VYPR

CWE-321

Use of Hard-coded Cryptographic Key

VariantDraftLikelihood: High

Description

The product uses a hard-coded, unchangeable cryptographic key.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (146)

page 6 of 8
  • CVE-2024-52614MedNov 20, 2024
    risk 0.26cvss 4.0epss 0.00

    Use of hard-coded cryptographic key issue exists in "Kura Sushi Official App Produced by EPARK" for Android versions prior to 3.8.5. If this vulnerability is exploited, a local attacker may obtain the login ID and password for the affected product.

  • CVE-2023-3404MedAug 31, 2023
    risk 0.25cvss 4.9epss 0.01

    The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private information in versions up to, and including, 5.5.0. This is due to the passphrase and iv being hardcoded in the 'pm_encrypt_decrypt_pass' function and used across all sites running the…

  • CVE-2026-5622LowApr 6, 2026
    risk 0.24cvss 3.7epss 0.00

    A vulnerability was determined in hcengineering Huly Platform 0.7.382. Affected by this issue is some unknown functionality of the file foundations/core/packages/token/src/token.ts of the component JWT Token Handler. This manipulation of the argument SERVER_SECRET with the input…

  • CVE-2026-4588LowMar 23, 2026
    risk 0.24cvss 3.7epss 0.00

    A vulnerability was determined in kalcaddle kodbox 1.64. Impacted is the function shareSafeGroup of the file /workspace/source-code/app/controller/explorer/shareOut.class.php of the component Site-level API key Handler. This manipulation of the argument sk causes use of…

  • CVE-2026-3963LowMar 11, 2026
    risk 0.24cvss 3.7epss 0.00

    A security flaw has been discovered in perfree go-fastdfs-web up to 1.3.7. This affects the function rememberMeManager of the file src/main/java/com/perfree/config/ShiroConfig.java of the component Apache Shiro RememberMe. Performing a manipulation results in use of hard-coded…

  • CVE-2025-15108LowDec 27, 2025
    risk 0.24cvss 3.7epss 0.00

    A vulnerability was detected in PandaXGO PandaX up to fb8ff40f7ce5dfebdf66306c6d85625061faf7e5. This affects an unknown function of the file config.yml of the component JWT Secret Handler. The manipulation of the argument key results in use of hard-coded cryptographic key . The…

  • CVE-2025-15107LowDec 27, 2025
    risk 0.24cvss 3.7epss 0.01

    A security vulnerability has been detected in actiontech sqle up to 4.2511.0. The impacted element is an unknown function of the file sqle/utils/jwt.go of the component JWT Secret Handler. The manipulation of the argument JWTSecretKey leads to use of hard-coded cryptographic…

  • CVE-2025-15105LowDec 27, 2025
    risk 0.24cvss 3.7epss 0.00

    A security flaw has been discovered in getmaxun maxun up to 0.0.28. Impacted is an unknown function of the file /getmaxun/maxun/blob/develop/server/src/routes/auth.ts. Performing manipulation of the argument api_key results in use of hard-coded cryptographic key . Remote…

  • CVE-2025-15005LowDec 22, 2025
    risk 0.24cvss 3.7epss 0.00

    A security flaw has been discovered in CouchCMS up to 2.4. Affected is an unknown function of the file couch/config.example.php of the component reCAPTCHA Handler. The manipulation of the argument K_RECAPTCHA_SITE_KEY/K_RECAPTCHA_SECRET_KEY results in use of hard-coded…

  • CVE-2025-14651LowDec 14, 2025
    risk 0.24cvss 3.7epss 0.00

    A vulnerability has been found in MartialBE one-hub up to 0.14.27. This vulnerability affects unknown code of the file docker-compose.yml. The manipulation of the argument SESSION_SECRET leads to use of hard-coded cryptographic key . The attack may be initiated remotely. The…

  • CVE-2025-11609LowOct 11, 2025
    risk 0.24cvss 3.7epss 0.00

    A flaw has been found in code-projects Hospital Management System 1.0. Affected is the function session of the component express-session. This manipulation of the argument secret with the input secret causes use of hard-coded cryptographic key . The attack can be initiated…

  • CVE-2025-9604LowAug 29, 2025
    risk 0.24cvss 3.7epss 0.00

    A vulnerability was identified in coze-studio up to 0.2.4. The impacted element is an unknown function of the file backend/domain/plugin/encrypt/aes.go. The manipulation of the argument AuthSecretKey/StateSecretKey/OAuthTokenSecretKey leads to use of hard-coded cryptographic…

  • CVE-2025-8759LowAug 9, 2025
    risk 0.24cvss 3.7epss 0.00

    A vulnerability was found in TRENDnet TN-200 1.02b02. It has been declared as problematic. This vulnerability affects unknown code of the component Lighttpd. The manipulation of the argument secdownload.secret with the input neV3rUseMe leads to use of hard-coded cryptographic…

  • CVE-2025-6669LowJun 25, 2025
    risk 0.24cvss 3.7epss 0.00

    A vulnerability was found in gooaclok819 sublinkX up to 1.8. It has been declared as problematic. This vulnerability affects unknown code of the file middlewares/jwt.go. The manipulation with the input sublink leads to use of hard-coded cryptographic key . The attack can be…

  • CVE-2025-31362LowApr 11, 2025
    risk 0.24cvss 3.7epss 0.00

    Use of hard-coded cryptographic key issue exists in BizRobo! all versions. Credentials inside robot files may be obtained if the encryption key is available. The vendor provides the workaround information and recommends to apply it to the deployment environment.

  • CVE-2023-3947LowJul 26, 2023
    risk 0.24cvss 3.7epss 0.00

    The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'vczapi_encrypt_decrypt' function in versions up to, and including, 4.2.1. This makes it possible for unauthenticated attackers to decrypt…

  • CVE-2026-5471LowApr 3, 2026
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was detected in Investory Toy Planet Trouble App up to 1.5.5 on Android. Impacted is an unknown function of the file assets/google-services-desktop.json of the component app.investory.toyfactory. The manipulation of the argument current_key results in use of…

  • CVE-2026-5462LowApr 3, 2026
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was identified in Wahoo Fitness SYSTM App up to 7.2.1 on Android. Impacted is an unknown function of the file com/WahooFitness/SYSTM/BuildConfig.java of the component com.WahooFitness.SYSTM. Such manipulation of the argument SEGMENT_WRITE_KEY leads to use of…

  • CVE-2026-5458LowApr 3, 2026
    risk 0.21cvss 3.3epss 0.00

    A weakness has been identified in Noelse Individuals & Pro App up to 2.1.7 on Android. This impacts an unknown function of the file com/reactnative/antelop/BuildConfig.java of the component com.afone.noelse. This manipulation of the argument SEGMENT_WRITE_KEY causes use of…

  • CVE-2026-5457LowApr 3, 2026
    risk 0.21cvss 3.3epss 0.00

    A security flaw has been discovered in PropertyGuru AgentNet Singapore App up to 23.7.10 on Android. This affects an unknown function of the file com/allproperty/android/agentnet/BuildConfig.java of the component com.allproperty.android.agentnet. The manipulation of the argument…