Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
"FOD" App uses hard-coded cryptographic keys, which may allow a local unauthenticated attacker to retrieve the cryptographic keys.
Use of hard-coded cryptographic key issue exists in AIPHONE IX SYSTEM, IXG SYSTEM, and System Support Software. A network-adjacent unauthenticated attacker may log in to SFTP service and obtain and/or
A vulnerability was identified in coze-studio up to 0.2.4. The impacted element is an unknown function of the file backend/domain/plugin/encrypt/aes.go. The manipulation of the argument AuthSecretKey/
CVE-2026-11414
CRITICAL CVSS 10.0
Find Similar
A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical across all installations, an unauthenticated network at
CVE-2025-6950
CRITICAL CVSS 9.9
Find Similar
An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security appliances and routers. The system employs a hard-coded secret key to sign JSON Web Tokens (JWT) used for
CVE-2025-1393
CRITICAL CVSS 9.8
Find Similar
An unauthenticated remote attacker can use hard-coded credentials to gain full administration privileges on the affected product.
A hardcoded AES key in PMFW may result in a privileged attacker gaining access to the key, potentially resulting in internal debug information leakage.
Use of hard-coded cryptographic key issue exists in "Kura Sushi Official App Produced by EPARK" for Android versions prior to 3.8.5. If this vulnerability is exploited, a local attacker may obtain the
CVE-2024-45275
CRITICAL CVSS 9.8
Find Similar
The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices.
The vulnerability allows an unauthenticated attacker to read arbitrary information from the database.
An attacker with adjacent access, without authentication, can exploit this vulnerability to retrieve a hard-coded password embedded in publicly available software. This password can then be used to
CVE-2025-15016
CRITICAL CVSS 9.3
Find Similar
Enterprise Cloud Database developed by Ragic has a Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information a
An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes.
CVE-2024-28747
CRITICAL CVSS 9.8
Find Similar
An unauthenticated remote attacker can use the hard-coded credentials to access the SmartSPS devices with high privileges.
A hardcoded decryption key in Thinkware Cloud APK v4.3.46 allows attackers to access sensitive data and execute arbitrary commands with elevated privileges.
An authentication bypass vulnerability was reported in FileZ client application that could allow a local attacker with elevated permissions access to application data.
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application uses hard-coded cryptographic key material to obfuscate configuration files. This could al
CVE-2026-22906
CRITICAL CVSS 9.8
Find Similar
User credentials are stored using AES‑ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and recover plaintext usernames and passwords
Hard-coded credentials were included as part of the application binary. These credentials served as part of the application authentication flow and communication with the mobile application. An atta
A potential vulnerability was reported in the Lenovo FileZ Android application that, under certain conditions, could allow a local authenticated user to retrieve some sensitive data stored in a log fi
Page 1+ Next →