Lucene search
K

323 matches found

Vulnrichment
Vulnrichment
added 2026/04/17 7:22 p.m.3 views

CVE-2026-32324 Anviz CX7 Firmware Use of Hard-coded Cryptographic Key

Anviz CX7 Firmware is vulnerable because the application embeds reusable certificate/key material, enabling decryption of MQTT traffic and potential interaction with device messaging channels at scale...

7.7CVSS5.8AI score0.00087EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.6 views

PT-2026-30565

A vulnerability was determined in hcengineering Huly Platform 0.7.382. Affected by this issue is some unknown functionality of the file foundations/core/packages/token/src/token.ts of the component JWT Token Handler. This manipulation of the argument SERVER SECRET with the input secret causes use...

6.3CVSS5.3AI score0.00255EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/03 9:42 p.m.19 views

CVE-2015-10148 Hirschmann HiLCOS Hard-coded Credentials SSH SSL Keys

Hirschmann HiLCOS devices OpenBAT, WLC, BAT300, BAT54 prior to 8.80 and OpenBAT prior to 9.10 are shipped with identical default SSH and SSL keys that cannot be changed, allowing unauthenticated remote attackers to decrypt or intercept encrypted management communications. Attackers can perform...

8.8CVSS0.00291EPSS
Exploits0References2
CVE
CVE
added 2026/04/03 9:42 p.m.7 views

CVE-2015-10148

CVE-2015-10148 concerns Hirschmann HiLCOS devices: OpenBAT, WLC, BAT300, BAT54 prior to 8.80 and OpenBAT prior to 9.10 are shipped with identical default SSH and SSL keys that cannot be changed. This enables unauthenticated remote attackers to decrypt or intercept encrypted management communicati...

8.8CVSS5.9AI score0.00291EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.8 views

CampusConnect 安全漏洞

CampusConnect is a university social networking application developed by CampusConnect in Ireland. Versions of CampusConnect prior to 14.3.5 contained a security vulnerability due to the use of hard-coded encryption keys...

4.8CVSS5.8AI score0.00144EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/31 10:59 a.m.3 views

CVE-2026-1612

AL-KO Robolinho Update Software has hard-coded AWS Access and Secret keys that allow anyone to access AL-KO's AWS bucket. Using the keys directly might give the attacker greater access than the app itself. Key grants AT LEAST read access to some of the objects in bucket. The vendor was notified...

6.9CVSS5.8AI score0.00392EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/30 12:32 p.m.6 views

EUVD-2026-17077

AL-KO Robolinho Update Software has hard-coded AWS Access and Secret keys that allow anyone to access AL-KO's AWS bucket. Using the keys directly might give the attacker greater access than the app itself. Key grants AT LEAST read access to some of the objects in bucket. The vendor was notified...

6.9CVSS5.9AI score0.00392EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/30 9:56 a.m.3 views

CVE-2026-1612 Hard-coded AWS Key in AL-KO Robolinho Update Software

AL-KO Robolinho Update Software has hard-coded AWS Access and Secret keys that allow anyone to access AL-KO's AWS bucket. Using the keys directly might give the attacker greater access than the app itself. Key grants AT LEAST read access to some of the objects in bucket. The vendor was notified...

6.9CVSS5.8AI score0.00392EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/30 9:56 a.m.4 views

CVE-2026-1612

AL-KO Robolinho Update Software has hard-coded AWS Access and Secret keys that allow anyone to access AL-KO's AWS bucket. Using the keys directly might give the attacker greater access than the app itself. Key grants AT LEAST read access to some of the objects in bucket. The vendor was notified...

6.9CVSS5.8AI score0.00392EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/30 9:56 a.m.11 views

CVE-2026-1612

AL-KO Robolinho Update Software contains hard-coded AWS Access and Secret keys that grant at least read access to objects in an AWS bucket. The vulnerability is documented for version 8.0.21.0610 as vulnerable; other versions were not tested and may also be affected. No remediation details are pr...

6.9CVSS5.8AI score0.00392EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/30 9:56 a.m.23 views

CVE-2026-1612 Hard-coded AWS Key in AL-KO Robolinho Update Software

AL-KO Robolinho Update Software has hard-coded AWS Access and Secret keys that allow anyone to access AL-KO's AWS bucket. Using the keys directly might give the attacker greater access than the app itself. Key grants AT LEAST read access to some of the objects in bucket. The vendor was notified...

6.9CVSS0.00392EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/30 12:0 a.m.8 views

AL-KO Robolinho Update Software 信任管理问题漏洞

AL-KO Robolinho Update Software is a firmware update tool developed by the German company AL-KO. Version 8.0.21.0610 of AL-KO Robolinho Update Software contains a vulnerability related to trust management. This vulnerability stems from hard-coded AWS keys, which may allow unauthorized access to A...

6.9CVSS5.8AI score0.00392EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.8 views

PT-2026-29008

AL-KO Robolinho Update Software has hard-coded AWS Access and Secret keys that allow anyone to access AL-KO's AWS bucket. Using the keys directly might give the attacker greater access than the app itself. Key grants AT LEAST read access to some of the objects in bucket. The vendor was notified...

6.9CVSS5.9AI score0.00392EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.9 views

TP-Link多款产品 安全漏洞

TP-LINK Archer is a series of routers produced by TP-LINK Corporation. Several TP-Link products have security vulnerabilities. These vulnerabilities stem from hard-coded encryption keys in the configuration mechanism, which may allow authenticated attackers to decrypt configuration files, modify...

8.5CVSS7.5AI score0.00133EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.9 views

Sercomm SCE4255W 安全漏洞

Sercomm SCE4255W is a broadband gateway device produced by Sercomm in Taiwan, China. Previous versions of Sercomm SCE4255W DG3934v3@2308041842 contained security vulnerabilities. These vulnerabilities stemmed from the use of hard-coded AES-256-CBC keys in the configuration backup/restore mechanis...

9.8CVSS5.8AI score0.00401EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/03 12:0 a.m.7 views

Weintek cMT-3072XH2 easyweb 安全漏洞

Weintek cMT-3072XH2 easyweb is an intelligent human-computer interaction interface developed by Weintek Company in Taiwan, China. The version v2.1.53 of Weintek cMT-3072XH2 easyweb contains a security vulnerability. This vulnerability stems from the presence of hard-coded encryption keys, which m...

5.3CVSS5.8AI score0.00174EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/02/14 7:25 a.m.281 views

Exploit for CVE-2026-26335

👤 Author Mohammed Idrees Banyamer Security Researcher...

10CVSS6.7AI score0.02806EPSS
Exploits3
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.8 views

WordPress plugin Prime Listing Manager 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

9.8CVSS5.8AI score0.00366EPSS
Exploits0References2
OSV
OSV
added 2026/02/06 5:16 p.m.6 views

CVE-2026-2103

Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt a...

7.8CVSS5.8AI score0.00097EPSS
Exploits1References1
NVD
NVD
added 2026/02/06 5:16 p.m.7 views

CVE-2026-2103

Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt a...

7.8CVSS0.00097EPSS
Exploits1References1
Rows per page
Query Builder