56 matches found
Security Bulletin: NVIDIA DGX Spark - May 2026
NVIDIA has released a software update for NVIDIA® DGX Spark. To protect your system, download and install the latest version of NVIDIA DGX OS from the NVIDIA DGX site. Go to NVIDIA Product Security. Details The following table summarizes the potential vulnerabilities that this security update...
CVE-2020-7515
A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker to decrypt a password...
EUVD-2025-4152
Malicious code in bioql PyPI...
CVE-2025-26340
A CWE-321 "Use of Hard-coded Cryptographic Key" in the JWT signing in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to bypass the authentication via crafted HTTP requests...
CVE-2025-26340
A CWE-321 "Use of Hard-coded Cryptographic Key" in the JWT signing in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to bypass the authentication via crafted HTTP requests...
CVE-2025-26340
CVE-2025-26340 describes a CWE-321 vulnerability in Q-Free MaxTime (
CVE-2025-26340
A CWE-321 "Use of Hard-coded Cryptographic Key" in the JWT signing in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to bypass the authentication via crafted HTTP requests...
Ewon Cosy+ Hardcoded Key
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-032 Product: Ewon Cosy+ Manufacturer: HMS Industrial Networks AB Affected Versions: Firmware Versions: 21.2s10 and 22.1s3 Tested Versions: Firmware Version: 21.2s7 Vulnerability Type: Use of Hard-coded Cryptographic Key CWE-32...
Journyx 11.5.4 Unauthenticated Password Reset Bruteforce Vulnerability
Journyx version 11.5.4 suffers from an issue where password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administrator password. Title: Journyx Unauthenticated...
Journyx 11.5.4 Unauthenticated Password Reset Bruteforce
KL-001-2024-007: Journyx Unauthenticated Password Reset Bruteforce Title: Journyx Unauthenticated Password Reset Bruteforce Advisory ID: KL-001-2024-007 Publication Date: 2024.08.07 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-007.txt 1. Vulnerability Details Affected...
Journyx Unauthenticated Password Reset Bruteforce
Vulnerability Details Affected Vendor: Journyx Affected Product: Journyx jtime Affected Version: 11.5.4 Platform: GNU/Linux CWE Classification: CWE-321: Use of Hard-coded Cryptographic Key, CWE-334: Small Space of Random Values, CWE-799: Improper Control of Interaction Frequency CVE ID:...
JVN#83405304: "OfferBox" App uses a hard-coded secret key
"OfferBox" App provided by i-plug inc. uses a hard-coded secret key for JWT CWE-321. Impact The hard-coded secret key for JWT may be retrieved if the application binary is reverse-engineered. Solution The hard-coded secret key has been revoked by the developer on May 8, 2024 therefore this...
CVE-2023-42492
EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key...
CVE-2023-42492
EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key...
Hardcoded credentials
EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key...
CVE-2023-42492 EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key
EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key...
CVE-2023-42492
CVE-2023-42492 affects EisBaer Scada with a hard-coded cryptographic key (CWE-321). The root cause is use of a hard-coded key within the software, enabling potential disclosure or tampering of protected data. NVD lists a high/severe impact (Confidentiality, Integrity, Availability at high/critica...
JVN#38222042: DataSpider Servista uses a hard-coded cryptographic key
DataSpider Servista provided by SAISON INFORMATION SYSTEMS CO.,LTD. is a data integration software. ScriptRunner and ScriptRunner for Amazon SQS are used to start the configured processes on DataSpider Servista. The cryptographic key is embedded in ScriptRunner and ScriptRunner for Amazon SQS,...
JVN#13306058: JINS MEME CORE uses a hard-coded cryptographic key
JINS MEME CORE provided by JINS Inc. is a nose pad type sensor attached to a glass frame. JINS MEME CORE uses a hard-coded cryptographic key CWE-321. Impact A network-adjacent attacker may decrypt data acquired by a sensor of the affected product. Solution Update the firmware Update the firmware ...
CVE-2023-0391: MGT-COMMERCE CloudPanel Shared Certificate Vulnerability and Weak Installation Procedures
While using the popular self-hosted web administration solution, CloudPanel from MGT-COMMERCE, Rapid7 researcher Tod Beardsley discovered three security concerns. The first, an issue involving the trustworthiness of the installation script provided by the vendor, was an instance of CWE-494:...