Total
581 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34444 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | N/A | 5.9 MEDIUM |
| Dell PowerScale OneFS, versions 9.2.0.x through 9.4.0.x contain an information vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to cause data leak. | |||||
| CVE-2024-25968 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | N/A | 5.9 MEDIUM |
| Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains a use of a broken or risky cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure. | |||||
| CVE-2025-43723 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | N/A | 5.9 MEDIUM |
| Dell PowerScale OneFS, versions prior to 9.10.1.3 and versions 9.11.0.0 through 9.12.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. | |||||
| CVE-2024-25963 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | N/A | 5.9 MEDIUM |
| Dell PowerScale OneFS, versions 8.2.2.x through 9.5.0.x contains a use of a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure. | |||||
| CVE-2024-32852 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | N/A | 5.9 MEDIUM |
| Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.0 contain use of a broken or risky cryptographic algorithm vulnerability. An unprivileged network malicious attacker could potentially exploit this vulnerability, leading to data leaks. | |||||
| CVE-2026-2618 | 1 Beetel | 2 777vr1, 777vr1 Firmware | 2026-02-19 | 2.6 LOW | 3.7 LOW |
| A vulnerability was determined in Beetel 777VR1 up to 01.00.09. This impacts an unknown function of the component SSH Service. This manipulation causes risky cryptographic algorithm. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The exploitability is said to be difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-43178 | 2 Ibm, Linux | 2 Concert, Linux Kernel | 2026-02-18 | N/A | 5.9 MEDIUM |
| IBM Concert 1.0.0 through 2.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | |||||
| CVE-2025-69929 | 1 N3uron | 1 Web User Interface | 2026-02-13 | N/A | 9.8 CRITICAL |
| An issue in N3uron Web User Interface v.1.21.7-240207.1047 allows a remote attacker to escalate privileges via the password hashing on the client side using the MD5 algorithm over a predictable string format | |||||
| CVE-2025-49756 | 1 Microsoft | 1 365 Apps | 2026-02-13 | N/A | 3.3 LOW |
| Use of a broken or risky cryptographic algorithm in Office Developer Platform allows an authorized attacker to bypass a security feature locally. | |||||
| CVE-2026-26219 | 2026-02-13 | N/A | 9.1 CRITICAL | ||
| newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure, backup leakage, or other compromise vectors to rapidly recover plaintext credentials via offline attacks. | |||||
| CVE-2025-52026 | 1 Aptsys | 1 Gemscms Backend | 2026-02-12 | N/A | 7.5 HIGH |
| An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. As MD5 is a broken cryptographic function, the hashes can be easily reversed using public tools, exposing user credentials in plaintext. This allows remote attackers to perform unauthorized logins and potentially gain access to sensitive POS operations or backend functions. | |||||
| CVE-2026-22585 | 1 Salesforce | 1 Marketing Cloud Engagement | 2026-02-12 | N/A | 9.8 CRITICAL |
| Use of a Broken or Risky Cryptographic Algorithm vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026. | |||||
| CVE-2025-58743 | 2 Microsoft, Milner | 2 Windows, Imagedirector Capture | 2026-02-10 | N/A | 7.5 HIGH |
| Use of a Broken or Risky Cryptographic Algorithm (DES) vulnerability in the Password class in C2SConnections.dll in Milner ImageDirector Capture on Windows allows Encryption Brute Forcing to obtain database credentials.This issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808. | |||||
| CVE-2025-66598 | 2026-02-09 | N/A | N/A | ||
| A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product supports old SSL/TLS versions, potentially allowing an attacker to decrypt communications with the web server. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04 | |||||
| CVE-2025-66597 | 2026-02-09 | N/A | N/A | ||
| A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product supports weak cryptographic algorithms, potentially allowing an attacker to decrypt communications with the web server. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04 | |||||
| CVE-2025-27458 | 1 Endress | 2 Meac300-fnade4, Meac300-fnade4 Firmware | 2026-02-06 | N/A | 6.5 MEDIUM |
| The VNC authentication mechanism bases on a challenge-response system where both server and client use the same password for encryption. The challenge is sent from the server to the client, is encrypted by the client and sent back. The server does the same encryption locally and if the responses match it is prooven that the client knows the correct password. Since all VNC communication is unencrypted, an attacker can obtain the challenge and response and try to derive the password from this information. | |||||
| CVE-2026-24785 | 2026-01-29 | N/A | N/A | ||
| Clatter is a no_std compatible, pure Rust implementation of the Noise protocol framework with post-quantum support. Versiosn prior to2.2.0 have a protocol compliance vulnerability. The library allowed post-quantum handshake patterns that violated the PSK validity rule (Noise Protocol Framework Section 9.3). This could allow PSK-derived keys to be used for encryption without proper randomization by self-chosen ephemeral randomness, weakening security guarantees and potentially allowing catastrophic key reuse. Affected default patterns include `noise_pqkk_psk0`, `noise_pqkn_psk0`, `noise_pqnk_psk0`, `noise_pqnn_psk0``, and some hybrid variants. Users of these patterns may have been using handshakes that do not meet the intended security properties. The issue is fully patched and released in Clatter v2.2.0. The fixed version includes runtime checks to detect offending handshake patterns. As a workaround, avoid using offending `*_psk0` variants of post-quantum patterns. Review custom handshake patterns carefully. | |||||
| CVE-2025-62514 | 2026-01-29 | N/A | 8.3 HIGH | ||
| Parsec is a cloud-based application for cryptographically secure file sharing. In versions on the 3.x branch prior to 3.6.0, `libparsec_crypto`, a component of the Parsec application, does not check for weak order point of Curve25519 when compiled with its RustCrypto backend. In practice this means an attacker in a man-in-the-middle position would be able to provide weak order points to both parties in the Diffie-Hellman exchange, resulting in a high probability to for both parties to obtain the same shared key (hence leading to a successful SAS code exchange, misleading both parties into thinking no MITM has occurred) which is also known by the attacker. Note only Parsec web is impacted (as Parsec desktop uses `libparsec_crypto` with the libsodium backend). Version 3.6.0 of Parsec patches the issue. | |||||
| CVE-2025-49196 | 1 Sick | 1 Field Analytics | 2026-01-26 | N/A | 6.5 MEDIUM |
| A service supports the use of a deprecated and unsafe TLS version. This could be exploited to expose sensitive information, modify data in unexpected ways or spoof identities of other users or devices, affecting the confidentiality and integrity of the device. | |||||
| CVE-2026-21907 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 5.9 MEDIUM |
| A Use of a Broken or Risky Cryptographic Algorithm vulnerability in the TLS/SSL server of Juniper Networks Junos Space allows the use of static key ciphers (ssl-static-key-ciphers), reducing the confidentiality of on-path traffic communicated across the connection. These ciphers also do not support Perfect Forward Secrecy (PFS), affecting the long-term confidentiality of encrypted communications.This issue affects all versions of Junos Space before 24.1R5. | |||||