VYPR

CWE-321

Use of Hard-coded Cryptographic Key

VariantDraftLikelihood: High

Description

The product uses a hard-coded, unchangeable cryptographic key.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (146)

page 7 of 8
  • CVE-2026-5456LowApr 3, 2026
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was identified in Align Technology My Invisalign App 3.12.4 on Android. The impacted element is an unknown function of the file com/aligntech/myinvisalign/BuildConfig.java of the component com.aligntech.myinvisalign.emea. The manipulation of the argument…

  • CVE-2026-5455LowApr 3, 2026
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was determined in Dialogue App up to 4.3.2 on Android. The affected element is an unknown function of the file file res/raw/config.json of the component ca.diagram.dialogue. Executing a manipulation of the argument SEGMENT_WRITE_KEY can lead to use of hard-coded…

  • CVE-2026-5454LowApr 3, 2026
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was found in GRID Organiser App up to 1.0.5 on Android. Impacted is an unknown function of the file file res/raw/app.json of the component co.gridapp.organiser. Performing a manipulation of the argument SegmentWriteKey results in use of hard-coded cryptographic…

  • CVE-2026-5453LowApr 3, 2026
    risk 0.21cvss 3.3epss 0.00

    A vulnerability has been found in Rico só vantagem pra investir App up to 4.58.32.12421 on Android. This issue affects some unknown processing of the file br/com/rico/mobile/di/SegmentSettingsModule.java of the component br.com.rico.mobile. Such manipulation of the argument…

  • CVE-2026-5452LowApr 3, 2026
    risk 0.21cvss 3.3epss 0.00

    A flaw has been found in UCC CampusConnect App up to 14.3.5 on Android. This vulnerability affects unknown code of the file campusconnect/BuildConfig.java of the component campusconnect.ucc. This manipulation causes use of hard-coded cryptographic key . The attack can only be…

  • CVE-2026-6611LowApr 20, 2026
    risk 0.20cvss 3.1epss 0.00

    A vulnerability was found in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component File Upload Endpoint. Performing a manipulation of the argument SECRET_KEY results in use of hard-coded cryptographic key .…

  • CVE-2026-4477LowMar 20, 2026
    risk 0.20cvss 3.1epss 0.00

    A vulnerability was determined in Yi Technology YI Home Camera 2 2.1.1_20171024151200. This affects an unknown function of the component WPA/WPS. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack can only be done within the local network.…

  • CVE-2025-10080LowSep 8, 2025
    risk 0.20cvss 3.1epss 0.00

    A vulnerability has been found in running-elephant Datart up to 1.0.0-rc3. Affected by this issue is the function getTokensecret of the file datart/security/src/main/java/datart/security/util/AESUtil.java of the component API. The manipulation leads to use of hard-coded…

  • CVE-2026-5420LowApr 2, 2026
    risk 0.16cvss 2.5epss 0.00

    A security flaw has been discovered in Shinrays Games Goods Triple App up to 1.200. The affected element is an unknown function of the file jRwTX.java of the component cats.goods.sort.sorting.games. Performing a manipulation of the argument AES_IV/AES_PASSWORD results in use of…

  • CVE-2026-5310LowApr 1, 2026
    risk 0.16cvss 2.5epss 0.00

    A vulnerability was identified in Enter Software Iperius Backup up to 8.7.2. This impacts an unknown function of the file IperiusAccounts.ini. Such manipulation leads to use of hard-coded cryptographic key . The attack must be carried out locally. This attack is characterized…

  • CVE-2026-44278LowMay 12, 2026
    risk 0.15cvss 2.3epss 0.00

    A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.2, FortiClientWindows 7.2 all versions may allow attacker to information disclosure via

  • CVE-2025-6666LowNov 29, 2025
    risk 0.13cvss 2.0epss 0.00

    A vulnerability was determined in motogadget mo.lock Ignition Lock up to 20251125. Affected by this vulnerability is an unknown functionality of the component NFC Handler. Executing manipulation can lead to use of hard-coded cryptographic key . The physical device can be…

  • CVE-2011-5064Jan 14, 2012
    risk 0.01cvss epss 0.07

    DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass…

  • CVE-2026-9642May 26, 2026
    risk 0.00cvss epss 0.00

    Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

  • CVE-2026-25894Feb 9, 2026
    risk 0.00cvss epss 0.01

    FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An insecure default configuration in FUXA allows an unauthenticated, remote attacker to gain administrative access and execute arbitrary code on the server. This affects FUXA through version 1.2.9 when…

  • CVE-2026-25505Feb 4, 2026
    risk 0.00cvss epss 0.01

    Bambuddy is a self-hosted print archive and management system for Bambu Lab 3D printers. Prior to version 0.1.7, a hardcoded secret key used for signing JWTs is checked into source code and ManyAPI routes do not check authentication. This issue has been patched in version 0.1.7.

  • CVE-2025-69971Feb 3, 2026
    risk 0.00cvss epss 0.02

    FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to forge valid admin tokens and bypass authentication to gain full administrative…

  • CVE-2025-54947Dec 12, 2025
    risk 0.00cvss epss 0.00

    In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the system uses a fixed, immutable key for encryption instead of dynamically generating or securely configuring the key.…

  • CVE-2025-65998Nov 24, 2025
    risk 0.00cvss epss 0.00

    Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option. When AES is configured, the default key value, hard-coded in the source code, is always used. This allows a malicious…

  • CVE-2023-27584Sep 19, 2024
    risk 0.00cvss epss 0.34

    Dragonfly is an open source P2P-based file distribution and image acceleration system. It is hosted by the Cloud Native Computing Foundation (CNCF) as an Incubating Level Project. Dragonfly uses JWT to verify user. However, the secret key for JWT, "Secret Key", is hard coded,…