Export limit exceeded: 16300 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (1552 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-33102 | 1 Ibm | 1 Concert | 2025-09-03 | 5.9 Medium |
| IBM Concert Software 1.0.0 through 1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | ||||
| CVE-2024-33663 | 2 Python-jose Project, Redhat | 2 Python-jose, Ansible Automation Platform | 2025-09-02 | 6.5 Medium |
| python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217. | ||||
| CVE-2024-28860 | 1 Cilium | 1 Cilium | 2025-09-02 | 8 High |
| Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to chosen plaintext, key recovery, replay attacks by a man-in-the-middle attacker. These attacks are possible due to an ESP sequence number collision when multiple nodes are configured with the same key. Fixed versions of Cilium use unique keys for each IPsec tunnel established between nodes, resolving all of the above attacks. This vulnerability is fixed in 1.13.13, 1.14.9, and 1.15.3. | ||||
| CVE-2024-31896 | 1 Ibm | 1 Spss Statistics | 2025-09-01 | 5.9 Medium |
| IBM SPSS Statistics 26.0, 27.0.1, 28.0.1, and 29.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | ||||
| CVE-2025-7071 | 2025-08-29 | N/A | ||
| Padding oracle attack vulnerability in Oberon microsystem AG’s ocrypto library in all versions since 3.1.0 and prior to 3.9.2 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations. | ||||
| CVE-2025-9604 | 2025-08-29 | 3.7 Low | ||
| A vulnerability was identified in coze-studio up to 0.2.4. The impacted element is an unknown function of the file backend/domain/plugin/encrypt/aes.go. The manipulation of the argument AuthSecretKey/StateSecretKey/OAuthTokenSecretKey leads to use of hard-coded cryptographic key . It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitability is regarded as difficult. To fix this issue, it is recommended to deploy a patch. The vendor replied to the GitHub issue (translated from simplified Chinese): "For scenarios requiring encryption, we will implement user-defined key management through configuration and optimize the use of encryption tools, such as random salt." | ||||
| CVE-2025-7383 | 2025-08-29 | N/A | ||
| Padding oracle attack vulnerability in Oberon microsystem AG’s Oberon PSA Crypto library in all versions since 1.0.0 and prior to 1.5.1 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations. | ||||
| CVE-2025-46409 | 2025-08-29 | N/A | ||
| Inadequate encryption strength issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If this vulnerability is exploited, a function that requires authentication may be accessed by a remote unauthenticated attacker. | ||||
| CVE-2025-9513 | 1 Editso | 1 Fuso | 2025-08-29 | 3.7 Low |
| A flaw has been found in editso fuso up to 1.0.4-beta.7. This affects the function PenetrateRsaAndAesHandshake of the file src/net/penetrate/handshake/mod.rs. This manipulation of the argument priv_key causes inadequate encryption strength. Remote exploitation of the attack is possible. A high degree of complexity is needed for the attack. The exploitability is reported as difficult. | ||||
| CVE-2024-22314 | 1 Ibm | 1 Storage Defender Resiliency Service | 2025-08-28 | 5.9 Medium |
| IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.12 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | ||||
| CVE-2024-55912 | 2 Ibm, Linux | 2 Concert, Linux Kernel | 2025-08-28 | 5.9 Medium |
| IBM Concert Software 1.0.0 through 1.0.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | ||||
| CVE-2025-55619 | 2 Google, Reolink | 2 Android, Reolink | 2025-08-28 | 9.8 Critical |
| Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering. | ||||
| CVE-2025-41702 | 1 Welotec | 1 Egos Webgui | 2025-08-27 | 9.8 Critical |
| The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorization due to the use of hard-coded cryptographic key. | ||||
| CVE-2024-10405 | 2 Broadcom, Brocade | 2 Brocade Sannav, Sannav | 2025-08-26 | 5.3 Medium |
| Brocade SANnav before SANnav 2.3.1b enables weak TLS ciphers on ports 443 and 18082. In case of a successful exploit, an attacker can read Brocade SANnav data stream that includes monitored Brocade Fabric OS switches performance data, port status, zoning information, WWNs, IP Addresses, but no customer data, no personal data and no secrets or passwords, as it travels across the network. | ||||
| CVE-2024-4282 | 2 Broadcom, Brocade | 2 Brocade Sannav, Sannav | 2025-08-26 | 9.8 Critical |
| Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22. | ||||
| CVE-2025-45764 | 2025-08-26 | 3.2 Low | ||
| jsrsasign v11.1.0 was discovered to contain weak encryption. NOTE: this issue has been disputed by a third party who believes that CVE IDs can be assigned for key lengths in specific applications that use a library, and should not be assigned to the default key lengths in a library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record. | ||||
| CVE-2025-31123 | 1 Zitadel | 1 Zitadel | 2025-08-26 | 8.7 High |
| Zitadel is open-source identity infrastructure software. A vulnerability existed where expired keys can be used to retrieve tokens. Specifically, ZITADEL fails to properly check the expiration date of the JWT key when used for Authorization Grants. This allows an attacker with an expired key to obtain valid access tokens. This vulnerability does not affect the use of JWT Profile for OAuth 2.0 Client Authentication on the Token and Introspection endpoints, which correctly reject expired keys. This vulnerability is fixed in 2.71.6, 2.70.8, 2.69.9, 2.68.9, 2.67.13, 2.66.16, 2.65.7, 2.64.6, and 2.63.9. | ||||
| CVE-2022-48625 | 1 Yealink | 1 Configuration Encryption Tool | 2025-08-26 | 7.5 High |
| Yealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key pair, and thus there is a risk of decryption by an adversary. | ||||
| CVE-2025-9383 | 1 Fnkvision | 1 Y215 Cctv Camera | 2025-08-25 | 2.5 Low |
| A security vulnerability has been detected in FNKvision Y215 CCTV Camera 10.194.120.40. This issue affects the function crypt of the file /etc/passwd. The manipulation leads to use of weak hash. The attack can only be performed from a local environment. The complexity of an attack is rather high. The exploitability is assessed as difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-6572 | 1 Checkmk | 1 Checkmk | 2025-08-25 | 7.4 High |
| Improper host key checking in active check 'Check SFTP Service' and special agent 'VNX quotas and filesystem' in Checkmk before Checkmk 2.3.0p15, 2.2.0p33, 2.1.0p48 and 2.0.0 (EOL) allows man-in-the-middle attackers to intercept traffic | ||||