7548 matches found
CVE-2025-68948
SiYuan Note (pre-3.5.1) stores session data with a hardcoded cryptographic secret, making session encryption ineffective. The AccessAuthCode is kept in the session cookie, so an attacker who obtains or intercepts that cookie can locally decrypt it with the public key, retrieve the code in plain t...
CVE-2025-68948 SiYuan: Information Disclosure and Authentication Bypass via Hardcoded Session Secret
SiYuan is self-hosted, open source personal knowledge management software. In versions 3.5.1 and prior, the SiYuan Note application utilizes a hardcoded cryptographic secret for its session store. This unsafe practice renders the session encryption ineffective. Since the sensitive AccessAuthCode ...
CVE-2025-68948 SiYuan: Information Disclosure and Authentication Bypass via Hardcoded Session Secret
SiYuan is self-hosted, open source personal knowledge management software. In versions 3.5.1 and prior, the SiYuan Note application utilizes a hardcoded cryptographic secret for its session store. This unsafe practice renders the session encryption ineffective. Since the sensitive AccessAuthCode ...
PT-2025-53613
Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.5.1 Description SiYuan Note application uses a hardcoded cryptographic secret for its session store, making session encryption ineffective. The AccessAuthCode, stored in the session cookie, can be decrypted by an...
CVE-2025-52601
Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered a vulnerability in Device Manager that a hardcoded encryption key for sensitive information. An attacker can use key to decrypt sensitive information. T...
CVE-2025-52601
Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered a vulnerability in Device Manager that a hardcoded encryption key for sensitive information. An attacker can use key to decrypt sensitive information. T...
Malicious code in aiogram-3 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3d8dac0d1eb98dbfc0fe46cabeadb550699f5e41b5d033ded073f7572f450bf7 During installation or importing the module, the package starts a reverse shell to hardcoded locatiom --- Category: MALICIOUS - The campaign has clearly...
CVE-2025-52601
Hanwha Vision cameras exposed by CVE-2025-52601 contain a hard-coded cryptographic key in Device Manager, enabling an attacker with local access to decrypt sensitive information. The vulnerability is described as a hard-coded key for sensitive data, with a patch firmware released by the manufactu...
CVE-2025-52601 Hardcoding sensitive information
Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered a vulnerability in Device Manager that a hardcoded encryption key for sensitive information. An attacker can use key to decrypt sensitive information. T...
CVE-2025-52601 Hardcoding sensitive information
Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered a vulnerability in Device Manager that a hardcoded encryption key for sensitive information. An attacker can use key to decrypt sensitive information. T...
EUVD-2025-205419
Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered a vulnerability in Device Manager that a hardcoded encryption key for sensitive information. An attacker can use key to decrypt sensitive information. T...
PT-2025-53449
Name of the Vulnerable Software and Affected Versions Nozomi Networks Device Manager affected versions not specified Description A hardcoded encryption key exists for sensitive information within Nozomi Networks Device Manager. An attacker could leverage this key to decrypt sensitive data...
📄 Netbus Backdoor 1.7 Remote Code Execution
Netbus Backdoor version 1.7 Metasploit module that leverages an insecure credential storage vulnerability that then performs command injection. ============================================================================================================================================= | Title :...
📄 Backdoor.Win32.ControlTotal.t Hardcoded-Password Backdoor
This tool was design to leverage a hardcoded password backdoor in Backdoor.Win32.ControlTotal.t to simulate communications with the malware. ============================================================================================================================================= | Title :...
Malicious code in aiogram-sever-patch (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0be41c08090971a10e54930628353748c82ed55c0f9795b26a932f806852fd4f During installation or importing the module, the package starts a reverse shell to hardcoded locatiom --- Category: MALICIOUS - The campaign has clearly...
CVE-2018-25147
Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials that cannot be changed through normal gateway operations. Attackers can exploit these default credentials to gain unauthorized root-level access to the device by logging in with predefined username and password combinations...
CVE-2018-25147
Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials that cannot be changed through normal gateway operations. Attackers can exploit these default credentials to gain unauthorized root-level access to the device by logging in with predefined username and password combinations...
CVE-2019-25241
FaceSentry Access Control System 6.4.8 contains a critical authentication flaw: hard-coded SSH credentials for the wwwuser and an insecure sudoers configuration allow privilege escalation to root via sudo without authentication. This is documented across multiple sources (EUVD-2025-205313, NVD, C...
CVE-2019-25241 FaceSentry Access Control System 6.4.8 Remote SSH Root Access
FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser account. Attackers can leverage the insecure sudoers configuration to escalate privileges and gain root access by executing sudo commands without authentication...
CVE-2018-25147 Microhard Systems IPn4G 1.1.0 Default Credentials Authentication Bypass
Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials that cannot be changed through normal gateway operations. Attackers can exploit these default credentials to gain unauthorized root-level access to the device by logging in with predefined username and password combinations...