Lucene search
K

578 matches found

NVD
NVD
added 2026/02/09 8:16 a.m.16 views

CVE-2026-22906

User credentials are stored using AES‑ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and recover plaintext usernames and passwords, especially when combined with the authentication bypass...

9.8CVSS0.00328EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/09 7:40 a.m.4 views

CVE-2026-22906 Hardcoded Key Allows Credential Disclosure

User credentials are stored using AES‑ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and recover plaintext usernames and passwords, especially when combined with the authentication bypass...

9.8CVSS5.6AI score0.00328EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/09 7:40 a.m.3 views

CVE-2026-22906

User credentials are stored using AES‑ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and recover plaintext usernames and passwords, especially when combined with the authentication bypass...

9.8CVSS5.6AI score0.00328EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2026/02/09 7:40 a.m.30 views

CVE-2026-22906 Hardcoded Key Allows Credential Disclosure

User credentials are stored using AES‑ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and recover plaintext usernames and passwords, especially when combined with the authentication bypass...

9.8CVSS0.00328EPSS
Exploits0References1
CVE
CVE
added 2026/02/09 7:40 a.m.19 views

CVE-2026-22906

CVE-2026-22906 involves credentials disclosure caused by AES-ECB encryption with a hardcoded key in a configuration file. An unauthenticated remote attacker that can obtain the config file can decrypt and recover plaintext usernames and passwords, with higher risk when combined with an authentica...

9.8CVSS5.6AI score0.00328EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.6 views

PT-2026-7084

Name of the Vulnerable Software and Affected Versions WAGO 0852-1322 affected versions not specified Description User credentials are stored using AES-ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and recover plaintext usernam...

9.8CVSS5.6AI score0.00328EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/02/04 8:6 p.m.7 views

CVE-2026-25505

Bambuddy is a self-hosted print archive and management system for Bambu Lab 3D printers. Prior to version 0.1.7, a hardcoded secret key used for signing JWTs is checked into source code and ManyAPI routes do not check authentication. This issue has been patched in version 0.1.7...

9.8CVSS5.4AI score0.00724EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/02/04 8:6 p.m.29 views

CVE-2026-25505

CVE-2026-25505 affects Bambuddy (self-hosted print archive/management for Bambu Lab printers). Root cause: hardcoded secret key used to sign JWTs and many API endpoints do not require authentication, enabling unauthorized access. Impact in the documented disclosures is high (unauthorized admin-li...

9.8CVSS5.4AI score0.00724EPSS
Exploits1References7Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/29 9:21 p.m.8 views

CVE-2025-57796

Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained...

6.8CVSS5.9AI score0.00186EPSS
Exploits0References1
OSV
OSV
added 2026/01/28 6:16 p.m.6 views

CVE-2025-57796

Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained...

6.8CVSS5.8AI score0.00186EPSS
Exploits0References4
NVD
NVD
added 2026/01/28 6:16 p.m.10 views

CVE-2025-57796

Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained...

6.8CVSS0.00186EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/28 5:47 p.m.6 views

CVE-2025-57796

Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained...

6.8CVSS5.9AI score0.00186EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/28 5:47 p.m.8 views

CVE-2025-57796 Use of a hardcoded static key to protect sensitive data in Explorance Blue

Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained...

5.9AI score0.00186EPSS
Exploits0References4
EUVD
EUVD
added 2026/01/28 5:47 p.m.5 views

EUVD-2025-206466

Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained...

6.8CVSS5.9AI score0.00186EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/28 5:47 p.m.30 views

CVE-2025-57796 Use of a hardcoded static key to protect sensitive data in Explorance Blue

Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained...

0.00186EPSS
Exploits0References4
CVE
CVE
added 2026/01/28 5:47 p.m.13 views

CVE-2025-57796

CVE-2025-57796 concerns Explorance Blue versions prior to 8.14.12 that use reversible symmetric encryption with a hardcoded static key to protect sensitive data (including user passwords and system configurations). The design allows offline decryption if encrypted data are obtained, representing ...

6.8CVSS5.9AI score0.00186EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.9 views

PT-2026-5175

Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained...

6.8CVSS5.9AI score0.00186EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/20 9:36 p.m.22 views

CVE-2025-58740 Hardcoded Encryption Key Enables Database Credential Access in Milner ImageDirector Capture

The use of a hard-coded encryption key in calls to the Password function in C2SGlobalSettings.dll in Milner ImageDirector Capture on Windows allows a local attacker to decrypt database credentials by reading the cryptographic key from the executable. This issue affects ImageDirector Capture: from...

8.5CVSS0.00065EPSS
Exploits0References1
CVE
CVE
added 2026/01/20 9:36 p.m.12 views

CVE-2025-58740

The vulnerability CVE-2025-58740 affects Milner ImageDirector Capture on Windows, where a hard-coded encryption key is used in C2SGlobalSettings.dll Password function. This allows a local attacker to decrypt database credentials by reading the cryptographic key from the executable. Affected versi...

8.5CVSS5.4AI score0.00065EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.8 views

Milner ImageDirector Capture security vulnerability

Milner ImageDirector Capture is a document collection and digital asset management software developed by the American company Milner. Versions of Milner ImageDirector Capture prior to 7.6.3.25808 contained security vulnerabilities. These vulnerabilities stemmed from the Password function in...

8.5CVSS5.8AI score0.00065EPSS
Exploits0References1
Rows per page
Query Builder