Lucene search
K

1118 matches found

Cvelist
Cvelist
added 2026/04/17 7:22 p.m.37 views

CVE-2026-32324 Anviz CX7 Firmware Use of Hard-coded Cryptographic Key

Anviz CX7 Firmware is vulnerable because the application embeds reusable certificate/key material, enabling decryption of MQTT traffic and potential interaction with device messaging channels at scale...

7.7CVSS0.00087EPSS
Exploits0References3
CVE
CVE
added 2026/04/17 7:22 p.m.22 views

CVE-2026-32324

The CVE-2026-32324 entry concerns Anviz CX7 Firmware. The affected software is the CX7 firmware’s application, which is reported to embed reusable certificate/key material. This configuration enables decryption of MQTT traffic and could allow interaction with device messaging channels at scale. T...

7.7CVSS5.8AI score0.00087EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/14 6:30 p.m.5 views

EUVD-2026-22339

A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via...

6CVSS5.8AI score0.001EPSS
Exploits0References2
NVD
NVD
added 2026/04/14 4:16 p.m.2 views

CVE-2026-39810

A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via decrypting database dump...

6CVSS0.001EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/14 3:38 p.m.3 views

CVE-2026-39810

A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via decrypting database dump...

6CVSS5.8AI score0.001EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/14 3:38 p.m.28 views

CVE-2026-39810

A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via decrypting database dump...

6CVSS0.001EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/14 3:38 p.m.1 views

CVE-2026-39810

A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via decrypting database dump...

6CVSS5.8AI score0.001EPSS
Exploits0References1
CVE
CVE
added 2026/04/14 3:38 p.m.14 views

CVE-2026-39810

CVE-2026-39810 describes a vulnerability in Fortinet FortiClientEMS 7.4.0–7.4.5 where a hard‑coded cryptographic key may lead to information disclosure. The affected component is FortiClient EMS, and the root cause is a hard-coded key compromising confidentiality (C>H/I>H). The document set...

6CVSS5.8AI score0.001EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.3 views

PT-2026-32689

CVE-2026-39810 A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via decrypting databas… https://t.co/v5ryBw0uAj...

6CVSS5.8AI score0.001EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/09 6:31 p.m.7 views

Use of Hard-coded Cryptographic Key

Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key in the remember-me cookie encryption key and salt. An attacker can obtain full user credentials by stealing a cookie from a logged-in user if the default encryption key has not been changed. Remediati...

8.7CVSS5.8AI score0.00234EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 6:31 p.m.5 views

Use of Hard-coded Cryptographic Key

Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key in the remember-me cookie encryption key and salt. An attacker can obtain full user credentials by stealing a cookie from a logged-in user if the default encryption key has not been changed. Remediati...

8.7CVSS5.8AI score0.00234EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/09 6:31 p.m.5 views

EUVD-2026-20936

Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The remember-me cookie encryption key is set to default value in openmeetings.properties and not being auto-rotated. In case OM admin hasn't changed the default encryption key, an attacker who has stolen a cookie from a...

5.9AI score0.00234EPSS
Exploits0References3
NVD
NVD
added 2026/04/09 4:16 p.m.6 views

CVE-2026-33266

Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The remember-me cookie encryption key is set to default value in openmeetings.properties and not being auto-rotated. In case OM admin hasn't changed the default encryption key, an attacker who has stolen a cookie from a...

7.5CVSS0.00234EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/09 8:23 a.m.13 views

Security Bulletin: Due to the use of IBM WebSphere Application Server Liberty, CICS Transaction Gateway Desktop Edition and CICS Transaction Gateway for Multiplatforms are vulnerable to two security vulnerabilities.

Summary Due to the use of IBM WebSphere Application Server Liberty, CICS Transaction Gateway Desktop Edition and CICS Transaction Gateway for Multiplatforms are vulnerable to a Use of Hard-coded Cryptographic Key vulnerability CVE-2025-12635 and an Improper Neutralization of Input During Web Page...

9.8CVSS5.7AI score0.00173EPSS
Exploits0Affected Software2
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.6 views

PT-2026-31640

Name of the Vulnerable Software and Affected Versions Apache OpenMeetings versions 6.1.0 through 9.0.0 Description A hard-coded cryptographic key is used in Apache OpenMeetings. The remember-me cookie encryption key is set to a default value in the openmeetings.properties file and is not...

5.8AI score0.00234EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/07 5:12 a.m.5 views

CVE-2026-5622

A vulnerability was determined in hcengineering Huly Platform 0.7.382. Affected by this issue is some unknown functionality of the file foundations/core/packages/token/src/token.ts of the component JWT Token Handler. This manipulation of the argument SERVERSECRET with the input secret causes use ...

6.3CVSS5.3AI score0.00255EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/06 5:0 p.m.5 views

CVE-2026-5471

A vulnerability was detected in Investory Toy Planet Trouble App up to 1.5.5 on Android. Impacted is an unknown function of the file assets/google-services-desktop.json of the component app.investory.toyfactory. The manipulation of the argument currentkey results in use of hard-coded cryptographi...

4.8CVSS5.5AI score0.00141EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/06 10:57 a.m.4 views

CVE-2026-5549

A vulnerability was determined in Tenda AC10 16.03.10.10multiTDE01. Affected by this issue is some unknown functionality of the file /webrootro/pem/privkeySrv.pem of the component RSA 2048-bit Private Key Handler. Executing a manipulation can lead to use of hard-coded cryptographic key . The atta...

7.5CVSS5.8AI score0.00395EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/06 6:30 a.m.4 views

EUVD-2026-19172

A vulnerability was determined in hcengineering Huly Platform 0.7.382. Affected by this issue is some unknown functionality of the file foundations/core/packages/token/src/token.ts of the component JWT Token Handler. This manipulation of the argument SERVERSECRET with the input secret causes use ...

6.3CVSS5.3AI score0.00255EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/06 5:24 a.m.6 views

CVE-2026-5527

A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Private Key Handler. This manipulation causes use of hard-coded cryptographic key . It is possible t...

6.9CVSS5.9AI score0.00435EPSS
Exploits0References1
Rows per page
Query Builder