CVE-2020-7846

Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads to a file download and execution via access to crafted web page...

EUVD-2020-28778

Malware in sbrugna...

EUVD-2023-37534

Malicious code in bioql PyPI...

EUVD-2023-44892

Malicious code in bioql PyPI...

EUVD-2024-35292

Malicious code in bioql PyPI...

(Pwn2Own) QNAP QHora-322 backup Use of Hard-coded Cryptographic Key Privilege Escalation Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of QNAP QHora-322 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the Backup and Restore functionality. The issue results from the use of a...

CVE-2025-52374

Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords to other servers from hMailAdmin.exe.config file to access other hMailServer admin consoles with configured connections...

CVE-2025-52374

Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords to other servers from hMailAdmin.exe.config file to access other hMailServer admin consoles with configured connections...

PT-2025-30301 · Unknown · Hmailserver

Name of the Vulnerable Software and Affected Versions: hMailServer versions 5.6.9-beta hMailServer versions 5.8.6 Description: The software contains a hardcoded cryptographic key in the BlowFish.cpp file. This allows an attacker to decrypt passwords used in database connections from the...

CVE-2025-52374

Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords to other servers from hMailAdmin.exe.config file to access other hMailServer admin consoles with configured connections...

CVE-2025-52373

The CVE-2025-52373 entry describes a vulnerability in hMailServer where a hardcoded cryptographic key in BlowFish.cpp affects versions 5.8.6 and 5.6.9-beta. This enables an attacker to decrypt passwords used for database connections from hMailServer.ini. The impact is disclosure of stored DB cred...

CVE-2024-9679

A Hardcoded Cryptographic key vulnerability existed in DLP Extension 11.11.1.3 which allowed the decryption of previously encrypted user credentials...

CVE-2023-33371

Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication...

CVE-2018-9195

Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient sent and...

CVE-2024-35344

Certain Anpviz products contain a hardcoded cryptographic key stored in the firmware of the device. This affects IPC-D250, IPC-D260, IPC-B850, IPC-D850, IPC-D350, IPC-D3150, IPC-D4250, IPC-D380, IPC-D880, IPC-D280, IPC-D3180, MC800N, YM500L, YM800NN2, YMF50B, YM800SV2, YM500L8, and YM200E10...

CVE-2024-28989

SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software...

CVE-2024-28989

SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software...

CVE-2024-9679

The CVE-2024-9679 entry concerns Trellix DLP Extension, version 11.11.1.3, with a hardcoded cryptographic key that enables decryption of previously encrypted user credentials. The connected PT-2024-39758 advisory confirms the affected software and exact version, and states that the vulnerability ...

CVE-2024-9679

A Hardcoded Cryptographic key vulnerability existed in DLP Extension 11.11.1.3 which allowed the decryption of previously encrypted user credentials...

CVE-2024-9679

A Hardcoded Cryptographic key vulnerability existed in DLP Extension 11.11.1.3 which allowed the decryption of previously encrypted user credentials...