CWE-321 · Use of Hard-coded Cryptographic Key
302 CVEs classified under CWE-321 (Use of Hard-coded Cryptographic Key). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-30207 | Critical | 10.0 | 2024-05-14 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (… |
CVE-2016-9335 | Critical | 10.0 | 2018-05-09 | A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride… |
CVE-2024-35344 | Critical | 9.9 | 2024-05-28 | Certain Anpviz products contain a hardcoded cryptographic key stored in the firmware of the device. This affects IPC-D250, IPC-D260, IPC-B850, IPC-D850, IPC-D3… |
CVE-2026-28742 | Critical | 9.8 | 2026-06-12 | Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is recovered fr… |
CVE-2026-32644 | Critical | 9.8 | 2026-04-28 | Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys. |
CVE-2025-67112 | Critical | 9.8 | 2026-03-19 | Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3… |
CVE-2025-67305 | Critical | 9.8 | 2026-02-19 | In RUCKUS Network Director (RND) < 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical across all deploymen… |
CVE-2026-26335 | Critical | 9.8 | 2026-02-13 | Calero VeraSMART versions prior to 2022 R1 use static ASP.NET/IIS machineKey values configured for the VeraSMART web application and stored in C:\\Program File… |
CVE-2026-25894 | Critical | 9.8 | 2026-02-09 | FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An insecure default configuration in FUXA allows an unauthenticated, remote attacker… |
CVE-2026-22906 | Critical | 9.8 | 2026-02-09 | User credentials are stored using AES‑ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and… |
CVE-2026-25505 | Critical | 9.8 | 2026-02-04 | Bambuddy is a self-hosted print archive and management system for Bambu Lab 3D printers. Prior to version 0.1.7, a hardcoded secret key used for signing JWTs i… |
CVE-2026-22586 | Critical | 9.8 | 2026-01-24 | Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsu… |
CVE-2025-62581 | Critical | 9.8 | 2026-01-16 | Delta Electronics DIAView has multiple vulnerabilities. |
CVE-2025-15016 | Critical | 9.8 | 2025-12-22 | Enterprise Cloud Database developed by Ragic has a Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed k… |
CVE-2025-54947 | Critical | 9.8 | 2025-12-12 | In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the… |
CVE-2025-34256 | Critical | 9.8 | 2025-12-05 | Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key vulnerability. The product uses a static HS512 HMAC secret for sign… |
CVE-2025-12599 | Critical | 9.8 | 2025-11-01 | Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000).This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. |
CVE-2025-59407 | Critical | 9.8 | 2025-10-02 | The Flock Safety DetectionProcessing com.flocksafety.android.objects application 6.35.33 for Android (installed on Falcon and Sparrow License Plate Readers and… |
CVE-2025-34217 | Critical | 9.8 | 2025-09-30 | Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) contain an undocumented 'printerlogic' user with a hardcoded… |
CVE-2025-8625 | Critical | 9.8 | 2025-09-30 | The Copypress Rest API plugin for WordPress is vulnerable to Remote Code Execution via copyreap_handle_image() Function in versions 1.1 to 1.2. The plugin fall… |