Weaknesses of type CWE-321
298 resultsCVE-2020-25193MEDIUMGE Reason RT43X Clocks Use of Hard-coded Cryptographic KeyEPSS 0.8%CVE-2026-25894CRITICALFUXA Unauthenticated Remote Code Execution via Hardcoded JWT Secret in Default ConfigurationEPSS 0.8%CVE-2024-1920MEDIUMosuuu LightPicture TokenVerify.php handle hard-coded keyEPSS 0.7%CVE-2020-2500CRITICALThis improper access control vulnerability in Helpdesk allows attackers to get control of QNAP Kayako service. Attackers can access the sensEPSS 0.7%CVE-2022-34425HIGHDell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentialEPSS 0.7%CVE-2026-25505CRITICALBambuddy Uses Hardcoded Secret Key + Many API Endpoints do not Require AuthenticationEPSS 0.7%CVE-2025-30206CRITICALDpanel's hard-coded JWT secret leads to remote code executionEPSS 0.7%CVE-2024-6890CRITICALJournyx Unauthenticated Password Reset BruteforceEPSS 0.7%CVE-2023-39465HIGHTriangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure VulnerabilityEPSS 0.7%CVE-2025-34217CRITICALVasion Print (formerly PrinterLogic) Undocumented Hardcoded SSH KeyEPSS 0.7%CVE-2022-20868MEDIUMA vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco SecureEPSS 0.7%CVE-2023-44318MEDIUMAffected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. This could alloEPSS 0.7%CVE-2022-1400HIGHHardcoded encryption key IV in Exago WebReportsApi.dllEPSS 0.7%CVE-2025-54807CRITICALDover Fueling Solutions ProGauge MagLink LX 4 Devices Use of Hard-coded Cryptographic KeyEPSS 0.7%CVE-2023-34123—Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, SonicWall Analytics. This issue affects GMS: 9.3.2-SP1 and earlier versiEPSS 0.7%CVE-2024-30407CRITICAL[Child CVE] JCNR and cRPD: Hard-coded SSH host keys in cRPD may allow Person-in-the-Middle (PitM) attacksEPSS 0.7%CVE-2023-22844HIGHAn authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality of Milesight VPN v2.0.2. A specially-craftEPSS 0.7%CVE-2021-22644HIGHOvarro TBox Use of Hard-coded Cryptographic KeyEPSS 0.7%CVE-2025-27674CRITICALVasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Hardcoded IdP Key V-2023-006.EPSS 0.7%CVE-2023-3632CRITICALHard-coded Cryptographic Key in Kunduz - Homework Helper AppEPSS 0.6%