Total
551 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-9828 | 2025-09-04 | 2.6 LOW | 3.7 LOW | ||
| A vulnerability was determined in Tenda CP6 11.10.00.243. The affected element is the function sub_2B7D04 of the component uhttp. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-33084 | 1 Ibm | 1 Concert | 2025-09-03 | N/A | 5.9 MEDIUM |
| IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | |||||
| CVE-2025-33102 | 1 Ibm | 1 Concert | 2025-09-03 | N/A | 5.9 MEDIUM |
| IBM Concert Software 1.0.0 through 1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | |||||
| CVE-2024-33663 | 1 Python-jose Project | 1 Python-jose | 2025-09-02 | N/A | 6.5 MEDIUM |
| python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217. | |||||
| CVE-2025-7383 | 2025-08-29 | N/A | N/A | ||
| Padding oracle attack vulnerability in Oberon microsystem AG’s Oberon PSA Crypto library in all versions since 1.0.0 and prior to 1.5.1 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations. | |||||
| CVE-2025-7071 | 2025-08-29 | N/A | N/A | ||
| Padding oracle attack vulnerability in Oberon microsystem AG’s ocrypto library in all versions since 3.1.0 and prior to 3.9.2 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations. | |||||
| CVE-2024-10405 | 1 Broadcom | 1 Brocade Sannav | 2025-08-26 | N/A | 5.3 MEDIUM |
| Brocade SANnav before SANnav 2.3.1b enables weak TLS ciphers on ports 443 and 18082. In case of a successful exploit, an attacker can read Brocade SANnav data stream that includes monitored Brocade Fabric OS switches performance data, port status, zoning information, WWNs, IP Addresses, but no customer data, no personal data and no secrets or passwords, as it travels across the network. | |||||
| CVE-2024-4282 | 1 Broadcom | 1 Brocade Sannav | 2025-08-26 | N/A | 9.8 CRITICAL |
| Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22. | |||||
| CVE-2025-9383 | 2025-08-25 | 1.0 LOW | 2.5 LOW | ||
| A security vulnerability has been detected in FNKvision Y215 CCTV Camera 10.194.120.40. This issue affects the function crypt of the file /etc/passwd. The manipulation leads to use of weak hash. The attack can only be performed from a local environment. The complexity of an attack is rather high. The exploitability is assessed as difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-48946 | 1 Openquantumsafe | 1 Liboqs | 2025-08-25 | N/A | 3.7 LOW |
| liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. liboqs prior to version 0.13.0 supports the HQC algorithm, an algorithm with a theoretical design flaw which leads to large numbers of malformed ciphertexts sharing the same implicit rejection value. Currently, no concrete attack on the algorithm is known. However, prospective users of HQC must take extra care when using the algorithm in protocols involving key derivation. In particular, HQC does not provide the same security guarantees as Kyber or ML-KEM. There is currently no patch for the HQC flaw available in liboqs, so HQC is disabled by default in liboqs starting from version 0.13.0. OQS will update its implementation after the HQC team releases an updated algorithm specification. | |||||
| CVE-2025-45767 | 2025-08-21 | N/A | 7.0 HIGH | ||
| jose v6.0.10 was discovered to contain weak encryption. NOTE: this is disputed by a third party because the claim of "do not meet recommended security standards" does not reflect guidance in a final publication. | |||||
| CVE-2024-31510 | 1 Openquantumsafe | 1 Liboqs | 2025-08-20 | N/A | 9.8 CRITICAL |
| An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker to escalate privileges via the crypto_sign_signature parameter in the /pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/sign.c component. | |||||
| CVE-2025-9146 | 2025-08-20 | 6.8 MEDIUM | 6.6 MEDIUM | ||
| A flaw has been found in Linksys E5600 1.1.0.26. The affected element is the function verify_gemtek_header of the file checkFw.sh of the component Firmware Handler. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is described as difficult. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-22314 | 1 Ibm | 1 Storage Defender Resiliency Service | 2025-08-19 | N/A | 5.9 MEDIUM |
| IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.12 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | |||||
| CVE-2024-31896 | 1 Ibm | 1 Spss Statistics | 2025-08-18 | N/A | 5.9 MEDIUM |
| IBM SPSS Statistics 26.0, 27.0.1, 28.0.1, and 29.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | |||||
| CVE-2024-27256 | 1 Ibm | 2 Mq Operator, Supplied Mq Advanced Container Images | 2025-08-18 | N/A | 5.9 MEDIUM |
| IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | |||||
| CVE-2024-38320 | 6 Apple, Hp, Ibm and 3 more | 8 Macos, Hp-ux, Aix and 5 more | 2025-08-18 | N/A | 5.9 MEDIUM |
| IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client 8.1.0.0 through 8.1.23.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | |||||
| CVE-2025-45766 | 1 Pocoproject | 1 Poco | 2025-08-17 | N/A | 7.0 HIGH |
| poco v1.14.1-release was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record. | |||||
| CVE-2024-22347 | 1 Ibm | 2 Devops Velocity, Urbancode Velocity | 2025-08-14 | N/A | 5.9 MEDIUM |
| IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | |||||
| CVE-2024-41986 | 2025-08-12 | N/A | 6.4 MEDIUM | ||
| A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application support insecure TLS 1.0 and 1.1 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data. | |||||