Total
434 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-39889 | 1 Linux | 1 Linux Kernel | 2026-03-04 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: l2cap: Check encryption key size on incoming connection
This is required for passing GAP/SEC/SEM/BI-04-C PTS test case:
Security Mode 4 Level 4, Responder - Invalid Encryption Key Size
- 128 bit
This tests the security key with size from 1 to 15 bytes while the
Security Mode 4 Level 4 requests 16 bytes key size.
Currently PTS fails with the following logs:
- expected:Connection Response:
Code: [3 (0x03)] C ...
Show More |
|||||
| CVE-2021-35226 | 1 Solarwinds | 1 Network Configuration Manager | 2026-02-24 | N/A | 6.5 MEDIUM |
|
An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role.
|
|||||
| CVE-2025-41743 | 1 Sprecher-automation | 6 Sprecon-e-c, Sprecon-e-c Firmware, Sprecon-e-p and 3 more | 2026-02-23 | N/A | 4.0 MEDIUM |
|
Insufficient encryption strength in Sprecher Automation SPRECON-E-C, SPRECON-E-P, and SPRECON-E-T3 allows a local unprivileged attacker to extract data from update images and thus obtain limited information about the architecture and internal processes.
|
|||||
| CVE-2025-36379 | 1 Ibm | 1 Qradar Edr | 2026-02-20 | N/A | 5.9 MEDIUM |
|
IBM Security QRadar EDR 3.12 through 3.12.23 IBM Security ReaQta uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
|
|||||
| CVE-2025-45769 | 1 Google | 1 Firebase Php-jwt | 2026-02-18 | N/A | 6.5 MEDIUM |
|
php-jwt v6.11.0 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record.
|
|||||
| CVE-2025-20667 | 1 Mediatek | 88 Lr12a, Lr13, Mt2735 and 85 more | 2026-02-17 | N/A | 7.5 HIGH |
|
In Modem, there is a possible information disclosure due to incorrect error handling. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01513293; Issue ID: MSV-2741.
|
|||||
| CVE-2025-48823 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2026-02-13 | N/A | 5.9 MEDIUM |
|
Cryptographic issues in Windows Cryptographic Services allows an unauthorized attacker to disclose information over a network.
|
|||||
| CVE-2025-27460 | 1 Endress | 2 Meac300-fnade4, Meac300-fnade4 Firmware | 2026-02-06 | N/A | 7.6 HIGH |
|
The hard drives of the device are not encrypted using a full volume encryption feature such as BitLocker. This allows an attacker with physical access to the device to use an alternative operating system to interact with the hard drives, completely circumventing the Windows login. The attacker can read from and write to all files on the hard drives.
|
|||||
| CVE-2025-7398 | 1 Brocade | 1 Ascg | 2026-02-02 | N/A | 9.1 CRITICAL |
|
Brocade ASCG before 3.3.0 allows for the use of medium strength cryptography algorithms on internal ports ports 9000 and 8036.
|
|||||
| CVE-2024-3387 | 1 Paloaltonetworks | 1 Pan-os | 2026-01-30 | N/A | 5.3 MEDIUM |
|
A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls.
|
|||||
| CVE-2025-68703 | 1 Samrocketman | 1 Jervis | 2026-01-20 | N/A | 7.5 HIGH |
|
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the salt is derived from sha256Sum(passphrase). Two encryption operations with the same password will have the same derived key. This vulnerability is fixed in 2.2.
|
|||||
| CVE-2026-0510 | 2026-01-13 | N/A | 3.0 LOW | ||
|
The User Management Engine (UME) in NetWeaver Application Server for Java (NW AS Java) utilizes an obsolete cryptographic algorithm for encrypting User Mapping data. This weakness could allow an attacker with high-privileged access to exploit the vulnerability under specific conditions potentially leading to partial disclosure of sensitive information.This has low impact on confidentiality with no impact on integrity and availability of the application.
|
|||||
| CVE-2024-5800 | 1 Br-automation | 1 Automation Runtime | 2025-12-19 | N/A | 7.5 HIGH |
|
Diffie-Hellman groups with insufficient strength are used in the SSL/TLS stack of B&R Automation Runtime versions before 6.0.2, allowing a network attacker to decrypt the SSL/TLS communication.
|
|||||
| CVE-2023-23597 | 1 Mozilla | 1 Firefox | 2025-12-18 | N/A | 6.5 MEDIUM |
|
A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the `file://` context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. This vulnerability affects Firefox < 109.
|
|||||
| CVE-2025-65295 | 1 Aqara | 6 Camera Hub G3, Camera Hub G3 Firmware, Hub M2 and 3 more | 2025-12-17 | N/A | 8.1 HIGH |
|
Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 devices, allow attackers to install malicious firmware without proper verification. The device fails to validate firmware signatures during updates, uses outdated cryptographic methods that can be exploited to forge valid signatures, and exposes information through improperly initialized memory.
|
|||||
| CVE-2025-11935 | 3 Apple, Linux, Wolfssl | 3 Macos, Linux Kernel, Wolfssl | 2025-12-03 | N/A | 7.5 HIGH |
|
With TLS 1.3 pre-shared key (PSK) a malicious or faulty server could ignore the request for PFS (perfect forward secrecy) and the client would continue on with the connection using PSK without PFS. This happened when a server responded to a ClientHello containing psk_dhe_ke without a key_share extension. The re-use of an authenticated PSK connection that on the clients side unexpectedly did not have PFS, reduces the security of the connection.
|
|||||
| CVE-2014-1491 | 7 Canonical, Debian, Fedoraproject and 4 more | 13 Ubuntu Linux, Debian Linux, Fedora and 10 more | 2025-11-25 | 4.3 MEDIUM | N/A |
|
Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.
|
|||||
| CVE-2025-32874 | 2025-11-24 | N/A | 7.5 HIGH | ||
|
An issue was discovered in Kaseya Rapid Fire Tools Network Detective through 2.0.16.0. A vulnerability exists in the EncryptionUtil class because symmetric encryption is implemented in a deterministic and non-randomized fashion. The method Encrypt(byte[] clearData) derives both the encryption key and the IV from a fixed, hardcoded input by using a static salt value. As a result, identical plaintext inputs always produce identical ciphertext outputs. This is true for both FIPS and non-FIPS genera ...
Show More |
|||||
| CVE-2025-12439 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-11-13 | N/A | 5.5 MEDIUM |
|
Inappropriate implementation in App-Bound Encryption in Google Chrome on Windows prior to 142.0.7444.59 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. (Chromium security severity: Medium)
|
|||||
| CVE-2024-38867 | 2025-11-11 | N/A | 5.9 MEDIUM | ||
|
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.64), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.64), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.64), SIPROTEC 5 6MD89 (CP300) (All versions < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions < V9.64), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions < V9.64), SIPROTEC 5 7SA82 (CP100) (All versions < V8. ...
Show More |
|||||
| CVE-2018-15811 | 1 Dnnsoftware | 1 Dotnetnuke | 2025-11-07 | 5.0 MEDIUM | 7.5 HIGH |
|
DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.
|
|||||
| CVE-2018-18325 | 1 Dnnsoftware | 1 Dotnetnuke | 2025-11-07 | 5.0 MEDIUM | 7.5 HIGH |
|
DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811.
|
|||||
| CVE-2025-12478 | 1 Azure-access | 4 Blu-ic2, Blu-ic2 Firmware, Blu-ic4 and 1 more | 2025-11-07 | N/A | 9.8 CRITICAL |
|
Non-Compliant TLS Configuration.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
|
|||||
| CVE-2025-2349 | 1 Iroadau | 2 Fx2, Fx2 Firmware | 2025-11-06 | 1.8 LOW | 3.1 LOW |
|
A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/passwd of the component Password Hash Handler. The manipulation leads to password hash with insufficient computational effort. Access to the local network is required for this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may ...
Show More |
|||||
| CVE-2017-1000486 | 1 Primetek | 1 Primefaces | 2025-11-05 | 7.5 HIGH | 9.8 CRITICAL |
|
Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution
|
|||||
| CVE-2025-55039 | 1 Apache | 1 Spark | 2025-11-04 | N/A | 6.5 MEDIUM |
|
This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0.
Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes.
When spark.network.crypto.enabled is set to true (it is set to false by default), but spark.network.crypto.cipher is not explicitly configured, Spark defaults to AES in CTR mode (AES/CTR/NoPadding), which provides encryption without authentication.
This vulnerability allows a man-in ...
Show More |
|||||
| CVE-2020-25685 | 4 Arista, Debian, Fedoraproject and 1 more | 4 Eos, Debian Linux, Fedora and 1 more | 2025-11-04 | 4.3 MEDIUM | 3.7 LOW |
|
A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forg ...
Show More |
|||||
| CVE-2020-10125 | 1 Ncr | 2 Aptra Xfs, Selfserv Atm | 2025-11-04 | 4.6 MEDIUM | 7.6 HIGH |
|
NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 implement 512-bit RSA certificates to validate bunch note acceptor (BNA) software updates, which can be broken by an attacker with physical access in a sufficiently short period of time, thereby enabling the attacker to sign arbitrary files and CAB archives used to update BNA software, as well as bypass application whitelisting, resulting in the ability to execute arbitrary code.
|
|||||
| CVE-2023-4333 | 2 Broadcom, Microsoft | 2 Raid Controller Web Interface, Windows | 2025-11-04 | N/A | 5.5 MEDIUM |
|
Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server
|
|||||
| CVE-2014-2381 | 1 Invensys | 1 Wonderware Information Server | 2025-11-01 | 2.1 LOW | N/A |
|
Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file.
|
|||||
| CVE-2014-2380 | 1 Invensys | 1 Wonderware Information Server | 2025-11-01 | 7.8 HIGH | N/A |
|
Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows remote attackers to obtain sensitive information by reading a credential file.
|
|||||
| CVE-2025-9239 | 1 Eladmin | 1 Eladmin | 2025-10-31 | 2.6 LOW | 3.7 LOW |
|
A vulnerability was identified in elunez eladmin up to 2.7. Affected by this vulnerability is the function EncryptUtils of the file eladmin-common/src/main/java/me/zhengjie/utils/EncryptUtils.java of the component DES Key Handler. The manipulation of the argument STR_PARAM with the input Passw0rd leads to inadequate encryption strength. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitation appears to be difficult.
|
|||||
| CVE-2025-55248 | 3 Apple, Linux, Microsoft | 20 Macos, Linux Kernel, .net and 17 more | 2025-10-23 | N/A | 4.8 MEDIUM |
|
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.
|
|||||
| CVE-2017-11317 | 1 Telerik | 1 Ui For Asp.net Ajax | 2025-10-22 | 7.5 HIGH | 9.8 CRITICAL |
|
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
|
|||||
| CVE-2024-45259 | 1 Gl-inet | 42 A1300, A1300 Firmware, Ar300m and 39 more | 2025-10-15 | N/A | 6.5 MEDIUM |
|
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. By intercepting an HTTP request and changing the filename property in the download interface, any file on the device can be deleted.
|
|||||
| CVE-2025-7789 | 1 Xuxueli | 1 Xxl-job | 2025-09-11 | 2.6 LOW | 3.7 LOW |
|
A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/xxl/job/admin/controller/IndexController.java of the component Token Generation. The manipulation leads to password hash with insufficient computational effort. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and ...
Show More |
|||||
| CVE-2014-9199 | 1 Clorius Controls A\/s | 1 Java Web Client | 2025-09-05 | 10.0 HIGH | N/A |
|
The Clorius Controls Java web client before 01.00.0009g allows remote attackers to discover credentials by sniffing the network for cleartext-equivalent traffic.
|
|||||
| CVE-2024-28860 | 1 Cilium | 1 Cilium | 2025-09-02 | N/A | 8.0 HIGH |
|
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to chosen plaintext, key recovery, replay attacks by a man-in-the-middle attacker. These attacks are possible due to an ESP sequence number collision when multiple nodes are configured with the same key. Fixed versions of Cilium u ...
Show More |
|||||
| CVE-2025-9513 | 2025-08-29 | 2.6 LOW | 3.7 LOW | ||
|
A flaw has been found in editso fuso up to 1.0.4-beta.7. This affects the function PenetrateRsaAndAesHandshake of the file src/net/penetrate/handshake/mod.rs. This manipulation of the argument priv_key causes inadequate encryption strength. Remote exploitation of the attack is possible. A high degree of complexity is needed for the attack. The exploitability is reported as difficult.
|
|||||
| CVE-2025-46409 | 2025-08-29 | N/A | 7.5 HIGH | ||
|
Inadequate encryption strength issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If this vulnerability is exploited, a function that requires authentication may be accessed by a remote unauthenticated attacker.
|
|||||