Total
409 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-7398 | 2025-07-22 | N/A | N/A | ||
| Brocade ASCG before 3.3.0 allows for the use of medium strength cryptography algorithms on internal ports ports 9000 and 8036. | |||||
| CVE-2025-7789 | 2025-07-22 | 2.6 LOW | 3.7 LOW | ||
| A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/xxl/job/admin/controller/IndexController.java of the component Token Generation. The manipulation leads to password hash with insufficient computational effort. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-36106 | 2025-07-22 | N/A | 6.5 MEDIUM | ||
| IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to view and modify information coming to and from the application which could then be used to access confidential information on the device or network by using a the deprecated or misconfigured AFNetworking library at runtime. | |||||
| CVE-2025-48823 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-07-15 | N/A | 5.9 MEDIUM |
| Cryptographic issues in Windows Cryptographic Services allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2024-40761 | 1 Apache | 1 Answer | 2025-07-10 | N/A | 5.3 MEDIUM |
| Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. Using the MD5 value of a user's email to access Gravatar is insecure and can lead to the leakage of user email. The official recommendation is to use SHA256 instead. Users are recommended to upgrade to version 1.4.0, which fixes the issue. | |||||
| CVE-2024-45719 | 1 Apache | 1 Answer | 2025-07-01 | N/A | 2.6 LOW |
| Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users are recommended to upgrade to version 1.4.1, which fixes the issue. | |||||
| CVE-2025-43925 | 1 Unicomsi | 1 Focal Point | 2025-06-11 | N/A | 4.6 MEDIUM |
| An issue was discovered in Unicom Focal Point 7.6.1. The database is encrypted with a hardcoded key, making it easier to recover the cleartext data. | |||||
| CVE-2024-28755 | 1 Arm | 1 Mbed Tls | 2025-06-10 | N/A | 6.5 MEDIUM |
| An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When an SSL context was reset with the mbedtls_ssl_session_reset() API, the maximum TLS version to be negotiated was not restored to the configured one. An attacker was able to prevent an Mbed TLS server from establishing any TLS 1.3 connection, potentially resulting in a Denial of Service or forced version downgrade from TLS 1.3 to TLS 1.2. | |||||
| CVE-2024-38341 | 1 Ibm | 1 Sterling Secure Proxy | 2025-06-09 | N/A | 5.9 MEDIUM |
| IBM Sterling Secure Proxy 6.0.0.0 through 6.0.3.1, 6.1.0.0 through 6.1.0.0, and 6.2.0.0 through 6.2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | |||||
| CVE-2025-4894 | 1 Calmkart | 1 Django-sso-server | 2025-06-05 | 2.6 LOW | 3.7 LOW |
| A vulnerability classified as problematic was found in calmkart Django-sso-server up to 057247929a94ffc358788a37ab99e391379a4d15. This vulnerability affects the function gen_rsa_keys of the file common/crypto.py. The manipulation leads to inadequate encryption strength. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | |||||
| CVE-2025-48960 | 2025-06-04 | N/A | 5.9 MEDIUM | ||
| Weak server key used for TLS encryption. The following products are affected: Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39938. | |||||
| CVE-2025-46626 | 1 Tenda | 2 Rx2 Pro, Rx2 Pro Firmware | 2025-05-27 | N/A | 7.3 HIGH |
| Reuse of a static AES key and initialization vector for encrypted traffic to the 'ate' management service of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt, replay, and/or forge traffic to the service. | |||||
| CVE-2019-13539 | 1 Medtronic | 5 Valleylab Exchange Client, Valleylab Ft10 Energy Platform, Valleylab Ft10 Energy Platform Firmware and 2 more | 2025-05-22 | 7.2 HIGH | 7.0 HIGH |
| Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based logons are disabled, and attackers can use the other vulnerabilities within this report to obtain local shell access and access these hashes. | |||||
| CVE-2024-33662 | 1 Portainer | 1 Portainer | 2025-05-21 | N/A | 7.5 HIGH |
| Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function. | |||||
| CVE-2022-41209 | 1 Sap | 1 Customer Data Cloud | 2025-05-20 | N/A | 5.2 MEDIUM |
| SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method which lacks proper diffusion and does not hide the patterns well. This can lead to information disclosure. In certain scenarios, application might also be susceptible to replay attacks. | |||||
| CVE-2024-39928 | 1 Apache | 1 Linkis | 2025-05-16 | N/A | 7.5 HIGH |
| In Apache Linkis <= 1.5.0, a Random string security vulnerability in Spark EngineConn, random string generated by the Token when starting Py4j uses the Commons Lang's RandomStringUtils. Users are recommended to upgrade to version 1.6.0, which fixes this issue. | |||||
| CVE-2025-22446 | 2025-05-16 | N/A | 4.6 MEDIUM | ||
| Inadequate encryption strength for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent access. | |||||
| CVE-2025-27524 | 2025-05-16 | N/A | 5.3 MEDIUM | ||
| Weak encryption vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through 11-00-05, from 10-50 through 10-50-06. | |||||
| CVE-2024-42177 | 1 Hcltech | 1 Dryice Myxalytics | 2025-05-16 | N/A | 2.6 LOW |
| HCL MyXalytics is affected by SSL∕TLS Protocol affected with BREACH & LUCKY13 vulnerabilities. Attackers can exploit the weakness in the ciphers to intercept and decrypt encrypted data, steal sensitive information, or inject malicious code into the system. | |||||
| CVE-2024-52317 | 1 Apache | 1 Tomcat | 2025-05-15 | N/A | 6.5 MEDIUM |
| Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through 10.1.30, from 9.0.92 through 9.0.95. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fixes the issue. | |||||