Lucene search
K

575 matches found

RedhatCVE
RedhatCVE
•added 2025/05/23 6:32 a.m.•6 views

CVE-2024-40410

Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain a hardcoded cryptographic key used for encryption...

4.8CVSS7.4AI score0.00135EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2025/05/23 6:23 a.m.•5 views

CVE-2024-55557

ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key for symmetric encryption of proxy credentials...

9.8CVSS9.4AI score0.01339EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2025/05/23 5:57 a.m.•6 views

CVE-2023-31579

Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token...

9.8CVSS7AI score0.00681EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2025/05/23 4:28 a.m.•8 views

CVE-2023-44318

Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that obtains a configuration backup to extract configuration information from the...

6.9CVSS6.4AI score0.00688EPSS
Exploits0
RedhatCVE
RedhatCVE
•added 2025/05/23 3:17 a.m.•1 views

CVE-2023-20512

A hardcoded AES key in PMFW may result in a privileged attacker gaining access to the key, potentially resulting in internal debug information leakage...

1.9CVSS6.5AI score0.00128EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2025/05/23 3:1 a.m.•4 views

CVE-2023-21426

Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attackers to access cardemulation PIN...

5.5CVSS6.7AI score0.00158EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2025/05/23 1:25 a.m.•9 views

CVE-2022-25807

An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. A hardcoded DES key in the LDAPDesPWEncrypter class allows an attacker, who has discovered encrypted LDAP bind credentials, to decrypt those credentials using a static 8-byte DES key...

5.5CVSS6.9AI score0.00295EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2025/05/23 1:18 a.m.•12 views

CVE-2022-30274

The Motorola ACE1000 RTU through 2022-05-02 uses ECB encryption unsafely. It can communicate with an XRT LAN-to-radio gateway by means of an embedded client. Credentials for accessing this gateway are stored after being encrypted with the Tiny Encryption Algorithm TEA in ECB mode using a hardcode...

9.8CVSS6.9AI score0.00519EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2025/05/23 1:15 a.m.•7 views

CVE-2022-29856

A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA packages...

7.5CVSS6.8AI score0.0152EPSS
Exploits2References1
RedhatCVE
RedhatCVE
•added 2025/05/22 9:10 p.m.•7 views

CVE-2021-45458

Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their passwor...

7.5CVSS6.9AI score0.0208EPSS
Exploits0
RedhatCVE
RedhatCVE
•added 2025/05/22 5:55 p.m.•7 views

CVE-2020-25493

Oclean Mobile Application 2.1.2 communicates with an external website using HTTP so it is possible to eavesdrop the network traffic. The content of HTTP payload is encrypted using XOR with a hardcoded key, which allows for the possibility to decode the traffic...

7.5CVSS6.9AI score0.01066EPSS
Exploits1
RedhatCVE
RedhatCVE
•added 2025/05/22 4:14 p.m.•7 views

CVE-2020-12789

The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets...

7.5CVSS6.8AI score0.0123EPSS
Exploits0
RedhatCVE
RedhatCVE
•added 2025/05/22 3:51 p.m.•6 views

CVE-2020-15314

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account...

5.9CVSS7AI score0.00976EPSS
Exploits1
RedhatCVE
RedhatCVE
•added 2025/05/22 3:14 p.m.•7 views

CVE-2020-15316

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account within the /opt/axess chroot directory tree...

5.9CVSS7AI score0.00976EPSS
Exploits1
RedhatCVE
RedhatCVE
•added 2025/05/22 10:20 a.m.•5 views

CVE-2019-15745

The Eques elf smart plug and the mobile app use a hardcoded AES 256 bit key to encrypt the commands and responses between the device and the app. The communication happens over UDP port 27431. An attacker on the local network can use the same key to encrypt and send commands to discover all smart...

8.8CVSS7AI score0.01377EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2025/05/22 10:20 a.m.•5 views

CVE-2019-15802

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. The firmware hashes and encrypts passwords using a hardcoded cryptographic key in salutilstrencrypt in libsal.so.0.0. The parameters salt, IV, and key data are used to encrypt and decrypt all passwords using AES256...

5.9CVSS7AI score0.015EPSS
Exploits1References1
OSV
OSV
•added 2025/05/19 4:15 p.m.•2 views

CVE-2025-4876

ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk Assessment allows an attacker to extract a hardcoded AES decryption key via reverse engineering. This key is embedded in plaintext within the binary and used in cryptographic operations without dynamic key management. Once obtained t...

4.4CVSS5.8AI score0.0009EPSS
Exploits1References1
Cvelist
Cvelist
•added 2025/05/19 4:4 p.m.•14 views

CVE-2025-4876 Hardcoded Key Revealed in ConnectWise Password Encryption Utility

ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk Assessment allows an attacker to extract a hardcoded AES decryption key via reverse engineering. This key is embedded in plaintext within the binary and used in cryptographic operations without dynamic key management. Once obtained t...

6CVSS0.0009EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2025/03/07 2:31 a.m.•6 views

CVE-2025-27674

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Hardcoded IdP Key V-2023-006...

9.8CVSS7.1AI score0.00653EPSS
Exploits1References1
OSV
OSV
•added 2025/03/05 6:15 a.m.•3 views

CVE-2025-27643

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Hardcoded AWS API Key V-2024-006...

9.8CVSS5.8AI score0.00832EPSS
Exploits1References3
Rows per page
Query Builder