Total
435 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-38277 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-08-07 | N/A | 5.4 MEDIUM |
| A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two. | |||||
| CVE-2025-36106 | 1 Ibm | 1 Cognos Analytics Mobile | 2025-08-07 | N/A | 6.5 MEDIUM |
| IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to view and modify information coming to and from the application which could then be used to access confidential information on the device or network by using a the deprecated or misconfigured AFNetworking library at runtime. | |||||
| CVE-2024-10026 | 1 Google | 1 Gvisor | 2025-07-31 | N/A | 5.3 MEDIUM |
| A weak hashing algorithm and small sizes of seeds/secrets in Google's gVisor allowed for a remote attacker to calculate a local IP address and a per-boot identifier that could aid in tracking of a device in certain circumstances. | |||||
| CVE-2024-40761 | 1 Apache | 1 Answer | 2025-07-10 | N/A | 5.3 MEDIUM |
| Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. Using the MD5 value of a user's email to access Gravatar is insecure and can lead to the leakage of user email. The official recommendation is to use SHA256 instead. Users are recommended to upgrade to version 1.4.0, which fixes the issue. | |||||
| CVE-2024-45719 | 1 Apache | 1 Answer | 2025-07-01 | N/A | 2.6 LOW |
| Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users are recommended to upgrade to version 1.4.1, which fixes the issue. | |||||
| CVE-2025-43925 | 1 Unicomsi | 1 Focal Point | 2025-06-11 | N/A | 4.6 MEDIUM |
| An issue was discovered in Unicom Focal Point 7.6.1. The database is encrypted with a hardcoded key, making it easier to recover the cleartext data. | |||||
| CVE-2024-38341 | 1 Ibm | 1 Sterling Secure Proxy | 2025-06-09 | N/A | 5.9 MEDIUM |
| IBM Sterling Secure Proxy 6.0.0.0 through 6.0.3.1, 6.1.0.0 through 6.1.0.0, and 6.2.0.0 through 6.2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | |||||
| CVE-2025-4894 | 1 Calmkart | 1 Django-sso-server | 2025-06-05 | 2.6 LOW | 3.7 LOW |
| A vulnerability classified as problematic was found in calmkart Django-sso-server up to 057247929a94ffc358788a37ab99e391379a4d15. This vulnerability affects the function gen_rsa_keys of the file common/crypto.py. The manipulation leads to inadequate encryption strength. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | |||||
| CVE-2025-46626 | 1 Tenda | 2 Rx2 Pro, Rx2 Pro Firmware | 2025-05-27 | N/A | 7.3 HIGH |
| Reuse of a static AES key and initialization vector for encrypted traffic to the 'ate' management service of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt, replay, and/or forge traffic to the service. | |||||
| CVE-2019-13539 | 1 Medtronic | 5 Valleylab Exchange Client, Valleylab Ft10 Energy Platform, Valleylab Ft10 Energy Platform Firmware and 2 more | 2025-05-22 | 7.2 HIGH | 7.0 HIGH |
| Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based logons are disabled, and attackers can use the other vulnerabilities within this report to obtain local shell access and access these hashes. | |||||
| CVE-2024-33662 | 1 Portainer | 1 Portainer | 2025-05-21 | N/A | 7.5 HIGH |
| Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function. | |||||
| CVE-2022-41209 | 1 Sap | 1 Customer Data Cloud | 2025-05-20 | N/A | 5.2 MEDIUM |
| SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method which lacks proper diffusion and does not hide the patterns well. This can lead to information disclosure. In certain scenarios, application might also be susceptible to replay attacks. | |||||
| CVE-2024-39928 | 1 Apache | 1 Linkis | 2025-05-16 | N/A | 7.5 HIGH |
| In Apache Linkis <= 1.5.0, a Random string security vulnerability in Spark EngineConn, random string generated by the Token when starting Py4j uses the Commons Lang's RandomStringUtils. Users are recommended to upgrade to version 1.6.0, which fixes this issue. | |||||
| CVE-2024-42177 | 1 Hcltech | 1 Dryice Myxalytics | 2025-05-16 | N/A | 2.6 LOW |
| HCL MyXalytics is affected by SSL∕TLS Protocol affected with BREACH & LUCKY13 vulnerabilities. Attackers can exploit the weakness in the ciphers to intercept and decrypt encrypted data, steal sensitive information, or inject malicious code into the system. | |||||
| CVE-2024-52317 | 1 Apache | 1 Tomcat | 2025-05-15 | N/A | 6.5 MEDIUM |
| Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through 10.1.30, from 9.0.92 through 9.0.95. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fixes the issue. | |||||
| CVE-2024-52318 | 1 Apache | 1 Tomcat | 2025-05-15 | N/A | 6.1 MEDIUM |
| Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue. | |||||
| CVE-2022-21139 | 1 Intel | 18 Proset Wi-fi 6e Ax210, Proset Wi-fi 6e Ax210 Firmware, Wi-fi 6 Ax200 and 15 more | 2025-05-05 | N/A | 8.8 HIGH |
| Inadequate encryption strength for some Intel(R) PROSet/Wireless WiFi products may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | |||||
| CVE-2020-14481 | 1 Rockwellautomation | 1 Factorytalk View | 2025-04-17 | 2.1 LOW | 7.8 HIGH |
| The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an attacker could gain full access to the user’s operating system and certain components of FactoryTalk View SE. | |||||
| CVE-2022-38659 | 2 Hcltech, Microsoft | 2 Bigfix Platform, Windows | 2025-04-17 | N/A | 6.0 MEDIUM |
| In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely machine-dependent. | |||||
| CVE-2022-47931 | 1 Iofinnet | 1 Tss-lib | 2025-04-15 | N/A | 9.1 CRITICAL |
| IO FinNet tss-lib before 2.0.0 allows a collision of hash values. | |||||