CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8064 matches found

Cvelist•added 2026/06/15 10:5 a.m.•32 views

CVE-2026-34029 Hard-coded cryptographic key in Wertheim SafeController Software allows decryption of sensitive configuration data

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded cryptographic key in the SafeSystem.Infrastructure.Security.dll component. An attacker with access to the application files can reverse engineer the DLL and recover the hard-coded cryptographic key. This...

6.8CVSS0.0012EPSS

Exploits1References2

Vulnrichment•added 2026/06/15 10:5 a.m.•7 views

CVE-2026-34029 Hard-coded cryptographic key in Wertheim SafeController Software allows decryption of sensitive configuration data

6.8CVSS5.2AI score0.0012EPSS

Exploits1References2

Cvelist•added 2026/06/15 10:2 a.m.•31 views

CVE-2026-34022 Weak custom cryptography and hard-coded keys in Wertheim SafeController 65000 allow traffic decryption

The Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319, uses weak custom cryptographic algorithms with hard-coded cryptographic keys to protect communication. An attacker in an adversary-in-the-middle position can decrypt the data traffic. During reassessment...

7.1CVSS0.00116EPSS

Exploits0References2

EUVD•added 2026/06/15 10:2 a.m.•8 views

EUVD-2026-36705

7.1CVSS5.5AI score0.00116EPSS

Exploits0References2

Vulnrichment•added 2026/06/15 10:2 a.m.•6 views

CVE-2026-34022 Weak custom cryptography and hard-coded keys in Wertheim SafeController 65000 allow traffic decryption

7.1CVSS5.4AI score0.00116EPSS

Exploits0References2

CVE•added 2026/06/15 10:2 a.m.•11 views

CVE-2026-34022

The CVE-2026-34022 entry affects Wertheim SafeController Family 65000, Controller 65000 (AssemblyVersion 6.11.8130.22319). The root cause is the use of weak custom cryptographic algorithms with hard-coded keys to protect communications, enabling interception of data in transit. During reassessmen...

7.1CVSS5.5AI score0.00116EPSS

Exploits0References3

Positive Technologies•added 2026/06/15 12:0 a.m.•7 views

PT-2026-49200

6.8CVSS5.2AI score0.0012EPSS

Exploits1References3

Positive Technologies•added 2026/06/15 12:0 a.m.•12 views

PT-2026-49546

Name of the Vulnerable Software and Affected Versions Canon EOS Network Setting Tool versions prior to 1.5.1 Description The software contains hard-coded cryptographic keys, which are fixed keys embedded directly into the source code, potentially allowing unauthorized decryption or authentication...

9.8CVSS6.6AI score0.00232EPSS

Exploits0References8

Positive Technologies•added 2026/06/15 12:0 a.m.•8 views

PT-2026-49193

7.1CVSS5.5AI score0.00116EPSS

Exploits0References3

OSV•added 2026/06/12 8:57 p.m.•7 views

MAL-2026-5717 Malicious code in claudechor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a9cbb36cf7ed82685830b5d3a2b341bff9ef86e2688842d1f54259b2b6fb533 The package's bin entry reads installer-owned Claude credential files /.claude/.credentials.json and /.claude.json — written by Anthropic's official...

5.4AI score

Exploits0References5

NVD•added 2026/06/12 7:16 p.m.•13 views

CVE-2026-28742

Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is recovered from any device, an attacker can generate valid signatures for arbitrary device or account operations due to the absence of per-device keys,...

9.8CVSS0.00512EPSS

Exploits0References2

Cvelist•added 2026/06/12 6:3 p.m.•32 views

CVE-2026-28742 Naxclow IoT Platform Use of hard-coded cryptographic key

9.8CVSS0.00512EPSS

Exploits0References2

Vulnrichment•added 2026/06/12 6:3 p.m.•7 views

CVE-2026-28742 Naxclow IoT Platform Use of hard-coded cryptographic key

9.8CVSS5.5AI score0.00512EPSS

Exploits0References2

CVE•added 2026/06/12 6:3 p.m.•19 views

CVE-2026-28742

CVE-2026-28742 relates to Naxclow IoT Platform devices using a uniform, hard-coded platform-wide salt for request signing embedded in firmware. The lack of per‑device keys, server-side nonce tracking, or replay protections allows recovered salts to enable valid signatures for arbitrary device or ...

9.8CVSS5.4AI score0.00512EPSS

Exploits0References2

NVD•added 2026/06/12 4:16 p.m.•11 views

CVE-2026-50091

Aqara Home Android com.lumiunited.aqarahome 6.0.0 and white-label clients embedding the same liblumidevsdk.so uses hard-coded cryptographic keys, which is an instance of "CWE-321: Use of Hard-coded Cryptographic Key" and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 9.1...

9.1CVSS0.00246EPSS

Exploits0References2

NVD•added 2026/06/12 3:16 p.m.•10 views

CVE-2026-10557

The Yarbo Android and iOS applications contain hard-coded MQTT broker credentials that are identical for all users and all devices. These credentials are embedded in the application binary and are readily extractable via APK decompilation. The credentials provide access to cloud MQTT brokers...

9.8CVSS0.00529EPSS

Exploits0References2

Cvelist•added 2026/06/12 3:2 p.m.•25 views

CVE-2026-50091 Aqara Home Android SDK hardcoded keys

9.1CVSS0.00246EPSS

Exploits0References2

EUVD•added 2026/06/12 3:2 p.m.•6 views

EUVD-2026-36481

9.1CVSS5.2AI score0.00246EPSS

Exploits0References2

Vulnrichment•added 2026/06/12 3:2 p.m.•8 views

CVE-2026-50091 Aqara Home Android SDK hardcoded keys

9.1CVSS5.3AI score0.00246EPSS

Exploits0References2

CVE•added 2026/06/12 3:2 p.m.•12 views

CVE-2026-50091

CVE-2026-50091 affects Aqara Home Android (package com.lumiunited.aqarahome, version 6.0.0 and white-label clients embedding liblumidevsdk.so). The vulnerability arises from hard-coded cryptographic keys (CWE-321) in the related library, as described in the NVD/CVE entries. The CVSS v3.1 base sco...

9.1CVSS5.3AI score0.00246EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by