CVE-2025-9604

A vulnerability was identified in coze-studio up to 0.2.4. The impacted element is an unknown function of the file backend/domain/plugin/encrypt/aes.go. The manipulation of the argument AuthSecretKey/StateSecretKey/OAuthTokenSecretKey leads to use of hard-coded cryptographic key . It is possible ...

CVE-2025-9604

A vulnerability was identified in coze-studio up to 0.2.4. The impacted element is an unknown function of the file backend/domain/plugin/encrypt/aes.go. The manipulation of the argument AuthSecretKey/StateSecretKey/OAuthTokenSecretKey leads to use of hard-coded cryptographic key . It is possible ...

CVE-2025-9604 coze-studio aes.go hard-coded key

A vulnerability was identified in coze-studio up to 0.2.4. The impacted element is an unknown function of the file backend/domain/plugin/encrypt/aes.go. The manipulation of the argument AuthSecretKey/StateSecretKey/OAuthTokenSecretKey leads to use of hard-coded cryptographic key . It is possible ...

CVE-2025-9604

CVE-2025-9604 affects coze-studio up to 0.2.4. The vulnerability is in an unknown function within backend/domain/plugin/encrypt/aes.go where manipulation of AuthSecretKey, StateSecretKey, or OAuthTokenSecretKey can lead to use of a hard-coded cryptographic key. Attackers could initiate remotely; ...

CVE-2025-9604 coze-studio aes.go hard-coded key

A vulnerability was identified in coze-studio up to 0.2.4. The impacted element is an unknown function of the file backend/domain/plugin/encrypt/aes.go. The manipulation of the argument AuthSecretKey/StateSecretKey/OAuthTokenSecretKey leads to use of hard-coded cryptographic key . It is possible ...

PT-2025-35307

Name of the Vulnerable Software and Affected Versions: Evope Core version 1.1.3.20 Description: An issue allows a local attacker to obtain sensitive information via the use of hard coded cryptographic keys. Recommendations: At the moment, there is no information about a newer version that contain...

PT-2025-35178

Name of the Vulnerable Software and Affected Versions: Clinic Image System affected versions not specified Description: The Clinic Image System developed by Changing contains hard-coded credentials. This allows unauthenticated remote attackers to log into the system using administrator credential...

Evope Core 安全漏洞

Evope Core is a base module for a process platform from Evope Brazil. A security vulnerability exists in Evope Core version 1.1.3.20, which stems from the use of hard-coded encryption keys and could lead to the disclosure of sensitive information...

PT-2025-35169

Name of the Vulnerable Software and Affected Versions: coze-studio versions up to 0.2.4 Description: A vulnerability exists due to the use of hard-coded cryptographic keys. The issue is located in an unknown function within the backend/domain/plugin/encrypt/aes.go file. Manipulation of the...

Changing Clinic Image System 信任管理问题漏洞

Changing Clinic Image System is a computer system that manages and displays medical images from Changing, a Taiwan, China-based company. A trust management issue vulnerability exists in the Changing Clinic Image System, which stems from hard-coded credentials, and could allow an unauthenticated,...

CVE-2025-56577

An issue in Evope Core v.1.1.3.20 allows a local attacker to obtain sensitive information via the use of hard coded cryptographic keys...

CVE-2025-56577

CVE-2025-56577 describes a vulnerability in Evope Core v1.1.3.20 where a local attacker can obtain sensitive information due to the use of hard-coded cryptographic keys. The available connected sources corroborate the affected product/version and the cryptographic-key issue, with CVSSv3.1 base sc...

Coze Studio 安全漏洞

Coze Studio is an AI Agent visualization and development platform open-sourced by Coze Studio. A security vulnerability exists in Coze Studio 0.2.4 and earlier versions, which originates from the use of hard-coded encryption keys for the parameters AuthSecretKey/StateSecretKey/OAuthTokenSecretKey...

CVE-2025-56577

An issue in Evope Core v.1.1.3.20 allows a local attacker to obtain sensitive information via the use of hard coded cryptographic keys...

CVE-2025-58081

Use of hard-coded password issue/vulnerability in SS1 Ver.16.0.0.10 and earlier Media version:16.0.0a and earlier allows a remote unauthenticated attacker to view arbitrary files with root privileges...

CVE-2025-58081

CVE-2025-58081 affects SS1 software (SS1 Ver.16.0.0.10 and earlier; Media version:16.0.0a and earlier). The issue is use of a hard-coded password, enabling a remote unauthenticated attacker to view arbitrary files with root privileges. Public disclosures across NVD, Red Hat, JVN and related recor...

CVE-2025-58081

Use of hard-coded password issue/vulnerability in SS1 Ver.16.0.0.10 and earlier Media version:16.0.0a and earlier allows a remote unauthenticated attacker to view arbitrary files with root privileges...

CVE-2025-58081

Use of hard-coded password issue/vulnerability in SS1 Ver.16.0.0.10 and earlier Media version:16.0.0a and earlier allows a remote unauthenticated attacker to view arbitrary files with root privileges...

DOS & CO SS1 安全漏洞

DOS & CO SS1 is an asset management tool from DOS & CO Japan. A security vulnerability exists in DOS & CO SS1 Ver.16.0.0.10 and earlier versions, which stems from the use of hard-coded passwords, and could allow a remote unauthenticated attacker to view arbitrary files with root privileges...

PT-2025-34979

Name of the Vulnerable Software and Affected Versions: SS1 versions 16.0.0.10 and earlier SS1 Media versions 16.0.0.a and earlier Description: The use of a hard-coded password in SS1 allows a remote, unauthenticated attacker to view arbitrary files with root privileges. Recommendations: Versions...