Total
20 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-3099 | 2 Gnome, Redhat | 2 Libsoup, Enterprise Linux | 2026-03-23 | N/A | 5.8 MEDIUM |
| A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count (nc) attribute. This vulnerability allows a remote attacker to capture a single valid authentication header and replay it repeatedly. Consequently, the attacker can bypass authentication and gain unauthorized access to protected resources, impersonating the legitimate user. | |||||
| CVE-2026-3559 | 2026-03-16 | N/A | 8.1 HIGH | ||
| Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the SRP authentication mechanism in the HomeKit Accessory Protocol service, which listens on TCP port 8080 by default. The issue results from the use of a static nonce value. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-28451. | |||||
| CVE-2026-30785 | 2026-03-05 | N/A | N/A | ||
| Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'), Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk, hbb_common on Windows, MacOS, Linux (Password security module, config encryption, machine UID modules) allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program files hbb_common/src/password_security.Rs, hbb_common/src/config.Rs, hbb_common/src/lib.Rs (get_uuid), machine-uid/src/lib.Rs and program routines symmetric_crypt(), encrypt_str_or_original(), decrypt_str_or_original(), get_uuid(), get_machine_id(). This issue affects RustDesk Client: through 1.4.5. | |||||
| CVE-2026-25998 | 1 Strongswan | 1 Strongman | 2026-02-23 | N/A | 7.5 HIGH |
| strongMan is a management interface for strongSwan, an OpenSource IPsec-based VPN. When storing credentials in the database (private keys, EAP secrets), strongMan encrypts the corresponding database fields. So far it used AES in CTR mode with a global database key. Together with an initialization vector (IV), a key stream is generated to encrypt the data in the database fields. But because strongMan did not generate individual IVs, every database field was encrypted using the same key stream. An attacker that has access to the database can use this to recover the encrypted credentials. In particular, because certificates, which have to be considered public information, are also encrypted using the same mechanism, an attacker can directly recover a large chunk of the key stream, which allows them to decrypt basically all other secrets especially ECDSA private keys and EAP secrets, which are usually a lot shorter. Version 0.2.0 fixes the issue by switching to AES-GCM-SIV encryption with a random nonce and an individually derived encryption key, using HKDF, for each encrypted value. Database migrations are provided to automatically re-encrypt all credentials. | |||||
| CVE-2025-47345 | 1 Qualcomm | 210 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 207 more | 2026-01-27 | N/A | 8.4 HIGH |
| Cryptographic issue may occur while encrypting license data. | |||||
| CVE-2025-59870 | 1 Hcltech | 1 Myxalytics | 2026-01-23 | N/A | 7.4 HIGH |
| HCL MyXalytics is affected by improper management of a static JWT signing secret in the web application, where the secret lacks rotation , introducing a security risk | |||||
| CVE-2025-61739 | 2025-12-23 | N/A | N/A | ||
| Due to Nonce reuse, attackers can perform reply attack or decrypt captured packets. | |||||
| CVE-2025-64767 | 2025-11-25 | N/A | 9.1 CRITICAL | ||
| hpke-js is a Hybrid Public Key Encryption (HPKE) module built on top of Web Cryptography API. Prior to version 1.7.5, the public SenderContext Seal() API has a race condition which allows for the same AEAD nonce to be re-used for multiple Seal() calls. This can lead to complete loss of Confidentiality and Integrity of the produced messages. This issue has been patched in version 1.7.5. | |||||
| CVE-2023-7003 | 2025-11-04 | N/A | 6.8 MEDIUM | ||
| The AES key utilized in the pairing process between a lock using Sciener firmware and a wireless keypad is not unique, and can be reused to compromise other locks using the Sciener firmware. | |||||
| CVE-2022-37660 | 1 W1.fi | 1 Hostapd | 2025-11-03 | N/A | 6.5 MEDIUM |
| In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. An attacker that successfully bootstrapped public keys with another entity using PKEX in the past, will be able to subvert a future bootstrapping by passively observing public keys, re-using the encrypting element Qi and subtracting it from the captured message M (X = M - Qi). This will result in the public ephemeral key X; the only element required to subvert the PKEX association. | |||||
| CVE-2023-28997 | 1 Nextcloud | 1 Desktop | 2025-11-03 | N/A | 6.7 MEDIUM |
| The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can recover and modify the contents of end-to-end encrypted files. Users should upgrade the Nextcloud Desktop client to 3.6.5 to receive a patch. No known workarounds are available. | |||||
| CVE-2025-46632 | 1 Tenda | 2 Rx2 Pro, Rx2 Pro Firmware | 2025-05-27 | N/A | 6.5 MEDIUM |
| Initialization vector (IV) reuse in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an attacker to discern information about or more easily decrypt encrypted messages between client and server. | |||||
| CVE-2024-11022 | 2024-12-06 | N/A | 5.6 MEDIUM | ||
| The authentication process to the web server uses a challenge response procedure which inludes the nonce and additional information. This challenge can be used several times for login and is therefore vulnerable for a replay attack. | |||||
| CVE-2024-36289 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Reusing a nonce, key pair in encryption issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a man-in-the-middle attack. | |||||
| CVE-2024-36121 | 1 Netty | 1 Netty-incubator-codec-ohttp | 2024-11-21 | N/A | 5.9 MEDIUM |
| netty-incubator-codec-ohttp is the OHTTP implementation for netty. BoringSSLAEADContext keeps track of how many OHTTP responses have been sent and uses this sequence number to calculate the appropriate nonce to use with the encryption algorithm. Unfortunately, two separate errors combine which would allow an attacker to cause the sequence number to overflow and thus the nonce to repeat. | |||||
| CVE-2023-4680 | 1 Hashicorp | 1 Vault | 2024-11-21 | N/A | 6.8 MEDIUM |
| HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11. | |||||
| CVE-2021-32791 | 3 Apache, Fedoraproject, Openidc | 3 Http Server, Fedora, Mod Auth Openidc | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openidc uses a static IV and AAD. It is important to fix because this creates a static nonce and since aes-gcm is a stream cipher, this can lead to known cryptographic issues, since the same key is being reused. From 2.4.9 onwards this has been patched to use dynamic values through usage of cjose AES encryption routines. | |||||
| CVE-2020-1759 | 3 Fedoraproject, Linuxfoundation, Redhat | 5 Fedora, Ceph, Ceph Storage and 2 more | 2024-11-21 | 5.8 MEDIUM | 6.4 MEDIUM |
| A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks. | |||||
| CVE-2024-21530 | 2024-10-04 | N/A | 4.5 MEDIUM | ||
| Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can generate the same ciphertext by creating a new encrypted message with the same cocoon object. **Note:** The issue does NOT affect objects created with Cocoon::new which utilizes ThreadRng. | |||||
| CVE-2024-41951 | 2024-08-01 | N/A | 4.4 MEDIUM | ||
| Pheonix App is a Python application designed to streamline various tasks, from managing files to playing mini-games. The issue is that the map of encoding/decoding languages are visible in code. The Problem was patched in 0.2.4. | |||||