Apache OFBiz 安全漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained security vulnerabilities, which were caused by the use of hard-coded...

CVE-2021-27254

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the applysave.cgi endpoint. This issue results from the use of hard-coded...

CVE-2020-10884

This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP...

Gladinet CentreStack 安全漏洞

Gladinet CentreStack is a premier mobile access and secure sharing solution from Gladinet USA. Provides self-hosted cloud storage. A security vulnerability exists in versions prior to Gladinet CentreStack 16.12.10420.56791, which stems from the use of hard-coded values in the AES encryption schem...

PT-2025-49179

Name of the Vulnerable Software and Affected Versions Apache StreamPark versions 2.0.0 through 2.1.6 Description The system utilizes weak encryption keys, either fixed or derived directly from user passwords, when encrypting sensitive data. Attackers may obtain these keys through reverse...

Sogexia Android App 安全漏洞

Sogexia Android App is a payment account management mobile application from Sogexia Luxembourg. A security vulnerability exists in Sogexia Android App that originates from the inclusion of hard-coded encryption keys in the encryptionhelper.dart file...

Desknets Neo 安全漏洞

Desknets Neo is a remote office support software from Desknets Japan. A security vulnerability exists in Desknets Neo versions V4.0R1.0 through V9.0R2.0, which stems from the use of a hard-coded encryption key, which could allow an attacker to create a malicious AppSuite application...

EUVD-2019-4011

Malware in sbrugna...

EUVD-2023-41198

Malicious code in bioql PyPI...

EUVD-2022-24986

Malicious code in bioql PyPI...

EUVD-2023-52444

Malicious code in bioql PyPI...

PerfreeBlog 安全漏洞

PerfreeBlog is PerfreeBlog open source, a java-based blog/CMS builder. A security vulnerability exists in PerfreeBlog version 4.0.11, which stems from the use of hard-coded encryption keys...

CVE-2019-5106

A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text...

CVE-2019-12376

Use of a hard-coded encryption key in Ivanti LANDESK Management Suite LDMS, aka Endpoint Manager 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user with read privileges...

Experts Flag Security, Privacy Risks in DeepSeek AI App

New mobile apps from the Chinese artificial intelligence AI company DeepSeek have remained among the top three "free" downloads for Apple and Google devices since their debut on Jan. 25, 2025. But experts caution that many of DeepSeek's design choices -- such as using hard-coded encryption keys,...

Siemens SINEC INS Using Hardcoded Encryption Keys Vulnerability

Siemens SINEC INS is a software from Siemens, Germany, that provides centralized services for network infrastructures. Siemens SINEC INS suffers from a use of hard-coded encryption key vulnerability that can be exploited by an attacker to learn the encryption key material and decrypt arbitrary...

Unspecified Vulnerability in IBM Maximo Application Suite-Monitor Component

IBM Maximo Application Suite is a single platform for intelligent asset management, monitoring, maintenance, computer vision, security and reliability from International Business Machines IBM. A security vulnerability exists in IBM Maximo Application Suite-Monitor Component, which stems from the...

MSP360 Security Breach

MSP360 is a cost-effective, flexible and versatile backup and data recovery solution from MSP360, Inc. A security vulnerability exists in MSP360 7.8.5.15 and 7.9.4.84, which stems from the use of hard-coded key encryption and allows an attacker to obtain network share credentials used in backups...

LightPicture Security Vulnerability

LightPicture is an enterprise/team/individual image resource management system, graphic bed system by osuuuu individual developers. A security vulnerability exists in LightPicture 1.2.2 and earlier versions, which stems from the fact that the file /app/middleware/TokenVerify.php leads to the use ...

Design/Logic Flaw

Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account, including administrator’s account, ...