CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/04/10 7:7 a.m.•1 views

MAL-2026-2823 Malicious code in @genoma-ui/components (npm)

Malicious package detected. It uses pre/post install scripts to download/execute code and exfiltrate user data via curl from a hardcoded IP. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5fb9acd5bf2a73c82be9ac19b7c0cad285cfea2a4b6ff69655f61e7e4a0c26c The...

5.8AI score

Github Security Blog•added 2026/04/09 6:31 p.m.•3 views

Apache OpenMeetings Uses Hard-coded Cryptographic Key

Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The remember-me cookie encryption key is set to default value in openmeetings.properties and not being auto-rotated. In case OM admin hasn't changed the default encryption key, an attacker who has stolen a cookie from a...

7.5CVSS5.8AI score0.00055EPSS

Exploits0References4Affected Software1

Snyk•added 2026/04/09 6:31 p.m.•5 views

Use of Hard-coded Cryptographic Key

Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key in the remember-me cookie encryption key and salt. An attacker can obtain full user credentials by stealing a cookie from a logged-in user if the default encryption key has not been changed. Remediati...

8.7CVSS5.8AI score0.00055EPSS

Snyk•added 2026/04/09 6:31 p.m.•1 views

Use of Hard-coded Cryptographic Key

8.7CVSS5.8AI score0.00055EPSS

EUVD•added 2026/04/09 6:31 p.m.•3 views

EUVD-2026-20936

5.9AI score0.00055EPSS

Exploits0References3

NVD•added 2026/04/09 4:16 p.m.•2 views

CVE-2026-33266

7.5CVSS0.00055EPSS

IBM Security Bulletins•added 2026/04/09 8:23 a.m.•8 views

Security Bulletin: Due to the use of IBM WebSphere Application Server Liberty, CICS Transaction Gateway Desktop Edition and CICS Transaction Gateway for Multiplatforms are vulnerable to two security vulnerabilities.

Summary Due to the use of IBM WebSphere Application Server Liberty, CICS Transaction Gateway Desktop Edition and CICS Transaction Gateway for Multiplatforms are vulnerable to a Use of Hard-coded Cryptographic Key vulnerability CVE-2025-12635 and an Improper Neutralization of Input During Web Page...

9.8CVSS5.7AI score0.00035EPSS

Exploits0Affected Software2

Positive Technologies•added 2026/04/09 12:0 a.m.•1 views

PT-2026-31640

Name of the Vulnerable Software and Affected Versions Apache OpenMeetings versions 6.1.0 through 9.0.0 Description A hard-coded cryptographic key is used in Apache OpenMeetings. The remember-me cookie encryption key is set to a default value in the openmeetings.properties file and is not...

5.8AI score0.00055EPSS

Exploits0References6

RedhatCVE•added 2026/04/07 5:12 a.m.•2 views

CVE-2026-5622

A vulnerability was determined in hcengineering Huly Platform 0.7.382. Affected by this issue is some unknown functionality of the file foundations/core/packages/token/src/token.ts of the component JWT Token Handler. This manipulation of the argument SERVERSECRET with the input secret causes use ...

GithubExploit•added 2026/04/07 4:37 a.m.•93 views

Exploit for CVE-2025-1242

CERT/CC VU653116 | CISA Advisory ICSA-26-055-03https:/...

9.3CVSS7.5AI score0.00091EPSS

Exploits2

Tenable Nessus•added 2026/04/07 12:0 a.m.•5 views

Trane Tracer SC, Tracer SC+, and Tracer Concierge Use of Hard-Coded, Security-Relevant Constants (CVE-2026-28256)

A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot fo...

9.8CVSS5.7AI score0.00055EPSS

Tenable Nessus•added 2026/04/07 12:0 a.m.•3 views

Trane Tracer SC, Tracer SC+, and Tracer Concierge Use of Hard-Coded Credentials (CVE-2026-28255)

A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more informatio...

9.8CVSS5.8AI score0.00051EPSS

RedhatCVE•added 2026/04/06 5:0 p.m.•3 views

CVE-2026-5471

A vulnerability was detected in Investory Toy Planet Trouble App up to 1.5.5 on Android. Impacted is an unknown function of the file assets/google-services-desktop.json of the component app.investory.toyfactory. The manipulation of the argument currentkey results in use of hard-coded cryptographi...

4.8CVSS5.5AI score0.00006EPSS

RedhatCVE•added 2026/04/06 10:57 a.m.•3 views

CVE-2026-5549

A vulnerability was determined in Tenda AC10 16.03.10.10multiTDE01. Affected by this issue is some unknown functionality of the file /webrootro/pem/privkeySrv.pem of the component RSA 2048-bit Private Key Handler. Executing a manipulation can lead to use of hard-coded cryptographic key . The atta...

7.5CVSS5.8AI score0.00056EPSS

EUVD•added 2026/04/06 6:30 a.m.•3 views

EUVD-2026-19172

RedhatCVE•added 2026/04/06 5:24 a.m.•3 views

Exploits0References4

CVE-2026-5527

A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Private Key Handler. This manipulation causes use of hard-coded cryptographic key . It is possible t...

6.9CVSS5.9AI score0.00014EPSS

NVD•added 2026/04/06 5:16 a.m.•5 views

CVE-2026-5622

6.3CVSS0.00038EPSS

Exploits0References3

CVE•added 2026/04/06 4:30 a.m.•7 views

CVE-2026-5622

CVE-2026-5622 affects hcengineering Huly Platform 0.7.382. The vulnerability concerns the JWT Token Handler component, specifically foundations/core/packages/token/src/token.ts, where manipulating SERVER_SECRET with the input secret leads to the use of a hard-coded cryptographic key. The issue ca...

ATTACKERKB•added 2026/04/06 4:30 a.m.•4 views

Exploits0References3

CVE-2026-5622