DjangoBlog 安全漏洞

DjangoBlog is a blog system developed by liangliangyy using Django. Versions of DjangoBlog 2.1.0.0 and earlier had security vulnerabilities, which stemmed from incorrect handling of the SECRETKEY parameter in the file djangoblog/settings.py. This could lead to the use of hardcoded keys...

DjangoBlog 安全漏洞

DjangoBlog is a blog system developed by liangliangyy using Django. Versions of DjangoBlog 2.1.0.0 and earlier had security vulnerabilities. These vulnerabilities stemmed from the handling of the key parameter in the owntracks/views.py file, which resulted in the use of a hardcoded encryption key...

CVE-2026-33266 Apache OpenMeetings: Hardcoded Remember-Me Cookie Encryption Key and Salt

Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The remember-me cookie encryption key is set to default value in openmeetings.properties and not being auto-rotated. In case OM admin hasn't changed the default encryption key, an attacker who has stolen a cookie from a...

CVE-2026-33266 Apache OpenMeetings: Hardcoded Remember-Me Cookie Encryption Key and Salt

Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The remember-me cookie encryption key is set to default value in openmeetings.properties and not being auto-rotated. In case OM admin hasn't changed the default encryption key, an attacker who has stolen a cookie from a...

Tenda AC10 安全漏洞

The Tenda AC10 is a wireless router produced by the Chinese company Tenda. The Tenda AC10 16.03.10.10multiTDE01 version has a security vulnerability. This vulnerability stems from the hardcoded encryption key present in the file/webroot-ro/pem/privkeySrv.pem of the RSA 2048-bit Private Key Handle...

PT-2026-29986

A vulnerability has been found in Rico só vantagem pra investir App up to 4.58.32.12421 on Android. This issue affects some unknown processing of the file br/com/rico/mobile/di/SegmentSettingsModule.java of the component br.com.rico.mobile. Such manipulation of the argument SEGMENT WRITE KEY lead...

Investory Toy Planet Trouble App 安全漏洞

Investory Toy Planet Trouble App is an educational adventure game app developed by Investory. Versions of Investory Toy Planet Trouble App prior to 1.5.5 contained a security vulnerability, which was caused by the use of a hardcoded encryption key for the parameter currentkey...

Rico só vantagem pra investir App 安全漏洞

Rico só vantagem pra investir App is a digital investment application developed by the Brazilian company Rico. The version 4.58.32.12421 and earlier versions of Rico só vantagem pra investir App have security vulnerabilities, which stem from the use of a hardcoded encryption key for the parameter...

Dialogue App 安全漏洞

Dialogue App is an artificial intelligence dialogue application developed by Dialogue Company. Versions of Dialogue App 4.3.2 and earlier contained security vulnerabilities, which were caused by the use of a hardcoded encryption key for the parameter SEGMENTWRITEKEY...

CVE-2026-25601

A vulnerability was identified in MEPIS RM, an industrial software product developed by Metronik. The application contained a hardcoded cryptographic key within the Mx.Web.ComponentModel.dll component. When the option to store domain passwords was enabled, this key was used to encrypt user...

EUVD-2026-17869

A vulnerability was identified in MEPIS RM, an industrial software product developed by Metronik. The application contained a hardcoded cryptographic key within the Mx.Web.ComponentModel.dll component. When the option to store domain passwords was enabled, this key was used to encrypt user...

CVE-2026-25601

A vulnerability was identified in MEPIS RM, an industrial software product developed by Metronik. The application contained a hardcoded cryptographic key within the Mx.Web.ComponentModel.dll component. When the option to store domain passwords was enabled, this key was used to encrypt user...

CVE-2026-25601 Credential Exposure vulnerability in MEPIS RM

A vulnerability was identified in MEPIS RM, an industrial software product developed by Metronik. The application contained a hardcoded cryptographic key within the Mx.Web.ComponentModel.dll component. When the option to store domain passwords was enabled, this key was used to encrypt user...

CVE-2026-25601

CVE-2026-25601 affects the MEPIS RM industrial software by storing domain passwords encrypted with a hardcoded cryptographic key found in Mx.Web.ComponentModel.dll. When users enable password storage, the embedded key encrypts passwords in the application database. An attacker with database acces...

CVE-2026-25601 Credential Exposure vulnerability in MEPIS RM

A vulnerability was identified in MEPIS RM, an industrial software product developed by Metronik. The application contained a hardcoded cryptographic key within the Mx.Web.ComponentModel.dll component. When the option to store domain passwords was enabled, this key was used to encrypt user...

Iperius Backup 安全漏洞

Iperius Backup is a backup tool developed by the Italian company Iperius Backup. Iperius Backup versions 8.7.2 and earlier contained a security vulnerability. This vulnerability stemmed from the use of a hardcoded encryption key in the IperiusAccounts.ini file, which could lead to local attacks...

PT-2026-29511

A vulnerability was identified in MEPIS RM, an industrial software product developed by Metronik. The application contained a hardcoded cryptographic key within the Mx.Web.ComponentModel.dll component. When the option to store domain passwords was enabled, this key was used to encrypt user...

MEPIS RM 安全漏洞

MEPIS RM is a management platform developed by the Slovenian company MEPIS, used for centralized monitoring and remote control of devices. There is a security vulnerability in MEPIS RM, which stems from the hardcoded encryption key present in the Mx.Web.ComponentModel.dll component. This...

CVE-2025-15605

A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated attacker may decrypt configuration files, modify them, and re-encrypt them, affecting the...

CVE-2026-33072

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.9.0, a hardcoded default encryption key defaultpleasechangethiskey is used for all cryptographic operations — HMAC token generation, AES config encryption, and session tokens — allowing any unauthenticated attacker...