CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

561 matches found

Cvelist•added 2025/06/03 12:0 a.m.•8 views

CVE-2025-43925

An issue was discovered in Unicom Focal Point 7.6.1. The database is encrypted with a hardcoded key, making it easier to recover the cleartext data...

0.00089EPSS

Exploits0References2

Vulnrichment•added 2025/05/30 3:38 a.m.•11 views

CVE-2025-48491 Project AI API Key Exposure in Source Code

Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was present in the source code. This issue has been patched in the pre-beta version...

6.9CVSS6.5AI score0.0078EPSS

Exploits0References9

Metasploit•added 2025/05/28 6:51 p.m.•333 views

Gladinet CentreStack/Triofox ASP.NET ViewState Deserialization

A vulnerability in Gladinet CentreStack and Triofox application using hardcoded cryptographic keys for ViewState could allow an attacker to forge ViewState data. This can lead to unauthorized actions such as remote code execution. Both applications make use of a hardcoded machineKey in the IIS...

9.8CVSS8.1AI score0.85362EPSS

Exploits6

RedhatCVE•added 2025/05/23 10:19 a.m.•8 views

CVE-2024-36526

ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key...

9.8CVSS7.4AI score0.00322EPSS

Exploits2References1

RedhatCVE•added 2025/05/23 10:4 a.m.•6 views

CVE-2024-24681

An issue was discovered in Yealink Configuration Encrypt Tool AES version and Yealink Configuration Encrypt Tool RSA version before 1.2. There is a single hardcoded key used to encrypt provisioning documents across customers' installations...

9.8CVSS6.8AI score0.00205EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 6:58 a.m.•9 views

CVE-2024-53522

Bangkok Medical Software HOSxP XE v4.64.11.3 was discovered to contain a hardcoded IDEA Key-IV pair in the HOSxPXE4.exe and HOS-WIN32.INI components. This allows attackers to access sensitive information...

7.5CVSS7.2AI score0.01302EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 6:32 a.m.•4 views

CVE-2024-40410

Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain a hardcoded cryptographic key used for encryption...

4.8CVSS7.4AI score0.00529EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 6:23 a.m.•4 views

CVE-2024-55557

ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key for symmetric encryption of proxy credentials...

9.8CVSS9.4AI score0.21342EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 5:57 a.m.•3 views

CVE-2023-31579

Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token...

9.8CVSS7AI score0.00219EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 4:28 a.m.•6 views

CVE-2023-44318

Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that obtains a configuration backup to extract configuration information from the...

6.9CVSS6.4AI score0.00156EPSS

Exploits0

RedhatCVE•added 2025/05/23 3:17 a.m.•1 views

CVE-2023-20512

A hardcoded AES key in PMFW may result in a privileged attacker gaining access to the key, potentially resulting in internal debug information leakage...

1.9CVSS6.5AI score0.00053EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 3:1 a.m.•2 views

CVE-2023-21426

Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attackers to access cardemulation PIN...

5.5CVSS6.7AI score0.00054EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 1:25 a.m.•8 views

CVE-2022-25807

An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. A hardcoded DES key in the LDAPDesPWEncrypter class allows an attacker, who has discovered encrypted LDAP bind credentials, to decrypt those credentials using a static 8-byte DES key...

5.5CVSS6.9AI score0.00051EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 1:18 a.m.•9 views

CVE-2022-30274

The Motorola ACE1000 RTU through 2022-05-02 uses ECB encryption unsafely. It can communicate with an XRT LAN-to-radio gateway by means of an embedded client. Credentials for accessing this gateway are stored after being encrypted with the Tiny Encryption Algorithm TEA in ECB mode using a hardcode...

9.8CVSS6.9AI score0.00174EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 1:15 a.m.•5 views

CVE-2022-29856

A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA packages...

7.5CVSS6.8AI score0.00557EPSS

Exploits2References1

RedhatCVE•added 2025/05/22 9:10 p.m.•5 views

CVE-2021-45458

Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their passwor...

7.5CVSS6.9AI score0.00631EPSS

Exploits0

RedhatCVE•added 2025/05/22 5:55 p.m.•3 views

CVE-2020-25493

Oclean Mobile Application 2.1.2 communicates with an external website using HTTP so it is possible to eavesdrop the network traffic. The content of HTTP payload is encrypted using XOR with a hardcoded key, which allows for the possibility to decode the traffic...

7.5CVSS6.9AI score0.00158EPSS

Exploits1

RedhatCVE•added 2025/05/22 4:14 p.m.•5 views

CVE-2020-12789

The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets...

7.5CVSS6.8AI score0.0028EPSS

Exploits0

RedhatCVE•added 2025/05/22 3:51 p.m.•4 views

CVE-2020-15314

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account...

5.9CVSS7AI score0.00286EPSS

Exploits1