CWE-1394
16 CVEs classified under CWE-1394. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-41742 | Critical | 9.8 | 2025-12-02 | Sprecher Automations SPRECON-E-C, SPRECON-E-P, SPRECON-E-T3 is vulnerable to attack by an unauthorized remote attacker via default cryptographic keys. The use… |
CVE-2024-48956 | Critical | 9.8 | 2024-12-09 | Serviceware Processes 6.0 through 7.3 before 7.4 allows attackers without valid authentication to send a specially crafted HTTP request to a service endpoint r… |
CVE-2025-41744 | Critical | 9.1 | 2025-12-02 | Sprecher Automations SPRECON-E series uses default cryptographic keys that allow an unprivileged remote attacker to access all encrypted communications, thereb… |
CVE-2025-55049 | Critical | 9.1 | 2025-09-09 | Use of Default Cryptographic Key (CWE-1394) |
CVE-2024-29037 | Critical | 9.1 | 2024-03-20 | datahub-helm provides the Kubernetes Helm charts for deploying Datahub and its dependencies on a Kubernetes cluster. Starting in version 0.1.143 and prior to v… |
CVE-2025-44954 | Critical | 9.0 | 2025-08-04 | RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equivalent user account. |
CVE-2026-5039 | High | 8.8 | 2026-04-23 | TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the… |
CVE-2023-6451 | High | 8.6 | 2024-02-16 | Publicly known cryptographic machine key in AlayaCare's Procura Portal before 9.0.1.2 allows attackers to forge their own authentication cookies and bypass the… |
CVE-2026-20709 | Medium | 6.6 | 2026-04-08 | Use of Default Cryptographic Key in the hardware for some Intel(R) Pentium(R) Processor Silver Series, Intel(R) Celeron(R) Processor J Series, Intel(R) Celeron… |
CVE-2025-1688 | Medium | 5.5 | 2025-04-15 | Milestone Systems has discovered a security vulnerability in Milestone XProtect installer that resets system configuration password after the upgrading from ol… |
CVE-2024-11619 | Medium | 5.0 | 2024-11-22 | A vulnerability, which was classified as problematic, has been found in macrozheng mall up to 1.0.3. Affected by this issue is some unknown functionality of th… |
CVE-2025-26849 | Medium | 4.3 | 2025-03-04 | There is a Hard-coded Cryptographic Key in Docusnap 13.0.1440.24261, and earlier and later versions. This key can be used to decrypt inventory files that conta… |
CVE-2026-2215 | Low | 3.7 | 2026-02-09 | A vulnerability was detected in rachelos WeRSS we-mp-rss up to 1.4.8. This issue affects some unknown processing of the file core/auth.py of the component JWT… |
CVE-2026-25815 | Low | 3.2 | 2026-02-05 | Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 thro… |
CVE-2024-10748 | Low | 2.5 | 2024-11-04 | A vulnerability, which was classified as problematic, has been found in Cosmote Greece What's Up App 4.47.3 on Android. This issue affects some unknown process… |
CVE-2024-1275 | | 2024-05-31 | Use of Default Cryptographic Key vulnerability in Baxter Welch Allyn Connex Spot Monitor may allow Configuration/Environment Manipulation.This issue affects We… |