CVE-2026-22586

Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January...

CVE-2026-22586

Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January...

CVE-2026-22586

The CVE-2026-22586 entry concerns Salesforce Marketing Cloud Engagement, specifically modules such as CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, and View As Webpage. The root cause is a hard-coded cryptographic key that enables Web Services Protocol Manipu...

CVE-2026-22586

Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January...

PT-2026-4543

Name of the Vulnerable Software and Affected Versions Salesforce Marketing Cloud Engagement versions prior to January 21st, 2026 Description A hard-coded cryptographic key in the CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, and View As Webpage modules allows...

CVE-2020-7515

A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker to decrypt a password...

CVE-2021-33020

Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key...

CVE-2022-23441

A use of hard-coded cryptographic key vulnerability CWE-321 in FortiEDR versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow an unauthenticated attacker on the network to disguise as and forge messages from other collectors...

CVE-2020-7846

Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads to a file download and execution via access to crafted web page...

Use Of Hard-coded Cryptographic Key

github.com/neuvector/neuvector is vulnerable to use of hard-coded cryptographic key. The vulnerability is due to a cryptographic key being hard-coded and embedded in the source code at compilation time, which allows an attacker with access to the code or binaries to recover the key and decrypt...

CVE-2019-16208

Password-based encryption PBE algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services Radius, TACAS, etc...

CVE-2019-16150

Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to the local storage or the configuration backup file to decrypt the sensitive data via knowledge of the hard-cod...

Use Of A Hard-Coded Cryptographic Key

org.apache.streampark, streampark is vulnerable to Use of a Hard-Coded Cryptographic Key. The vulnerability is due to the use of a fixed, immutable encryption key in the application, which allows an attacker to recover the key through code analysis and decrypt sensitive data or forge encrypted...

Application-Specific Power Side-Channel Attacks and Countermeasures: A Survey

Side-channel attacks try to extract secret information from a system by analyzing different side-channel signatures, such as power consumption, electromagnetic emanation, thermal dissipation, acoustics, time, etc. Power-based side-channel attack is one of the most prominent side-channel attacks i...

Use of Hard-coded Cryptographic Key

Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key in the config.yml file. An attacker can gain unauthorized access to sensitive information by exploiting the presence of a hard-coded cryptographic key. Remediation A fix was pushed into the master...

CVE-2025-15108

A vulnerability was detected in PandaXGO PandaX up to fb8ff40f7ce5dfebdf66306c6d85625061faf7e5. This affects an unknown function of the file config.yml of the component JWT Secret Handler. The manipulation of the argument key results in use of hard-coded cryptographic key . The attack may be...

CVE-2025-15108

PandaXGO PandaX up to fb8ff40f7ce5dfebdf66306c6d85625061faf7e5 is affected in the JWT Secret Handler component. The issue stems from manipulating the key argument in config.yml, resulting in use of a hard-coded cryptographic key. The vulnerability can be exploited remotely and is described with h...

Use of Hard-coded Cryptographic Key

Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key via the JWTSecretKey argument in the JWT Secret Handler. An attacker can gain unauthorized access to sensitive information by exploiting the use of a hard-coded cryptographic key in remote requests...

CVE-2025-15105 getmaxun auth.ts hard-coded key

A security flaw has been discovered in getmaxun maxun up to 0.0.28. Impacted is an unknown function of the file /getmaxun/maxun/blob/develop/server/src/routes/auth.ts. Performing manipulation of the argument apikey results in use of hard-coded cryptographic key . Remote exploitation of the attack...

PT-2025-53617

Name of the Vulnerable Software and Affected Versions getmaxun versions up to 0.0.28 Description A security flaw exists in getmaxun maxun up to version 0.0.28. The issue involves manipulation of the api key argument within an unknown function located in the file...