Total
501 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-6521 | 2025-06-30 | N/A | 7.6 HIGH | ||
| During the initial setup of the device the user connects to an access point broadcast by the Sight Bulb Pro. During the negotiation, AES Encryption keys are passed in cleartext. If captured, an attacker may be able to decrypt communications between the management app and the Sight Bulb Pro which may include sensitive information such as network credentials. | |||||
| CVE-2023-51839 | 1 Devicefarmer | 1 Smartphone Test Farm | 2025-06-20 | N/A | 9.1 CRITICAL |
| DeviceFarmer stf v3.6.6 suffers from Use of a Broken or Risky Cryptographic Algorithm. | |||||
| CVE-2023-49259 | 1 Hongdian | 2 H8951-4g-esp, H8951-4g-esp Firmware | 2025-06-20 | N/A | 7.5 HIGH |
| The authentication cookies are generated using an algorithm based on the username, hardcoded secret and the up-time, and can be guessed in a reasonable time. | |||||
| CVE-2023-50351 | 2025-06-18 | N/A | 8.2 HIGH | ||
| HCL DRYiCE MyXalytics is impacted by the use of an insecure key rotation mechanism which can allow an attacker to compromise the confidentiality or integrity of data. | |||||
| CVE-2024-45193 | 1 Matrix | 1 Olm | 2025-06-17 | N/A | 4.3 MEDIUM |
| An issue was discovered in Matrix libolm through 3.2.16. There is Ed25519 signature malleability due to lack of validation criteria (does not ensure that S < n). This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-51838 | 1 Meshcentral | 1 Meshcentral | 2025-06-16 | N/A | 7.5 HIGH |
| Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm. | |||||
| CVE-2025-49196 | 2025-06-12 | N/A | 6.5 MEDIUM | ||
| A service supports the use of a deprecated and unsafe TLS version. This could be exploited to expose sensitive information, modify data in unexpected ways or spoof identities of other users or devices, affecting the confidentiality and integrity of the device. | |||||
| CVE-2021-40528 | 1 Gnupg | 1 Libgcrypt | 2025-06-09 | 2.6 LOW | 5.9 MEDIUM |
| The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. | |||||
| CVE-2025-3938 | 4 Blackberry, Linux, Microsoft and 1 more | 5 Qnx, Linux Kernel, Windows and 2 more | 2025-06-04 | N/A | 6.8 MEDIUM |
| Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11. | |||||
| CVE-2024-55539 | 2025-06-04 | N/A | 2.5 LOW | ||
| Weak algorithm used to sign RPM package. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux) before build 39185, Acronis Cyber Protect 16 (Linux) before build 39938. | |||||
| CVE-2025-2545 | 2025-05-29 | N/A | N/A | ||
| Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES (3DES) cryptographic algorithm is used to protect emails sent with S/MIME encryption. Triple DES is considered obsolete and insecure due to its susceptibility to birthday attacks, which could compromise the confidentiality of encrypted messages. | |||||
| CVE-2023-39252 | 1 Dell | 1 Policy Manager For Secure Connect Gateway | 2025-05-20 | N/A | 5.9 MEDIUM |
| Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information. | |||||
| CVE-2025-24007 | 2025-05-13 | N/A | 7.5 HIGH | ||
| A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIUS Safety Relays 3SK2 (All versions). Affected devices only provide weak password obfuscation. An attacker with network access could retrieve and de-obfuscate the safety password used for protection against inadvertent operating errors. | |||||
| CVE-2018-1000180 | 5 Bouncycastle, Debian, Netapp and 2 more | 21 Bc-java, Fips Java Api, Debian Linux and 18 more | 2025-05-12 | 5.0 MEDIUM | 7.5 HIGH |
| Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later. | |||||
| CVE-2024-51478 | 1 Yeswiki | 1 Yeswiki | 2025-05-09 | N/A | 9.9 CRITICAL |
| YesWiki is a wiki system written in PHP. Prior to 4.4.5, the use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows it to be recovered and used to reset the password of any account. This issue is fixed in 4.4.5. | |||||
| CVE-2024-52884 | 1 Audiocodes | 1 Mediant Session Border Controller | 2025-05-01 | N/A | 7.5 HIGH |
| An issue was discovered in AudioCodes Mediant Session Border Controller (SBC) before 7.40A.501.841. Due to the use of weak password obfuscation/encryption, an attacker with access to configuration exports (INI) is able to decrypt the passwords. | |||||
| CVE-2022-45195 | 1 Simplex | 2 Simplex Chat, Simplexmq | 2025-05-01 | N/A | 5.3 MEDIUM |
| SimpleXMQ before 3.4.0, as used in SimpleX Chat before 4.2, does not apply a key derivation function to intended data, which can interfere with forward secrecy and can have other impacts if there is a compromise of a single private key. This occurs in the X3DH key exchange for the double ratchet protocol. | |||||
| CVE-2024-30152 | 2025-04-29 | N/A | 6.5 MEDIUM | ||
| HCL SX v21 is affected by usage of a weak cryptographic algorithm. An attacker could exploit this weakness to gain access to sensitive information, modify data, or other impacts. | |||||
| CVE-2025-3200 | 2025-04-29 | N/A | 9.1 CRITICAL | ||
| An unauthenticated remote attacker could exploit the used, insecure TLS 1.0 and TLS 1.1 protocols to intercept and manipulate encrypted communications between the Com-Server and connected systems. | |||||
| CVE-2024-20070 | 1 Mediatek | 40 Mt6298, Mt6813, Mt6815 and 37 more | 2025-04-25 | N/A | 5.1 MEDIUM |
| In modem, there is a possible information disclosure due to using risky cryptographic algorithm during connection establishment negotiation. This could lead to remote information disclosure, when weak encryption algorithm is used, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00942482; Issue ID: MSV-1469. | |||||