VulnCheck KEV: CVE-2026-5426

Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks...

EUVD-2023-41193

Malicious code in bioql PyPI...

EUVD-2022-36031

Malicious code in bioql PyPI...

Design/Logic Flaw

SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code and disrupt service...

PT-2023-25883 · Smartisoft · Smartbpm.Net

Name of the Vulnerable Software and Affected Versions: SmartSoft SmartBPM.NET affected versions not specified Description: The issue is related to the use of a hard-coded machine key in SmartSoft SmartBPM.NET. This allows an unauthenticated remote attacker to send a serialized payload to the...

CVE-2022-32965

OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service...

CVE-2022-32965

CVE-2022-32965 affects OMICARD EDM due to a hard-coded machine key in the server, enabling an unauthenticated remote attacker to send a serialized payload to execute arbitrary code, manipulate system data, and disrupt service. The PT-2022-21613 entry provides concrete details (affected software, ...