CVE-2025-22463

A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt the stored environment password...

CVE-2025-22455

Ivanti Workspace Control is affected by CVE-2025-22455 due to a hardcoded key that can allow a local authenticated attacker to decrypt stored SQL credentials. The vulnerability concerns versions before 10.19.0.0 (per initial CVE description) with broader remediation references indicating fixes fo...

CVE-2025-22455

A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials...

CVE-2025-22455

A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials...

PT-2025-24669 · Ivanti · Ivanti Workspace Control

Name of the Vulnerable Software and Affected Versions: Ivanti Workspace Control versions prior to 10.19.10.0 Description: A hardcoded key in the software allows a local authenticated attacker to decrypt stored SQL credentials. Recommendations: For versions prior to 10.19.10.0, update to version...

CVE-2025-43925

An issue was discovered in Unicom Focal Point 7.6.1. The database is encrypted with a hardcoded key, making it easier to recover the cleartext data...

CVE-2025-43925

An issue was discovered in Unicom Focal Point 7.6.1. The database is encrypted with a hardcoded key, making it easier to recover the cleartext data...

CVE-2025-43925

An issue was discovered in Unicom Focal Point 7.6.1. The database is encrypted with a hardcoded key, making it easier to recover the cleartext data...

CVE-2025-43925

An issue was discovered in Unicom Focal Point 7.6.1. The database is encrypted with a hardcoded key, making it easier to recover the cleartext data...

PT-2025-23623 · Unicom · Unicom Focal Point

Name of the Vulnerable Software and Affected Versions: Unicom Focal Point version 7.6.1 Description: An issue was discovered where the database is encrypted with a hardcoded key, making it easier to recover the cleartext data. Recommendations: For Unicom Focal Point version 7.6.1, consider changi...

CVE-2025-43925

An issue was discovered in Unicom Focal Point 7.6.1. The database is encrypted with a hardcoded key, making it easier to recover the cleartext data...

CVE-2025-48491 Project AI API Key Exposure in Source Code

Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was present in the source code. This issue has been patched in the pre-beta version...

Gladinet CentreStack/Triofox ASP.NET ViewState Deserialization

A vulnerability in Gladinet CentreStack and Triofox application using hardcoded cryptographic keys for ViewState could allow an attacker to forge ViewState data. This can lead to unauthorized actions such as remote code execution. Both applications make use of a hardcoded machineKey in the IIS...

CVE-2024-36526

ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key...

CVE-2024-24681

An issue was discovered in Yealink Configuration Encrypt Tool AES version and Yealink Configuration Encrypt Tool RSA version before 1.2. There is a single hardcoded key used to encrypt provisioning documents across customers' installations...

CVE-2024-53522

Bangkok Medical Software HOSxP XE v4.64.11.3 was discovered to contain a hardcoded IDEA Key-IV pair in the HOSxPXE4.exe and HOS-WIN32.INI components. This allows attackers to access sensitive information...

CVE-2024-40410

Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain a hardcoded cryptographic key used for encryption...

CVE-2024-55557

ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key for symmetric encryption of proxy credentials...

CVE-2023-31579

Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token...

CVE-2023-44318

Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that obtains a configuration backup to extract configuration information from the...