CVEs classified under CWE-1394, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2025-41742 — CVSS 9.8 (critical): Sprecher Automations SPRECON-E-C, SPRECON-E-P, SPRECON-E-T3 is vulnerable to attack by an unauthorized remote attacker via default…
CVE-2024-48956 — CVSS 9.8 (critical): Serviceware Processes 6.0 through 7.3 before 7.4 allows attackers without valid authentication to send a specially crafted HTTP request to…
CVE-2025-41744 — CVSS 9.1 (critical): Sprecher Automations SPRECON-E series uses default cryptographic keys that allow an unprivileged remote attacker to access all encrypted…
CVE-2024-1275: Use of Default Cryptographic Key vulnerability in Baxter Welch Allyn Connex Spot Monitor may allow Configuration/Environment…
CVE-2024-29037 — CVSS 9.1 (critical): datahub-helm provides the Kubernetes Helm charts for deploying Datahub and its dependencies on a Kubernetes cluster. Starting in version…
CVE-2025-44954 — CVSS 9.0 (critical): RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equivalent user account.
CVE-2026-5039 — CVSS 8.8 (high): TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management…
CVE-2026-20709 — CVSS 6.6 (medium): Use of Default Cryptographic Key in the hardware for some Intel(R) Pentium(R) Processor Silver Series, Intel(R) Celeron(R) Processor J…
CVE-2025-1688 — CVSS 5.5 (medium): Milestone Systems has discovered a security vulnerability in Milestone XProtect installer that resets system configuration password after…
CVE-2024-11619 — CVSS 5.0 (medium): A vulnerability, which was classified as problematic, has been found in macrozheng mall up to 1.0.3. Affected by this issue is some unknown…
CVE-2026-54887 — CVSS 4.8 (medium): Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl (DTLS server) allows predictable DTLS cookie computation during the…
CVE-2025-26849 — CVSS 4.3 (medium): There is a Hard-coded Cryptographic Key in Docusnap 13.0.1440.24261, and earlier and later versions. This key can be used to decrypt…
CVE-2026-2215 — CVSS 3.7 (low): A vulnerability was detected in rachelos WeRSS we-mp-rss up to 1.4.8. This issue affects some unknown processing of the file core/auth.py…
CVE-2026-25815 — CVSS 3.2 (low): Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild…