Fortinet FortiClientEMS 安全漏洞

Fortinet FortiClientEMS is part of the endpoint management solution provided by Fortinet, a company owned by Fortinet Corporation. It aims to help organizations effectively manage terminal devices within their networks and provide monitoring and control of endpoint security. There are security...

Apache OpenMeetings 安全漏洞

Apache OpenMeetings is a multilingual, customizable video conferencing and collaboration system developed by the Apache Foundation in the United States. This product supports audio and video capabilities, and allows users to view the desktops of each participant. Prior to Apache OpenMeetings 9.0....

Tenda 4G03 安全漏洞

The Tenda 4G03 is a wireless router produced by the Chinese company Tenda. The Tenda 4G03 Pro 1.0 version, 1.0re version, 01.bin version, and 04.03.01.53 version have security vulnerabilities, which stem from the use of hardcoded encryption keys...

CVE-2026-26334

Calero VeraSMART versions prior to 2026 R1 contain hardcoded static AES encryption keys within Veramark.Framework.dll Veramark.Core.Config class. These keys are used to encrypt the password of the service account stored in C:\VeraSMART Data\app.settings. An attacker with local access to the...

Infor SyteLine ERP 安全漏洞

Infor SyteLine ERP is an enterprise resource planning platform developed by Infor Corporation in the United States. There is a security vulnerability in Infor SyteLine ERP, which stems from the use of hardcoded static encryption keys, potentially leading to the decryption of stored credentials...

EUVD-2025-203165

Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted...

CVE-2025-13315, CVE-2025-13316: Critical Twonky Server Authentication Bypass (NOT FIXED)

Overview Twonky Server version 8.5.2 is susceptible to two vulnerabilities that facilitate administrator authentication bypass on Linux and Windows. An unauthenticated attacker can improperly access a privileged web API endpoint to leak application logs, which contain encrypted administrator...

CVE-2025-63289

Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the encryptionhelper.dart file...

EUVD-2023-37930

Malicious code in bioql PyPI...

EUVD-2024-23041

Malicious code in bioql PyPI...

CVE-2025-57174

CVE-2025-57174 covers Siklu EtherHaul EH-8010/ EH-1200 devices (firmware 7.4.0–10.7.3) where the rfpiped service on TCP port 555 uses static, hardcoded AES keys. The keys are identical across devices, enabling an unauthenticated attacker to craft encrypted packets and trigger remote command execu...

CVE-2023-33778

Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their o...

CVE-2024-25731

The Elink Smart eSmartCam com.cn.dq.ipc application 2.1.5 for Android contains hardcoded AES encryption keys that can be extracted from a binary file. Thus, encryption can be defeated by an attacker who can observe packet data e.g., over Wi-Fi...

CVE-2023-33778

Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their o...

CVE-2023-33778

Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their o...

CVE-2015-6846

EMC SourceOne Email Supervisor prior to version 7.2 contains hardcoded encryption keys, enabling an attacker to gain access by inspecting cryptographic operations in the program. This CVE (CVE-2015-6846) is documented in multiple feeds (NVD, CVE listings) with a common description of hardcoded ke...

Cisco Sourcefire User Agent 2.2 - Insecure File Permissions

Exploit for windows platform in category local exploits / Cisco Sourcefire User Agent Insecure File Permissions Vulnerability Vendor: Cisco Product webpage: http://www.cisco.com Affected versions: Cisco SF User Agent 2.2 Fixed versions: Cisco SF User Agent 2.2-25 Date: 08/09/2015 Credits: Glafkos...