Total
46 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-8759 | 2025-08-09 | N/A | 3.7 LOW | ||
| A vulnerability was found in TRENDnet TN-200 1.02b02. It has been declared as problematic. This vulnerability affects unknown code of the component Lighttpd. The manipulation of the argument secdownload.secret with the input neV3rUseMe leads to use of hard-coded cryptographic key . The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-2810 | 2025-08-05 | N/A | 5.5 MEDIUM | ||
| A low privileged local attacker can abuse the affected service by using a hardcoded cryptographic key. | |||||
| CVE-2025-26476 | 2025-08-04 | N/A | N/A | ||
| Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded Cryptographic Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. | |||||
| CVE-2025-38741 | 2025-08-04 | N/A | N/A | ||
| Dell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication. | |||||
| CVE-2025-44963 | 2025-08-04 | N/A | N/A | ||
| RUCKUS Network Director (RND) before 4.5 allows spoofing of an administrator JWT by an attacker who knows the hardcoded value of a certain secret key. | |||||
| CVE-2024-54027 | 1 Fortinet | 1 Fortisandbox | 2025-07-24 | N/A | 4.4 MEDIUM |
| A Use of Hard-coded Cryptographic Key vulnerability [CWE-321] in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version 4.0.5 and below, version 3.2.4 and below, version 3.1.5 and below, version 3.0.7 to 3.0.5 may allow a privileged attacker with super-admin profile and CLI access to read sensitive data via CLI. | |||||
| CVE-2024-33504 | 1 Fortinet | 2 Fortimanager, Fortimanager Cloud | 2025-07-24 | N/A | 7.7 HIGH |
| A use of hard-coded cryptographic key to encrypt sensitive data vulnerability [CWE-321] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, 7.0 all versions, 6.4 all versions may allow an attacker with JSON API access permissions to decrypt some secrets even if the 'private-data-encryption' setting is enabled. | |||||
| CVE-2025-22455 | 1 Ivanti | 1 Workspace Control | 2025-07-10 | N/A | 7.8 HIGH |
| A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials. | |||||
| CVE-2025-22463 | 1 Ivanti | 1 Workspace Control | 2025-07-10 | N/A | N/A |
| A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt the stored environment password. | |||||
| CVE-2025-5353 | 1 Ivanti | 1 Workspace Control | 2025-07-10 | N/A | 7.8 HIGH |
| A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials. | |||||
| CVE-2024-38314 | 1 Ibm | 1 Maximo Application Suite | 2025-07-08 | N/A | 5.9 MEDIUM |
| IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment. | |||||
| CVE-2025-6071 | 2025-07-03 | N/A | N/A | ||
| Use of Hard-coded Cryptographic Key vulnerability in ABB RMC-100, ABB RMC-100 LITE. An attacker can gain access to salted information to decrypt MQTT information. This issue affects RMC-100: from 2105457-043 through 2105457-045; RMC-100 LITE: from 2106229-015 through 2106229-016. | |||||
| CVE-2025-6074 | 2025-07-03 | N/A | N/A | ||
| Use of Hard-coded Cryptographic Key vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and an attacker gains access to source code and control network, the attacker can bypass the REST interface authentication and gain access to MQTT configuration data. This issue affects RMC-100: from 2105457-043 through 2105457-045; RMC-100 LITE: from 2106229-015 through 2106229-016. | |||||
| CVE-2025-49164 | 2025-06-03 | N/A | N/A | ||
| Arris VIP1113 devices through 2025-05-30 with KreaTV SDK have a firmware decryption key of cd1c2d78f2cba1f73ca7e697b4a485f49a8a7d0c8b0fdc9f51ced50f2530668a. | |||||
| CVE-2025-32730 | 2025-04-24 | N/A | N/A | ||
| Use of hard-coded cryptographic key vulnerability in i-PRO Configuration Tool affects the network system for i-PRO Co., Ltd. surveillance cameras and recorders. This vulnerability allows a local authenticated attacker to use the authentication information from the last connected surveillance cameras and recorders. | |||||
| CVE-2025-30206 | 2025-04-15 | N/A | N/A | ||
| Dpanel is a Docker visualization panel system which provides complete Docker management functions. The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers to generate valid JWT tokens and compromise the host machine. This security flaw allows attackers to analyze the source code, discover the embedded secret, and craft legitimate JWT tokens. By forging these tokens, an attacker can successfully bypass authentication mechanisms, impersonate privileged users, and gain unauthorized administrative access. Consequently, this enables full control over the host machine, potentially leading to severe consequences such as sensitive data exposure, unauthorized command execution, privilege escalation, or further lateral movement within the network environment. This issue is patched in version 1.6.1. A workaround for this vulnerability involves replacing the hardcoded secret with a securely generated value and load it from secure configuration storage. | |||||
| CVE-2025-31362 | 2025-04-11 | N/A | N/A | ||
| Use of hard-coded cryptographic key issue exists in BizRobo! all versions. Credentials inside robot files may be obtained if the encryption key is available. The vendor provides the workaround information and recommends to apply it to the deployment environment. | |||||
| CVE-2024-13773 | 1 Uxper | 1 Civi | 2025-03-27 | N/A | 7.5 HIGH |
| The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via hard-coded credentials. This makes it possible for unauthenticated attackers to extract sensitive data including LinkedIn client and secret keys. | |||||
| CVE-2024-13842 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-02-20 | N/A | 4.4 MEDIUM |
| A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data. | |||||
| CVE-2025-26340 | 2025-02-12 | N/A | N/A | ||
| A CWE-321 "Use of Hard-coded Cryptographic Key" in the JWT signing in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to bypass the authentication via crafted HTTP requests. | |||||