Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-321 (使用硬编码的密码学密钥) — Vulnerability Class 243

243 vulnerabilities classified as CWE-321 (使用硬编码的密码学密钥). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-27519 Binardat 10G08-0800GSM Network Switch Hard-coded RC4 Encryption Key — 10G08-0800GSM Network Switch 7.5 High2026-02-24
CVE-2026-26335 Calero VeraSMART < 2022 R1 Static IIS Machine Keys Enable ViewState RCE — VeraSMART 8.8AIHighAI2026-02-13
CVE-2026-25894 FUXA Unauthenticated Remote Code Execution via Hardcoded JWT Secret in Default Configuration — FUXA 9.8AICriticalAI2026-02-09
CVE-2026-22906 Hardcoded Key Allows Credential Disclosure — 0852-1322 9.8 Critical2026-02-09
CVE-2026-2103 Use of Hard-Coded Cryptographic Key for Password Storage — SyteLine ERP 7.1 High2026-02-06
CVE-2026-22586 Salesforce Marketing Cloud Engagement 安全漏洞 — Marketing Cloud Engagement 9.4 -2026-01-24
CVE-2025-58740 Hardcoded Encryption Key Enables Database Credential Access in Milner ImageDirector Capture — ImageDirector Capture 5.5AIMediumAI2026-01-20
CVE-2025-62581 DIAView - Authentication Bypass Vulnerability — DIAView 9.8 Critical2026-01-16
CVE-2025-15108 PandaXGO PandaX JWT Secret config.yml hard-coded key — PandaX 3.7 Low2025-12-27
CVE-2025-15107 actiontech sqle JWT Secret jwt.go hard-coded key — sqle 3.7 Low2025-12-27
CVE-2025-15105 getmaxun auth.ts hard-coded key — maxun 3.7 Low2025-12-27
CVE-2025-68948 SiYuan: Information Disclosure and Authentication Bypass via Hardcoded Session Secret — siyuan 8.4 -2025-12-27
CVE-2025-52601 Hardcoding sensitive information — Device Manager 4.3 -2025-12-26
CVE-2025-15016 Ragic|Enterprise Cloud Database - Hard-coded Cryptographic Key — Enterprise Cloud Database 9.8 Critical2025-12-22
CVE-2025-15005 CouchCMS reCAPTCHA config.example.php hard-coded key — CouchCMS 3.7 Low2025-12-22
CVE-2025-14651 MartialBE one-hub docker-compose.yml hard-coded key — one-hub 3.7 Low2025-12-14
CVE-2025-54947 Apache StreamPark: Use hard-coded key vulnerability — Apache StreamPark 9.8AICriticalAI2025-12-12
CVE-2025-34256 Advantech WISE-DeviceOn Server < 5.4 Hard-coded JWT Key Authentication Bypass — WISE-DeviceOn Server 9.8 -2025-12-05
CVE-2025-13948 opsre go-ldap-admin JWT docker-compose.yaml hard-coded key — go-ldap-admin 5.6 Medium2025-12-03
CVE-2025-66454 Arcade MCP Default Hardcoded Worker Secret Allows Full Unauthorized Access to All HTTP MCP Worker Endpoints — arcade-mcp 6.5 Medium2025-12-02
CVE-2025-13877 nocobase JWT Service jwt-service.ts hard-coded key — nocobase 5.6 Medium2025-12-02
CVE-2025-11781 Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 — Circutor 7.8AIHighAI2025-12-02
CVE-2025-6666 motogadget mo.lock Ignition Lock NFC hard-coded key — mo.lock Ignition Lock 2.0 Low2025-11-29
CVE-2025-64304 FujiTelevison FOD app 安全漏洞 — "FOD" App for Android 5.5AIMediumAI2025-11-25
CVE-2025-65998 Apache Syncope: Default AES key used for internal password encryption — Apache Syncope 6.5AIMediumAI2025-11-24
CVE-2025-13316 Hard-coded encryption keys in Twonky Server — Twonky Server 9.8AICriticalAI2025-11-19
CVE-2025-12177 Download Manager <= 3.3.30 - Unauthenticated Cron Trigger due to Hardcoded Cron Key — Download Manager 5.3 Medium2025-11-08
CVE-2025-12615 PHPGurukul News Portal settings.py hard-coded key — News Portal 5.0 Medium2025-11-03
CVE-2025-12599 Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000) — BLU-IC2 7.5 -2025-11-01
CVE-2025-54471 NeuVector is shipping cryptographic material into its binary — neuvector 6.5 Medium2025-10-30

Vulnerabilities classified as CWE-321 (使用硬编码的密码学密钥) represent 243 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.