Total
413 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-48823 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-08-05 | 5.9 Medium |
| Cryptographic issues in Windows Cryptographic Services allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-45770 | 2025-08-04 | 7 High | ||
| jwt v5.4.3 was discovered to contain weak encryption. | ||||
| CVE-2025-45769 | 2025-08-04 | 7.3 High | ||
| php-jwt v6.11.0 was discovered to contain weak encryption. | ||||
| CVE-2024-10026 | 1 Google | 1 Gvisor | 2025-07-31 | 5.3 Medium |
| A weak hashing algorithm and small sizes of seeds/secrets in Google's gVisor allowed for a remote attacker to calculate a local IP address and a per-boot identifier that could aid in tracking of a device in certain circumstances. | ||||
| CVE-2017-11317 | 1 Telerik | 1 Ui For Asp.net Ajax | 2025-07-30 | 9.8 Critical |
| Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code. | ||||
| CVE-2017-1000486 | 1 Primetek | 1 Primefaces | 2025-07-30 | 9.8 Critical |
| Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution | ||||
| CVE-2018-15811 | 1 Dnnsoftware | 1 Dotnetnuke | 2025-07-30 | 7.5 High |
| DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters. | ||||
| CVE-2018-18325 | 1 Dnnsoftware | 1 Dotnetnuke | 2025-07-30 | 7.5 High |
| DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811. | ||||
| CVE-2025-7789 | 1 Xuxueli | 1 Xxl-job | 2025-07-22 | 3.7 Low |
| A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/xxl/job/admin/controller/IndexController.java of the component Token Generation. The manipulation leads to password hash with insufficient computational effort. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7398 | 2025-07-22 | N/A | ||
| Brocade ASCG before 3.3.0 allows for the use of medium strength cryptography algorithms on internal ports ports 9000 and 8036. | ||||
| CVE-2025-36106 | 1 Ibm | 1 Cognos Analytics Mobile | 2025-07-22 | 6.5 Medium |
| IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to view and modify information coming to and from the application which could then be used to access confidential information on the device or network by using a the deprecated or misconfigured AFNetworking library at runtime. | ||||
| CVE-2024-25102 | 1 Cdac | 1 Appsamvid Software | 2025-07-13 | 7.8 High |
| This vulnerability exists in AppSamvid software due to the usage of a weaker cryptographic algorithm (hash) SHA1 in user login component. An attacker with local administrative privileges could exploit this to obtain the password of AppSamvid on the targeted system. Successful exploitation of this vulnerability could allow the attacker to take complete control of the application on the targeted system. | ||||
| CVE-2025-2516 | 1 Kingsoft | 1 Wps Office | 2025-07-13 | N/A |
| The use of a weak cryptographic key pair in the signature verification process in WPS Office (Kingsoft) on Windows allows an attacker who successfully recovered the private key to sign components. As older versions of WPS Office did not validate the update server's certificate, an Adversary-In-The-Middle attack was possible allowing updates to be hijacked. | ||||
| CVE-2024-40761 | 1 Apache | 1 Answer | 2025-07-10 | 5.3 Medium |
| Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. Using the MD5 value of a user's email to access Gravatar is insecure and can lead to the leakage of user email. The official recommendation is to use SHA256 instead. Users are recommended to upgrade to version 1.4.0, which fixes the issue. | ||||
| CVE-2024-45719 | 1 Apache | 1 Answer | 2025-07-01 | 2.6 Low |
| Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users are recommended to upgrade to version 1.4.1, which fixes the issue. | ||||
| CVE-2023-7237 | 1 Lantronix | 2 Xport Edge, Xport Edge Firmware | 2025-06-17 | 5.7 Medium |
| Lantronix XPort sends weakly encoded credentials within web request headers. | ||||
| CVE-2025-43925 | 1 Unicomsi | 1 Focal Point | 2025-06-11 | 4.6 Medium |
| An issue was discovered in Unicom Focal Point 7.6.1. The database is encrypted with a hardcoded key, making it easier to recover the cleartext data. | ||||
| CVE-2024-28755 | 1 Arm | 1 Mbed Tls | 2025-06-10 | 6.5 Medium |
| An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When an SSL context was reset with the mbedtls_ssl_session_reset() API, the maximum TLS version to be negotiated was not restored to the configured one. An attacker was able to prevent an Mbed TLS server from establishing any TLS 1.3 connection, potentially resulting in a Denial of Service or forced version downgrade from TLS 1.3 to TLS 1.2. | ||||
| CVE-2024-38341 | 1 Ibm | 1 Sterling Secure Proxy | 2025-06-09 | 5.9 Medium |
| IBM Sterling Secure Proxy 6.0.0.0 through 6.0.3.1, 6.1.0.0 through 6.1.0.0, and 6.2.0.0 through 6.2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | ||||
| CVE-2024-0753 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2025-06-07 | 6.5 Medium |
| In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | ||||