Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

571 matches found

EUVD
EUVDadded 2025/12/26 4:29 a.m.3 views

EUVD-2025-205419

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered a vulnerability in Device Manager that a hardcoded encryption key for sensitive information. An attacker can use key to decrypt sensitive information. T...

6.3CVSS6AI score0.00091EPSS
Exploits0References2
CVE
CVEadded 2025/12/26 4:29 a.m.14 views

CVE-2025-52601

Hanwha Vision cameras exposed by CVE-2025-52601 contain a hard-coded cryptographic key in Device Manager, enabling an attacker with local access to decrypt sensitive information. The vulnerability is described as a hard-coded key for sensitive data, with a patch firmware released by the manufactu...

7.8CVSS6.1AI score0.00091EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologiesadded 2025/12/26 12:0 a.m.6 views

PT-2025-53449

Name of the Vulnerable Software and Affected Versions Nozomi Networks Device Manager affected versions not specified Description A hardcoded encryption key exists for sensitive information within Nozomi Networks Device Manager. An attacker could leverage this key to decrypt sensitive data...

6.3CVSS6.3AI score0.00091EPSS
Exploits0References5
CVE
CVEadded 2025/12/15 12:0 a.m.15 views

CVE-2025-67809

Affected software: Zimbra Collaboration (ZCS) 10.0 and 10.1 with the Flickr Zimlet. Issue: hardcoded Flickr API key and secret embedded in the publicly accessible Zimlet allowed credential disclosure and potential impersonation during Flickr OAuth flows, enabling access to a user’s Flickr data if...

4.7CVSS6.6AI score0.00239EPSS
Exploits0References3Affected Software1
Veracode
Veracodeadded 2025/12/13 4:23 a.m.7 views

Use Of Hardcoded Cryptographic Key

sureness is vulnerable to Use of Hardcoded Cryptographic Key. The vulnerability is due to the use of a hardcoded key within the application, allowing attackers who obtain or reverse engineer the key to bypass security protections or forge trusted data...

9.8CVSS7.7AI score0.00808EPSS
Exploits1References3Affected Software1
EUVD
EUVDadded 2025/12/02 3:30 p.m.4 views

EUVD-2025-200235

Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected firmware contains a hardcoded static authentication key. An attacker with local access to the device can extract this key e.g., by analysing the firmware image or memory dump and create valid firmware updat...

8.6CVSS6.4AI score0.0012EPSS
Exploits0References2
NVD
NVDadded 2025/12/02 1:15 p.m.3 views

CVE-2025-11781

Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected firmware contains a hardcoded static authentication key. An attacker with local access to the device can extract this key e.g., by analysing the firmware image or memory dump and create valid firmware updat...

8.6CVSS0.0012EPSS
Exploits0References1
OSV
OSVadded 2025/12/02 1:15 p.m.5 views

CVE-2025-11781

Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected firmware contains a hardcoded static authentication key. An attacker with local access to the device can extract this key e.g., by analysing the firmware image or memory dump and create valid firmware updat...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/12/02 12:59 p.m.3 views

CVE-2025-11781 Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50

Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected firmware contains a hardcoded static authentication key. An attacker with local access to the device can extract this key e.g., by analysing the firmware image or memory dump and create valid firmware updat...

8.6CVSS6.5AI score0.0012EPSS
Exploits0References1
CVE
CVEadded 2025/12/02 12:59 p.m.10 views

CVE-2025-11781

CVE-2025-11781 affects Circutor SGE-PLC1000/SGE-PLC50 firmware v9.0.2. The root cause is a hardcoded static authentication key in the firmware, allowing a local attacker to extract the key (from firmware image or memory) and create valid firmware update packages, bypassing access controls and gai...

8.6CVSS6.5AI score0.0012EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2025/12/02 12:59 p.m.8 views

CVE-2025-11781 Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50

Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected firmware contains a hardcoded static authentication key. An attacker with local access to the device can extract this key e.g., by analysing the firmware image or memory dump and create valid firmware updat...

8.6CVSS0.0012EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/12/02 12:0 a.m.5 views

PT-2025-48671

Name of the Vulnerable Software and Affected Versions Circutor SGE-PLC1000/SGE-PLC50 version 9.0.2 Description The affected firmware contains a hardcoded static authentication key. An attacker with local access can extract this key by analyzing the firmware image or memory dump. This allows the...

8.6CVSS5.4AI score0.0012EPSS
Exploits0References6
RedhatCVE
RedhatCVEadded 2025/11/27 1:54 p.m.4 views

CVE-2025-63433

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. The key is stored as a static value within the application's code. An attacker with the ability to intercept network traffic can use this hardcoded key to decrypt,...

4.6CVSS6.7AI score0.00164EPSS
Exploits1References1
OSV
OSVadded 2025/11/24 5:16 p.m.5 views

CVE-2025-63433

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. The key is stored as a static value within the application's code. An attacker with the ability to intercept network traffic can use this hardcoded key to decrypt,...

4.6CVSS5.8AI score0.00164EPSS
Exploits1References2
NVD
NVDadded 2025/11/24 5:16 p.m.5 views

CVE-2025-63433

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. The key is stored as a static value within the application's code. An attacker with the ability to intercept network traffic can use this hardcoded key to decrypt,...

4.6CVSS0.00164EPSS
Exploits1References2
EUVD
EUVDadded 2025/11/24 12:0 a.m.10 views

EUVD-2025-198966

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. The key is stored as a static value within the application's code. An attacker with the ability to intercept network traffic can use this hardcoded key to decrypt,...

4.6CVSS6.3AI score0.00164EPSS
Exploits1References3
Cvelist
Cvelistadded 2025/11/24 12:0 a.m.8 views

CVE-2025-63433

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. The key is stored as a static value within the application's code. An attacker with the ability to intercept network traffic can use this hardcoded key to decrypt,...

0.00164EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2025/11/24 12:0 a.m.6 views

PT-2025-47947

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. The key is stored as a static value within the application's code. An attacker with the ability to intercept network traffic can use this hardcoded key to decrypt,...

6.8AI score0.00164EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2025/11/24 12:0 a.m.2 views

CVE-2025-63433

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. The key is stored as a static value within the application's code. An attacker with the ability to intercept network traffic can use this hardcoded key to decrypt,...

6.4AI score0.00164EPSS
Exploits1References2
CVE
CVEadded 2025/11/24 12:0 a.m.15 views

CVE-2025-63433

Summary of CVE-2025-63433 : Xtooltech Xtool AnyScan Android Application 4.40.40 and earlier uses a hardcoded cryptographic key and IV stored statically in code to decrypt update metadata. This enables an attacker who can intercept network traffic to use the hardcoded key to decrypt, modify, and r...

4.6CVSS6.4AI score0.00164EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder