Login Sign Up

CWE-321: CWE-321

100
Total CVEs
34
Critical
37
High
7.8
Avg CVSS
1
In CISA KEV

Yearly Trend

2026
10
2025
55
2024
19
2023
9
2022
3

Top Affected Vendors

1 Fortinet 3
2 Cisco 3
3 Vasion 3
4 Ivanti 2
5 Ecovacs 2
6 Dell 2
7 Ibm 2
8 Apache 2
9 Sonicwall 2
10 Advantech 2

All CWE-321 CVEs (100)

CVE-2024-30207
10.0

This vulnerability affects multiple SIMATIC RTLS Locating Manager products where communication between client and server is protected using symmetric ...

May 14, 2024
CVE-2025-67305
9.8

RUCKUS Network Director (RND) OVA appliances contain identical hardcoded SSH keys for the postgres user across all deployments, allowing attackers wit...

Feb 19, 2026
CVE-2026-26335
9.8

This vulnerability allows attackers to achieve remote code execution on Calero VeraSMART servers by exploiting static ASP.NET machine keys. Attackers ...

Feb 13, 2026
CVE-2026-25894
9.8

An insecure default configuration in FUXA web-based SCADA/HMI software allows unauthenticated remote attackers to gain administrative access and execu...

Feb 9, 2026
CVE-2026-22906
9.8

This vulnerability allows unauthenticated remote attackers to decrypt stored user credentials by accessing configuration files containing AES-ECB encr...

Feb 9, 2026
CVE-2026-22586
9.8

A hard-coded cryptographic key vulnerability in Salesforce Marketing Cloud Engagement allows attackers to manipulate web services protocols by bypassi...

Jan 24, 2026
CVE-2025-62581
9.8

Delta Electronics DIAView contains multiple unspecified vulnerabilities related to CWE-321 (Use of Hard-coded Cryptographic Key). Attackers could pote...

Jan 16, 2026
CVE-2025-15016
9.8

Enterprise Cloud Database by Ragic contains a hard-coded cryptographic key vulnerability that allows unauthenticated remote attackers to generate vali...

Dec 22, 2025
CVE-2025-54947
9.8

Apache StreamPark versions 2.0.0 through 2.1.6 use a hard-coded encryption key, allowing attackers to decrypt sensitive data or forge encrypted inform...

Dec 12, 2025
CVE-2025-34256
9.8

This vulnerability allows remote unauthenticated attackers to forge JWT tokens using a hard-coded cryptographic key present in all Advantech WISE-Devi...

Dec 5, 2025
CVE-2025-59407
9.8

This CVE exposes a hardcoded Java Keystore password in Flock Safety's Android application, allowing attackers to extract the private key. This affects...

Oct 2, 2025
CVE-2025-34217
9.8

This vulnerability allows attackers with the matching private SSH key to gain root access to Vasion Print (formerly PrinterLogic) Virtual Appliance sy...

Sep 30, 2025
CVE-2025-8625
9.8

The Copypress Rest API WordPress plugin versions 1.1 to 1.2 contain a critical remote code execution vulnerability. Unauthenticated attackers can forg...

Sep 30, 2025
CVE-2025-54807
9.8

CVE-2025-54807 allows attackers to bypass authentication by using a hardcoded secret key found in device firmware. This vulnerability affects Dover Fu...

Sep 18, 2025
CVE-2025-57174
9.8

This vulnerability allows unauthenticated remote attackers to execute arbitrary commands on Siklu Etherhaul devices by exploiting hardcoded AES encryp...

Sep 15, 2025
CVE-2025-41702
9.8

This vulnerability allows unauthenticated remote attackers to generate valid JWT tokens using a hard-coded secret key embedded in the egOS WebGUI back...

Aug 26, 2025
CVE-2025-27674
9.8

CVE-2025-27674 is a critical vulnerability in Vasion Print (formerly PrinterLogic) that involves a hardcoded Identity Provider (IdP) key. This allows ...

Mar 5, 2025
CVE-2023-37936
9.8

This vulnerability allows attackers to execute arbitrary code or commands on affected FortiSwitch devices by exploiting hard-coded cryptographic keys....

Jan 14, 2025
CVE-2024-46612
9.8

IceCMS v3.4.7 and earlier contain a hardcoded JWT secret key, allowing attackers to forge authentication tokens and gain unauthorized access. This aff...

Sep 25, 2024
CVE-2023-27584
9.8

CVE-2023-27584 is a critical authentication bypass vulnerability in Dragonfly, an open-source P2P file distribution system, due to a hardcoded JWT sec...

Sep 19, 2024
CVE-2024-5296
9.8

This vulnerability allows remote attackers to bypass authentication on D-Link D-View network management systems using a hard-coded cryptographic key. ...

May 23, 2024
CVE-2019-19752
9.8

This vulnerability allows attackers to perform man-in-the-middle attacks against SSH connections to nvOC mining rigs and easily identify all vulnerabl...

Apr 30, 2024
CVE-2024-2413
9.8

CVE-2024-2413 is a critical authentication bypass vulnerability in Intumit SmartRobot that allows remote attackers to generate valid authentication co...

Mar 13, 2024
CVE-2023-3632
9.8

This vulnerability involves hard-coded cryptographic keys in the Kunduz - Homework Helper App, allowing attackers to bypass authentication mechanisms ...

Aug 9, 2023
CVE-2023-2158
9.8

CVE-2023-2158 is a user impersonation vulnerability in Code Dx where attackers can forge 'Remember Me' tokens using a hard-coded cipher to access othe...

Apr 27, 2023
CVE-2023-27583
9.8

PanIndex versions before 3.1.3 use a hard-coded JWT key 'PanIndex', allowing attackers to forge authentication tokens and gain admin privileges. This ...

Mar 13, 2023
CVE-2022-22987
9.8

This vulnerability involves a hardcoded private key in the project folder, allowing attackers to gain unauthorized web server login and potentially pe...

Feb 4, 2022
CVE-2021-40119
9.8

This vulnerability allows unauthenticated remote attackers to gain root access to Cisco Policy Suite systems by exploiting reused static SSH keys acro...

Nov 4, 2021
CVE-2021-27389
9.8

This vulnerability involves Siemens Opcenter Quality and QMS Automotive shipping with a private signing key that lacks adequate protection. Attackers ...

Apr 22, 2021
CVE-2025-63289
9.1

The Sogexia Android app contains hardcoded encryption keys in its SDK, allowing attackers to decrypt sensitive data stored or transmitted by the app. ...

Nov 12, 2025
CVE-2024-1631
9.1

This vulnerability in the @dfinity/identity library allows attackers to compromise ed25519 key pairs when no seed value is provided, using predictable...

Feb 21, 2024
CVE-2025-44963
9.0

CVE-2025-44963 allows attackers to forge administrator JSON Web Tokens (JWTs) in RUCKUS Network Director (RND) by exploiting a hardcoded secret key. T...

Aug 4, 2025
CVE-2025-30406
KEV EPSS 87.9% 9.0

This vulnerability in Gladinet CentreStack allows remote code execution through deserialization attacks. Threat actors who obtain the hardcoded machin...

Apr 3, 2025
CVE-2025-30095
9.0

This vulnerability allows attackers to conduct man-in-the-middle attacks against SSH connections using Dropbear, as affected systems share identical p...

Mar 31, 2025
CVE-2025-5353
8.8

A hardcoded cryptographic key in Ivanti Workspace Control allows local authenticated attackers to decrypt stored SQL database credentials. This affect...

Jun 10, 2025
CVE-2025-22455
8.8

A hardcoded cryptographic key in Ivanti Workspace Control allows local authenticated attackers to decrypt stored SQL database credentials. This affect...

Jun 10, 2025
CVE-2024-5722
8.8

This vulnerability allows attackers on the same network to execute arbitrary code as root on Logsign Unified SecOps Platform installations without aut...

Nov 22, 2024
CVE-2024-33891
8.8

This vulnerability allows attackers to bypass authentication in Delinea Secret Server via the SOAP API, potentially gaining administrative access. It ...

Apr 28, 2024
CVE-2023-37291
8.6

Galaxy Software Services Vitals ESP uses a hard-coded encryption key, allowing unauthenticated remote attackers to generate valid authentication token...

Jul 21, 2023
CVE-2025-30234
8.3

SmartOS contains static SSH host keys in a specific Debian 12 LX zone image, allowing attackers to impersonate legitimate hosts and conduct man-in-the...

Mar 19, 2025
CVE-2024-54027
8.2

This vulnerability allows a privileged attacker with super-admin profile and CLI access to read sensitive data via hard-coded cryptographic keys in Fo...

Mar 17, 2025
CVE-2021-43587
8.2

Dell PowerPath Management Appliance versions 2.6 through 3.2 use hard-coded cryptographic keys, allowing local high-privileged malicious users to decr...

Dec 21, 2021
CVE-2021-38461
8.2

This vulnerability involves hard-coded Blowfish encryption keys in industrial control systems, allowing attackers to decrypt sensitive data and potent...

Oct 22, 2021
CVE-2025-68948
8.1

This vulnerability allows attackers to decrypt session cookies and steal authentication credentials in SiYuan Note software. Attackers who intercept s...

Dec 27, 2025
CVE-2025-13316
EPSS 72% 8.1

CVE-2025-13316 is a cryptographic vulnerability in Twonky Server 8.5.2 where hard-coded encryption keys allow attackers to decrypt administrator passw...

Nov 19, 2025
CVE-2024-58134
8.1

This vulnerability allows attackers to forge session cookies in Mojolicious web applications by exploiting predictable default HMAC secrets. Attackers...

May 3, 2025
CVE-2024-30407
8.1

This vulnerability allows attackers to perform undetectable Person-in-the-Middle attacks on SSH connections to Juniper containerized routing products ...

Apr 12, 2024
CVE-2023-40464
8.1

This vulnerability in Sierra Wireless ALEOS uses a hardcoded SSL certificate and private key across multiple devices. Attackers who obtain these crede...

Dec 4, 2023
CVE-2025-52601
7.8

This vulnerability involves a hardcoded encryption key in Device Manager software that allows attackers to decrypt sensitive information. It affects i...

Dec 26, 2025
CVE-2025-11781
7.8

This vulnerability allows attackers with local access to extract a hardcoded cryptographic key from Circutor SGE-PLC1000/SGE-PLC50 devices. Using this...

Dec 2, 2025

About CWE-321 (CWE-321)

Our database tracks 100 CVEs classified as CWE-321, with 34 rated critical and 37 rated high severity. The average CVSS score for CWE-321 vulnerabilities is 7.8.

External reference: View CWE-321 on MITRE CWE →

Monitor CWE-321 Vulnerabilities

Get alerted when new CWE-321 CVEs affect your infrastructure.

Start Monitoring Free