Skip to main content

CWE-547

Use of Hard-coded, Security-relevant Constants

8 CVEs Avg CVSS 7.5 MITRE
2
CRITICAL
3
HIGH
2
MEDIUM
1
LOW
1
POC
0
KEV

Monthly

CVE-2026-28256 MEDIUM This Month

A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.

Information Disclosure Tracer Sc Firmware Tracer Concierge
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-49151 CRITICAL Act Now

The affected products could allow an unauthenticated attacker to generate forged JSON Web Tokens (JWT) to bypass authentication.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2025-23253 LOW Monitor

NVIDIA NvContainer service for Windows contains a vulnerability in its usage of OpenSSL, where an attacker could exploit a hard-coded constant issue by copying a malicious DLL in a hard-coded path. Rated low severity (CVSS 2.5), this vulnerability is no authentication required. No vendor patch available.

OpenSSL Information Disclosure Nvidia RCE Denial Of Service +2
NVD
CVSS 3.1
2.5
EPSS
0.1%
CVE-2025-2081 HIGH This Week

Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 are vulnerable to an attacker impersonating the web application service and mislead victim clients. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-2079 HIGH This Week

Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain a hard coded secret key. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2024-41885 MEDIUM This Month

Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. Rated medium severity (CVSS 5.6). No vendor patch available.

RCE
NVD
CVSS 4.0
5.6
EPSS
0.2%
CVE-2024-39888 HIGH This Week

A vulnerability has been identified in Mendix Encryption (All versions >= V10.0.0 < V10.0.2). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2023-1712 PyPI CRITICAL POC PATCH Act Now

Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack prior to 0.1.30. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Haystack
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
EPSS 0% CVSS 6.9
MEDIUM This Month

A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.

Information Disclosure Tracer Sc Firmware Tracer Concierge
NVD VulDB
EPSS 0% CVSS 9.3
CRITICAL Act Now

The affected products could allow an unauthenticated attacker to generate forged JSON Web Tokens (JWT) to bypass authentication.

Authentication Bypass
NVD
EPSS 0% CVSS 2.5
LOW Monitor

NVIDIA NvContainer service for Windows contains a vulnerability in its usage of OpenSSL, where an attacker could exploit a hard-coded constant issue by copying a malicious DLL in a hard-coded path. Rated low severity (CVSS 2.5), this vulnerability is no authentication required. No vendor patch available.

OpenSSL Information Disclosure Nvidia +4
NVD
EPSS 0% CVSS 8.7
HIGH This Week

Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 are vulnerable to an attacker impersonating the web application service and mislead victim clients. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
EPSS 0% CVSS 8.7
HIGH This Week

Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain a hard coded secret key. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
EPSS 0% CVSS 5.6
MEDIUM This Month

Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. Rated medium severity (CVSS 5.6). No vendor patch available.

RCE
NVD
EPSS 0% CVSS 8.7
HIGH This Week

A vulnerability has been identified in Mendix Encryption (All versions >= V10.0.0 < V10.0.2). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack prior to 0.1.30. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Haystack
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy