JVN#30641875: Multiple vulnerabilities in BizRobo!

BizRobo! is an RPA Robotic Process Automation software provided by OPEN, Inc. Users compile an automation flow using DesignStudio, a development application that runs on Windows, and create robot files. A web application Management Console is provided to schedule RPA execution and to check the...

CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a critical security flaw impacting Gladinet CentreStack to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2025-30406 CVSS score:...

Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability

Gladinet CentreStack and Triofox contains a use of hard-coded cryptographic key vulnerability in the way that the application manages keys used for ViewState integrity verification. Successful exploitation allows an attacker to forge ViewState payloads for server-side deserialization, allowing fo...

Siemens SENTRON 7KT PAC1260 Data Manager 信任管理问题漏洞

Siemens SENTRON 7KT PAC1260 Data Manager is a device for power monitoring and energy management from Siemens Germany. A trust management issue vulnerability exists in the Siemens SENTRON 7KT PAC1260 Data Manager, which stems from the presence of hard-coded credentials that can be exploited by an...

WordPress plugin Melhor Envio 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

Philips IntelliSpace Portal 安全漏洞

Philips IntelliSpace Portal is an advanced medical image analysis platform from Philips Netherlands that provides multimodal image processing and automated diagnostic tools. A security vulnerability exists in Philips IntelliSpace Portal version 12 and earlier and Advanced Visualization Workspace...

CVE-2025-3177

A vulnerability was found in FastCMS 0.1.5. It has been declared as critical. This vulnerability affects unknown code of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key . The attack can be initiated remotely. The complexity of an attack is rather high. The...

VulnCheck KEV: CVE-2025-30406

Gladinet CentreStack and Triofox contains a use of hard-coded cryptographic key vulnerability in the way that the application manages keys used for ViewState integrity verification. Successful exploitation allows an attacker to forge ViewState payloads for server-side deserialization, allowing...

CVE-2025-3177

A vulnerability was found in FastCMS 0.1.5. It has been declared as critical. This vulnerability affects unknown code of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key . The attack can be initiated remotely. The complexity of an attack is rather high. The...

CVE-2025-3177

A vulnerability was found in FastCMS 0.1.5. It has been declared as critical. This vulnerability affects unknown code of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key . The attack can be initiated remotely. The complexity of an attack is rather high. The...

CVE-2025-3177 FastCMS JWT hard-coded key

A vulnerability was found in FastCMS 0.1.5. It has been declared as critical. This vulnerability affects unknown code of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key . The attack can be initiated remotely. The complexity of an attack is rather high. The...

CVE-2025-3177 FastCMS JWT hard-coded key

A vulnerability was found in FastCMS 0.1.5. It has been declared as critical. This vulnerability affects unknown code of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key . The attack can be initiated remotely. The complexity of an attack is rather high. The...

FastCMS 安全漏洞

FastCMS is a content management system from FastCMS, Inc. A security vulnerability exists in FastCMS version 0.1.5 that stems from the use of hard-coded encryption keys by the JWT processing component...

PT-2025-14629 · Fastcms · Fastcms

Name of the Vulnerable Software and Affected Versions: FastCMS version 0.1.5 Description: A critical issue affects the JWT Handler component, where the manipulation leads to the use of a hard-coded cryptographic key. The attack can be initiated remotely, with a rather high complexity, making...

CVE-2025-2402

A hard-coded, non-random password for the object store minio of KNIME Business Hub in all versions except the ones listed below allows an unauthenticated remote attacker in possession of the password to read and manipulate swapped jobs or read and manipulate in- and output data of active jobs. It...

CVE-2025-2402

A hard-coded, non-random password for the object store minio of KNIME Business Hub in all versions except the ones listed below allows an unauthenticated remote attacker in possession of the password to read and manipulate swapped jobs or read and manipulate in- and output data of active jobs. It...

CVE-2025-2402

A hard-coded, non-random password for the object store minio of KNIME Business Hub in all versions except the ones listed below allows an unauthenticated remote attacker in possession of the password to read and manipulate swapped jobs or read and manipulate in- and output data of active jobs. It...

CVE-2025-2402 Hard-coded password for object store of KNIME Business Hub

A hard-coded, non-random password for the object store minio of KNIME Business Hub in all versions except the ones listed below allows an unauthenticated remote attacker in possession of the password to read and manipulate swapped jobs or read and manipulate in- and output data of active jobs. It...

CVE-2025-2402 Hard-coded password for object store of KNIME Business Hub

A hard-coded, non-random password for the object store minio of KNIME Business Hub in all versions except the ones listed below allows an unauthenticated remote attacker in possession of the password to read and manipulate swapped jobs or read and manipulate in- and output data of active jobs. It...

CVE-2025-2402

CVE-2025-2402 affects KNIME Business Hub. A hard-coded, non-random password for the object store (MinIO) in all versions except the listed fixes enables an unauthenticated attacker to read/manipulate swapped jobs or in/out data of active jobs, and can cause a denial-of-service by writing large da...