PT-2026-8031

Name of the Vulnerable Software and Affected Versions Calero VeraSMART versions prior to 2026 R1 Description The software contains hardcoded static AES encryption keys within the Veramark.Framework.dll module, specifically in the Veramark.Core.Config class. These keys are used to encrypt the...

WAGO Industrial-Managed-Switch 0852-1322和WAGO Industrial-Managed-Switch 0852-1328 安全漏洞

WAGO Industrial-Managed-Switch 0852-1322 and WAGO Industrial-Managed-Switch 0852-1328 are industrial-grade managed Ethernet switches from the German company WAGO. Both devices have security vulnerabilities. These vulnerabilities stem from the use of hardcoded keys for AES-ECB encryption, which...

CVE-2026-2103

Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt a...

Gladinet CentreStack/Triofox Access Ticket Forge

This module forges access tickets for the Gladinet CentreStack/Triofox /storage/filesvr.dn endpoint. The vulnerability exists because the application uses hardcoded cryptographic keys in GladCtrl64.dll to encrypt/decrypt access tickets. The access ticket is an encrypted string that contains: -...

FUXA 安全漏洞

FUXA is a web-based process visualization software developed by frangoteam. Version 1.2.7 of FUXA contains a security vulnerability. This vulnerability stems from the use of hardcoded keys for signing and verifying JWT tokens in the server/api/jwt-helper.js file. This could allow remote attackers...

Exploit for CVE-2025-15545

CVE-2025-15545 Information Vendor: TP-Link Vendor'...

Explorance Blue security vulnerabilities

Explorance Blue is a learning experience management software developed by the Canadian company Explorance. Versions of Explorance Blue prior to 8.14.12 contained security vulnerabilities. These vulnerabilities stemmed from the use of reversible symmetric encryption with hardcoded static keys to...

Dormakaba Exos 9300 security vulnerabilities

Dormakaba Exos 9300 is an access control and security management system developed by the American company Dormakaba. Dormakaba Exos 9300 has security vulnerabilities; these vulnerabilities stem from multiple hardcoded keys contained in the program libraries and binary files, along with a weak...

Security Bulletin: IBM Controller is vulnerable to exposure of sensitive information

Summary There is a vulnerability in IBM Controller due to the use of hardcoded cryptographic keys for signing session cookies. This Security Bulletin addresses CVE-2025-36326. Vulnerability Details CVEID:CVE-2025-36326 DESCRIPTION: IBM Controller could allow an attacker to obtain sensitive...

CVE-2025-14611

CVE-2025-14611 affects Gladinet CentreStack and Triofox prior to 16.12.10420.56791. The root cause is hardcoded, static keys/IVs used by the AES cryptosystem (AES-256-CBC) in the web services, enabling attackers to forge or decrypt access tickets and potentially trigger arbitrary local file inclu...

Exploit for CVE-2025-38001

Lab: CVE-2025-41744 - Use of Default Cryptographic Key in Spre...

Twonky Server Log Leak Authentication Bypass

This module leverages an authentication bypass in Twonky Server 8.5.2. By exploiting an authorization flaw to access a privileged web API endpoint and leak application logs, encrypted administrator credentials are leaked CVE-2025-13315. The exploit will then decrypt these credentials using...

📄 Brocade Fabric OS Weak Crypto / Key Compromise

This analysis focuses on some older flaws with Brocade Fabric OS versions prior to 9.2.2 related to man-in-the-middle, weak cryptography, and hardcoded key compromise vulnerabilities...

Twonky Server <= 8.5.2 Multiple Vulnerabilities - Version Check

Twonky Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:lynxtechnology:twonkyserver";...

EUVD-2025-131909

Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the encryptionhelper.dart file...

CVE-2025-63289

Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the encryptionhelper.dart file...

CVE-2025-63289

Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the encryptionhelper.dart file...

CVE-2025-63289

Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the encryptionhelper.dart file...

CVE-2025-63289

Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the encryptionhelper.dart file...

PT-2025-46669

Name of the Vulnerable Software and Affected Versions Sogexia Android App versions SDK 35 through SDK 32 Description The Sogexia Android App contains hardcoded encryption keys within the encryption helper.dart file. These keys compromise the confidentiality of data encrypted by the application...