DJI Mavic Spark, Mavic Air and Mavic Mini 01.00.0500. Affected is an unknown function of the component Telemetry Channel. Executing manipulation can lead to use of hard-coded cryptographic key . The attacker needs to be present on the local network. A high...

Hard-coded Cryptographic Key

cn.hippo4j, hippo4j-core is vulnerable to use of hard-coded cryptographic key. The vulnerability is due to a hard-coded secret key in JWT creation, which allows an attacker to forge valid access tokens and impersonate any user, including privileged ones like "admin"...

CVE-2025-55047

CWE-798 Use of Hard-coded Credentials...

CVE-2025-10250

A weakness has been identified in DJI Mavic Spark, Mavic Air and Mavic Mini 01.00.0500. Affected is an unknown function of the component Telemetry Channel. Executing manipulation can lead to use of hard-coded cryptographic key . The attacker needs to be present on the local network. A high...

CVE-2025-10250 DJI Mavic Spark/Mavic Air/Mavic Mini Telemetry Channel hard-coded key

A weakness has been identified in DJI Mavic Spark, Mavic Air and Mavic Mini 01.00.0500. Affected is an unknown function of the component Telemetry Channel. Executing manipulation can lead to use of hard-coded cryptographic key . The attacker needs to be present on the local network. A high...

CVE-2025-10250

CVE-2025-10250 affects DJI Mavic Spark/Mavic Air/Mavic Mini (firmware 01.00.0500) due to a hard-coded cryptographic key in the Telemetry Channel. A local-network attacker can exploit this, with the vulnerability described as high attack complexity and publicly released exploit; affected products ...

CVE-2025-10250 DJI Mavic Spark/Mavic Air/Mavic Mini Telemetry Channel hard-coded key

A weakness has been identified in DJI Mavic Spark, Mavic Air and Mavic Mini 01.00.0500. Affected is an unknown function of the component Telemetry Channel. Executing manipulation can lead to use of hard-coded cryptographic key . The attacker needs to be present on the local network. A high...

PT-2025-37174

Name of the Vulnerable Software and Affected Versions: DJI Mavic Spark version 01.00.0500 DJI Mavic Air version 01.00.0500 DJI Mavic Mini version 01.00.0500 Description: A weakness exists in the Telemetry Channel component due to the use of a hard-coded cryptographic key. An attacker present on t...

DJI Mavic 安全漏洞

DJI Mavic is a series of drones from the Chinese company DJI DJI. A security vulnerability exists in DJI Mavic that stems from the use of hard-coded keys in the component Telemetry Channel, which could lead to a local network attack...