This page collects WhisperX intelligence signals tagged #cwe-798. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical security vulnerability has been identified in the GitHub repository `arubis/railsgoat-vulnerability-demo`. The automated security scanner RSOLV detected a hardcoded, sensitive API key within the codebase, classified as a Sensitive Data Exposure (CWE-798, OWASP A07:2021). The vulnerability is located in the f...
A critical security vulnerability has been patched after a hardcoded JWT signing key was discovered in the platform's source code. The flaw, classified as CWE-798 (Use of Hard-coded Credentials), carried a CVSS 3.1 score of 9.1, indicating a severe risk. If the static key had been compromised鈥攖hrough a source code leak...
A critical security vulnerability has been exposed within a codebase, revealing hardcoded credentials that could grant unauthorized access to sensitive systems. The flaw, identified as a high-severity issue, involves a plaintext password 'password123' embedded directly in the source code of a file named `utils.py`. Thi...
A critical security vulnerability has been exposed in a Flask application, where a hardcoded secret key is embedded directly in the source code. The exposure, flagged as a high-severity issue, centers on line 19 of the `app.py` file, which contains the insecure assignment `app.secret_key = "super_secret_key_1234"`. Thi...
A critical security vulnerability has been flagged in the `app.py` source code, where a password is hardcoded directly into the application logic. This high-severity issue, classified under CWE-798 (Use of Hard-Coded Credentials), creates a direct path for credential exposure if the code is leaked or accessed by unauth...
A critical security vulnerability has been identified in a Flask application, exposing it to potential session hijacking and user impersonation attacks. The application's secret key, used for cryptographically signing session cookies, is hardcoded directly into the source code file `app.py` on line 20. This fundamental...
A critical security flaw has been identified in nvidia-ai-gateway.py that prints sensitive Gateway API keys directly to standard output during application startup. The vulnerability, traced to the application banner code around lines 44-52, exposes authentication credentials to anyone with console access, log file visi...
A critical security vulnerability has been identified in the `calculator` project's Django configuration, with a hardcoded SECRET_KEY directly embedded in the `settings.py` file. The flaw, mapped to CWE-798 (Use of Hard-coded Credentials), undermines cryptographic signing mechanisms protecting session cookies and passw...