Total
586 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-31510 | 2 Open Quantum Safe, Openquantumsafe | 2 Liboqs, Liboqs | 2025-08-20 | 9.8 Critical |
| An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker to escalate privileges via the crypto_sign_signature parameter in the /pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/sign.c component. | ||||
| CVE-2025-9146 | 2025-08-20 | 6.6 Medium | ||
| A flaw has been found in Linksys E5600 1.1.0.26. The affected element is the function verify_gemtek_header of the file checkFw.sh of the component Firmware Handler. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is described as difficult. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-22314 | 1 Ibm | 1 Storage Defender Resiliency Service | 2025-08-19 | 5.9 Medium |
| IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.12 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | ||||
| CVE-2024-31896 | 1 Ibm | 1 Spss Statistics | 2025-08-18 | 5.9 Medium |
| IBM SPSS Statistics 26.0, 27.0.1, 28.0.1, and 29.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | ||||
| CVE-2024-27256 | 1 Ibm | 2 Mq Operator, Supplied Mq Advanced Container Images | 2025-08-18 | 5.9 Medium |
| IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | ||||
| CVE-2024-38320 | 6 Apple, Hp, Ibm and 3 more | 10 Macos, Hp-ux, Aix and 7 more | 2025-08-18 | 5.9 Medium |
| IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client 8.1.0.0 through 8.1.23.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | ||||
| CVE-2025-49756 | 1 Microsoft | 3 365, 365 Apps, Office 365 | 2025-08-18 | 3.3 Low |
| Use of a broken or risky cryptographic algorithm in Office Developer Platform allows an authorized attacker to bypass a security feature locally. | ||||
| CVE-2024-28834 | 1 Redhat | 2 Enterprise Linux, Rhel Eus | 2025-08-18 | 5.3 Medium |
| A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel. | ||||
| CVE-2025-45766 | 1 Pocoproject | 1 Poco | 2025-08-17 | 7 High |
| poco v1.14.1-release was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record. | ||||
| CVE-2022-43851 | 3 Ibm, Linux, Microsoft | 3 Aspera Console, Linux Kernel, Windows | 2025-08-15 | 5.9 Medium |
| IBM Aspera Console 3.4.0 through 3.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | ||||
| CVE-2024-22347 | 1 Ibm | 2 Devops Velocity, Urbancode Velocity | 2025-08-14 | 5.9 Medium |
| IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | ||||
| CVE-2024-41986 | 1 Siemens | 3 Smartclient Modules, Soa Audit, Soa Cockpit | 2025-08-12 | 6.4 Medium |
| A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application support insecure TLS 1.0 and 1.1 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data. | ||||
| CVE-2025-45767 | 2025-08-11 | 7 High | ||
| jose v6.0.10 was discovered to contain weak encryption. NOTE: this is disputed by a third party because the claim of "do not meet recommended security standards" does not reflect guidance in a final publication. | ||||
| CVE-2025-2539 | 1 File Away Project | 1 File Away | 2025-08-11 | 7.5 High |
| The File Away plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax() function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers, leveraging the use of a reversible weak algorithm, to read the contents of arbitrary files on the server, which can contain sensitive information. | ||||
| CVE-2024-1040 | 1 Gesslergmbh | 2 Web-master, Web-master Firmware | 2025-08-07 | 4.4 Medium |
| Gessler GmbH WEB-MASTER user account is stored using a weak hashing algorithm. The attacker can restore the passwords by breaking the hashes stored on the device. | ||||
| CVE-2025-45764 | 2025-08-07 | 3.2 Low | ||
| jsrsasign v11.1.0 was discovered to contain weak encryption. NOTE: this issue has been disputed by a third party who believes that CVE IDs can be assigned for key lengths in specific applications that use a library, and should not be assigned to the default key lengths in a library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record. | ||||
| CVE-2025-30477 | 1 Dell | 1 Powerscale Onefs | 2025-08-06 | 4.4 Medium |
| Dell PowerScale OneFS, versions prior to 9.11.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. | ||||
| CVE-2025-51726 | 2025-08-05 | 8.4 High | ||
| CyberGhostVPNSetup.exe (Windows installer) is signed using the weak cryptographic hash algorithm SHA-1, which is vulnerable to collision attacks. This allows a malicious actor to craft a fake installer with a forged SHA-1 certificate that may still be accepted by Windows signature verification mechanisms, particularly on systems without strict SmartScreen or trust policy enforcement. Additionally, the installer lacks High Entropy Address Space Layout Randomization (ASLR), as confirmed by BinSkim (BA2015 rule) and repeated WinDbg analysis. The binary consistently loads into predictable memory ranges, increasing the success rate of memory corruption exploits. These two misconfigurations, when combined, significantly lower the bar for successful supply-chain style attacks or privilege escalation through fake installers. | ||||
| CVE-2023-50782 | 3 Couchbase, Cryptography.io, Redhat | 7 Couchbase Server, Cryptography, Ansible Automation Platform and 4 more | 2025-08-03 | 7.5 High |
| A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. | ||||
| CVE-2024-55885 | 1 Beego | 1 Beego | 2025-08-01 | 7.5 High |
| beego is an open-source web framework for the Go programming language. Versions of beego prior to 2.3.4 use MD5 as a hashing algorithm. MD5 is no longer considered secure against well-funded opponents due to its vulnerability to collision attacks. Version 2.3.4 replaces MD5 with SHA256. | ||||