CWE-547— Use of Hard-coded, Security-relevant Constants
The product uses hard-coded constants instead of symbolic names for security-critical values, which increases the likelihood of mistakes during code maintenance or security policy change.— MITRE CWE catalog
11 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-547page 1 of 1
- CVE-2017-0928MEDIUMCVSS 6.1EG 6.12018-06-04
html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the '_sanitized' variable causing sanitization to be bypassed.
- CVE-2019-14837CRITICALCVSS 9.1EG 9.12020-01-07
A flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup mail server on this domain and knowing only name of a client can reset password and then log in. For example, for client name 'test' the em…
- CVE-2023-1712CRITICALCVSS 9.8EG 9.82023-03-30
Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack prior to 0.1.30.
- CVE-2024-32021LOWCVSS 3.9EG 3.92024-05-14
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-re…
- CVE-2024-39888HIGHCVSS 7.5EG 7.52024-07-09
A vulnerability has been identified in Mendix Encryption (All versions >= V10.0.0 < V10.0.2). Affected versions of the module define a specific hard-coded default value for the EncryptionKey constant, which is used in projects where no ind…
- CVE-2024-41885MEDIUMCVSS 5.6EG 5.62024-12-24
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. The seed string for the encrypt key was hardcoding. The manufacturer has released patch firmware for the flaw, please refer to the m…
- CVE-2025-2079HIGHCVSS 8.7EG 8.72025-03-13
Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain a hard coded secret key. This could allow an attacker to generate valid JWT (JSON Web Token) sessions.
- CVE-2025-2081HIGHCVSS 8.7EG 8.72025-03-13
Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 are vulnerable to an attacker impersonating the web application service and mislead victim clients.
- CVE-2025-23253LOWCVSS 2.5EG 2.52025-04-22
NVIDIA NvContainer service for Windows contains a vulnerability in its usage of OpenSSL, where an attacker could exploit a hard-coded constant issue by copying a malicious DLL in a hard-coded path. A successful exploit of this vulnerabilit…
- CVE-2025-30206CRITICALCVSS 9.8EG 9.82025-04-15
Dpanel is a Docker visualization panel system which provides complete Docker management functions. The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers to generate valid JWT tokens and comprom…
- CVE-2025-49151CRITICALCVSS 9.3EG 9.12025-06-25
The affected products could allow an unauthenticated attacker to generate forged JSON Web Tokens (JWT) to bypass authentication.
Map vulnerabilities like CWE-547 to your infrastructure
EchelonGraph correlates every CVE — across CWE-547 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →