Total
635 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-47712 | 1 Kentico | 1 Xperience | 2025-12-24 | N/A | 7.5 HIGH |
| A cryptography vulnerability in Kentico Xperience allows attackers to potentially manipulate URL hash values through existing hashing mechanisms. The hotfix introduces an additional security layer to prevent hash value reuse and potential exploitation. | |||||
| CVE-2025-54981 | 1 Apache | 1 Streampark | 2025-12-15 | N/A | 7.5 HIGH |
| Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are recommended to upgrade to version 2.1.7, which fixes the issue. | |||||
| CVE-2025-36150 | 1 Ibm | 1 Concert | 2025-12-01 | N/A | 5.9 MEDIUM |
| IBM Concert 1.0.0 through 2.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | |||||
| CVE-2025-64429 | 1 Duckdb | 1 Duckdb | 2025-11-25 | N/A | 6.5 MEDIUM |
| DuckDB is a SQL database management system. DuckDB implemented block-based encryption of DB on the filesystem starting with DuckDB 1.4.0. There are a few issues related to this implementation. The DuckDB can fall back to an insecure random number generator (pcg32) to generate cryptographic keys or IVs. When clearing keys from memory, the compiler may remove the memset() and leave sensitive data on the heap. By modifying the database header, an attacker could downgrade the encryption mode from GCM to CTR to bypass integrity checks. There may be a failure to check return value on call to OpenSSL `rand_bytes()`. An attacker could use public IVs to compromise the internal state of RNG and determine the randomly generated key used to encrypt temporary files, get access to cryptographic keys if they have access to process memory (e.g. through memory leak),circumvent GCM integrity checks, and/or influence the OpenSSL random number generator and DuckDB would not be able to detect a failure of the generator. Version 1.4.2 has disabled the insecure random number generator by no longer using the fallback to write to or create databases. Instead, DuckDB will now attempt to install and load the OpenSSL implementation in the `httpfs` extension. DuckDB now uses secure MbedTLS primitive to clear memory as recommended and requires explicit specification of ciphers without integrity checks like CTR on `ATTACH`. Additionally, DuckDB now checks the return code. | |||||
| CVE-2025-36161 | 2 Ibm, Linux | 2 Concert, Linux Kernel | 2025-11-24 | N/A | 5.9 MEDIUM |
| IBM Concert 1.0.0 through 2.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict-Transport-Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | |||||
| CVE-2025-54340 | 1 Desktopalert | 1 Pingalert Application Server | 2025-11-19 | N/A | 4.1 MEDIUM |
| A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. There is a Broken or Risky Cryptographic Algorithm. | |||||
| CVE-2025-34519 | 1 Ilevia | 2 Eve X1 Server, Eve X1 Server Firmware | 2025-11-06 | N/A | 7.5 HIGH |
| Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords using the MD5 hash function without applying a per‑password salt. Because MD5 is a fast, unsalted hash, an attacker who obtains the password database can efficiently perform offline dictionary, rainbow‑table, or brute‑force attacks to recover the original passwords. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet. | |||||
| CVE-2020-11916 | 1 Svakom | 2 Svakom Siime Eye, Svakom Siime Eye Firmware | 2025-11-04 | N/A | 6.3 MEDIUM |
| An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. The password for the root user is hashed using an old and deprecated hashing technique. Because of this deprecated hashing, the success probability of an attacker in an offline cracking attack is greatly increased. | |||||
| CVE-2023-4331 | 1 Broadcom | 1 Raid Controller Web Interface | 2025-11-04 | N/A | 7.5 HIGH |
| Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols | |||||
| CVE-2023-4326 | 1 Broadcom | 1 Raid Controller Web Interface | 2025-11-04 | N/A | 7.5 HIGH |
| Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites | |||||
| CVE-2023-38371 | 1 Ibm | 1 Security Access Manager | 2025-11-03 | N/A | 5.9 MEDIUM |
| IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 261198. | |||||
| CVE-2021-36647 | 1 Arm | 1 Mbed Tls | 2025-11-03 | N/A | 4.7 MEDIUM |
| Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) to recover the private keys used in RSA. | |||||
| CVE-2020-10377 | 1 Mitel | 1 Mivoice Connect Client | 2025-11-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| A weak encryption vulnerability in Mitel MiVoice Connect Client before 214.100.1214.0 could allow an unauthenticated attacker to gain access to user credentials. A successful exploit could allow an attacker to access the system with compromised user credentials. | |||||
| CVE-2024-30152 | 1 Hcltech | 1 Hcl Sx | 2025-10-30 | N/A | 6.5 MEDIUM |
| HCL SX v21 is affected by usage of a weak cryptographic algorithm. An attacker could exploit this weakness to gain access to sensitive information, modify data, or other impacts. | |||||
| CVE-2025-21062 | 1 Samsung | 1 Smart Switch | 2025-10-28 | N/A | 7.8 HIGH |
| Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.67.2 allows local attackers to replace the restoring application. User interaction is required for triggering this vulnerability. | |||||
| CVE-2025-59408 | 1 Flocksafety | 1 Bravo Compute Box Firmware | 2025-10-23 | N/A | 7.3 HIGH |
| Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with Secure Boot disabled. This allows an attacker to flash modified firmware with no cryptographic protections. | |||||
| CVE-2024-41986 | 1 Siemens | 1 Opcenter Quality | 2025-10-22 | N/A | 6.4 MEDIUM |
| A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application support insecure TLS 1.0 and 1.1 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data. | |||||
| CVE-2025-43891 | 1 Dell | 1 Data Domain Operating System | 2025-10-14 | N/A | 5.3 MEDIUM |
| Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an use of a Broken or Risky Cryptographic Algorithm vulnerability in the Authentication. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. | |||||
| CVE-2025-43909 | 1 Dell | 1 Data Domain Operating System | 2025-10-14 | N/A | 3.7 LOW |
| Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Use of a Broken or Risky Cryptographic Algorithm vulnerability in the DD boost. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. | |||||
| CVE-2025-43913 | 1 Dell | 1 Data Domain Operating System | 2025-10-14 | N/A | 5.3 MEDIUM |
| Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Use of a Broken or Risky Cryptographic Algorithm vulnerability in the DDOS. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to information disclosure. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information. | |||||