323 matches found
Vulnerabilities fixed in Ivanti Workspace Control
Ivanti has fixed vulnerabilities in Ivanti Workspace Control Specifically for versions prior to 10.19.10.0. The vulnerabilities are in the hard-coded keys within Ivanti Workspace Control, specifically in versions prior to 10.19.10.0. These vulnerabilities allow local, authenticated attackers to...
Project AI 信任管理问题漏洞
Project AI is a platform by Aryan Singh Personal Developer designed to simplify the creation of AI agents using Google AI Studio. Project AI has a trust management issue vulnerability that stems from the presence of hard-coded API keys in the code...
CVE-2025-48417
The certificate and private key used for providing transport layer security for connections to the web interface TCP port 443 is hard-coded in the firmware and are shipped with the update files. An attacker can use the private key to perform man-in-the-middle attacks against users of the admin...
CVE-2022-41540
The web app client of TP-Link AX10v1 V1211117 uses hard-coded cryptographic keys when communicating with the router. Attackers who are able to intercept the communications between the web client and router through a man-in-the-middle attack can then obtain the sequence key via a brute-force attac...
CVE-2020-14099
On Xiaomi router AX1800 rom version 1.0.336 and RM1800 root version 1.0.26, the encryption scheme for a user's backup files uses hard-coded keys, which can expose sensitive information such as a user's password...
CVE-2019-10851
Computrols CBAS 18.0.0 has hard-coded encryption keys...
CVE-2024-56429
itech iLabClient 3.7.1 relies on the hard-coded YngAYdgAE/kKZYu2F2wm6w== key found in iLabClient.jar for local users to read or write to the database...
ConnectWise Risk Assessment 安全漏洞
ConnectWise Risk Assessment is a cybersecurity risk assessment tool from ConnectWise that identifies vulnerabilities, compliance gaps, and provides remediation recommendations in enterprise IT environments to help MSPs and organizations achieve proactive risk management. ConnectWise Risk Assessme...
Mojolicious 安全漏洞
Mojolicious is Mojolicious open source Perl-based real-time web framework. A security vulnerability exists in Mojolicious 9.39 and earlier versions, which stems from the use of hard-coded strings or application class names as HMAC session keys, which could lead to session forgery...
Korenix JetNet Use of Hard-Coded Cryptographic Key (CVE-2017-14021)
A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e,...
i-PRO Surveillance Cameras和i-PRO Recorders 安全漏洞
i-PRO Surveillance Cameras and i-PRO Recorders are both products of i-PRO Japan. i-PRO Surveillance Cameras are a line of surveillance cameras. i-PRO Recorders are a line of video recorders. A security vulnerability exists in i-PRO Surveillance Cameras and i-PRO Recorders that stems from the use ...
OPEN BizRobo! 安全漏洞
OPEN BizRobo! is a business robot software from OPEN. A security vulnerability exists in OPEN BizRobo! that stems from the use of hard-coded encryption keys that may lead to credential disclosure...
Vulnerability fixed in Gladinet CentreStack
Gladinet has fixed a vulnerability in CentreStack Versions up to 16.1.10296.56315. The vulnerability is in the way hard-coded machineKeys and cryptographic keys are used, resulting in a serious deserialization vulnerability. The vulnerability allows a malicious party to generate rogue ViewState...
VulnCheck KEV: CVE-2025-30406
Gladinet CentreStack and Triofox contains a use of hard-coded cryptographic key vulnerability in the way that the application manages keys used for ViewState integrity verification. Successful exploitation allows an attacker to forge ViewState payloads for server-side deserialization, allowing...
FastCMS 安全漏洞
FastCMS is a content management system from FastCMS, Inc. A security vulnerability exists in FastCMS version 0.1.5 that stems from the use of hard-coded encryption keys by the JWT processing component...
Fortinet FortiSandbox 安全漏洞
Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. Fortinet FortiSandbox suffers from a security vulnerability that stems from th...
Vasion Print 信任管理问题漏洞
Vasion Print is a SaaS-based, cloud-hosted application from Vasion for managing and deploying printers. Vasion Print has a security vulnerability that stems from the presence of hard-coded AWS API keys...
DocuSnap 安全漏洞
DocuSnap is an app from DocuSnap that turns mobile devices into portable scanners. Used to scan, edit, store and share documents to PDF. A security vulnerability exists in DocuSnap 13.0.1440.24261 and earlier versions, which stems from the use of hard-coded encryption keys...
Q-Free MAXTIME Suite 安全漏洞
Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A security vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions, which stems from the use of hard-coded encryption keys in JWT signatures. An attacker could exploit the vulnerabilit...
Siemens APOGEE Series 加密问题漏洞
Siemens APOGEE Series is a family of building automation and control systems from Siemens, Germany. The Siemens APOGEE Series suffers from a cryptographic vulnerability that arises from the fact that the affected devices contain a weak encryption mechanism based on hard-coded keys. This could all...