8038 matches found
CVE-2026-39810
A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via decrypting database dump...
CVE-2026-39810
CVE-2026-39810 describes a vulnerability in Fortinet FortiClientEMS 7.4.0–7.4.5 where a hard‑coded cryptographic key may lead to information disclosure. The affected component is FortiClient EMS, and the root cause is a hard-coded key compromising confidentiality (C>H/I>H). The document set...
CVE-2026-4832
CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able to interrogate the SNMP port...
CVE-2026-4832
CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able to interrogate the SNMP port...
CVE-2026-4832
The CVE-2026-4832 entry describes CWE-798: Use of Hard-coded Credentials that could allow unauthorized access to sensitive device information when an unauthenticated attacker interrogates the SNMP port. The connected sources reiterate the same root cause and impact but do not specify affected pro...
jq 安全漏洞
jq is a lightweight and flexible command-line JSON processor developed by jqlang. There is a security vulnerability in jq, which stems from the use of the MurmurHash3 algorithm that relies on hard-coded public seeds. This vulnerability could allow attackers to exploit the system by providing...
PT-2026-32689
CVE-2026-39810 A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via decrypting databas… https://t.co/v5ryBw0uAj...
PT-2026-32695
CVE-2026-4832 CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able… https://t.co/N2CPBzZjrp...
Schneider Electric多款产品 信任管理问题漏洞
Schneider Electric Easergy MiCOM Px40 Series is a series of power protection and control relay devices produced by Schneider Electric, a French company. Several products from Schneider Electric have vulnerabilities related to trust management. These vulnerabilities stem from the use of hard-coded...
MAL-2026-2823 Malicious code in @genoma-ui/components (npm)
Malicious package detected. It uses pre/post install scripts to download/execute code and exfiltrate user data via curl from a hardcoded IP. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5fb9acd5bf2a73c82be9ac19b7c0cad285cfea2a4b6ff69655f61e7e4a0c26c The...
Apache OpenMeetings Uses Hard-coded Cryptographic Key
Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The remember-me cookie encryption key is set to default value in openmeetings.properties and not being auto-rotated. In case OM admin hasn't changed the default encryption key, an attacker who has stolen a cookie from a...
Use of Hard-coded Cryptographic Key
Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key in the remember-me cookie encryption key and salt. An attacker can obtain full user credentials by stealing a cookie from a logged-in user if the default encryption key has not been changed. Remediati...
Use of Hard-coded Cryptographic Key
Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key in the remember-me cookie encryption key and salt. An attacker can obtain full user credentials by stealing a cookie from a logged-in user if the default encryption key has not been changed. Remediati...
EUVD-2026-20936
Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The remember-me cookie encryption key is set to default value in openmeetings.properties and not being auto-rotated. In case OM admin hasn't changed the default encryption key, an attacker who has stolen a cookie from a...
CVE-2026-33266
Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The remember-me cookie encryption key is set to default value in openmeetings.properties and not being auto-rotated. In case OM admin hasn't changed the default encryption key, an attacker who has stolen a cookie from a...
Security Bulletin: Due to the use of IBM WebSphere Application Server Liberty, CICS Transaction Gateway Desktop Edition and CICS Transaction Gateway for Multiplatforms are vulnerable to two security vulnerabilities.
Summary Due to the use of IBM WebSphere Application Server Liberty, CICS Transaction Gateway Desktop Edition and CICS Transaction Gateway for Multiplatforms are vulnerable to a Use of Hard-coded Cryptographic Key vulnerability CVE-2025-12635 and an Improper Neutralization of Input During Web Page...
PT-2026-31640
Name of the Vulnerable Software and Affected Versions Apache OpenMeetings versions 6.1.0 through 9.0.0 Description A hard-coded cryptographic key is used in Apache OpenMeetings. The remember-me cookie encryption key is set to a default value in the openmeetings.properties file and is not...
CVE-2026-5622
A vulnerability was determined in hcengineering Huly Platform 0.7.382. Affected by this issue is some unknown functionality of the file foundations/core/packages/token/src/token.ts of the component JWT Token Handler. This manipulation of the argument SERVERSECRET with the input secret causes use ...
Exploit for CVE-2025-1242
CERT/CC VU653116 | CISA Advisory ICSA-26-055-03https:/...
Trane Tracer SC, Tracer SC+, and Tracer Concierge Use of Hard-Coded, Security-Relevant Constants (CVE-2026-28256)
A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot fo...