Total
397 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-36823 | 1 Ninjaframework | 1 Ninja | 2025-03-25 | 7.5 High |
| The encrypt() function of Ninja Core v7.0.0 was discovered to use a weak cryptographic algorithm, leading to a possible leakage of sensitive information. | ||||
| CVE-2023-21443 | 1 Samsung | 1 Flow | 2025-03-24 | 7.5 High |
| Improper cryptographic implementation in Samsung Flow for Android prior to version 4.9.04 allows adjacent attackers to decrypt encrypted messages or inject commands. | ||||
| CVE-2023-21444 | 1 Samsung | 1 Flow | 2025-03-24 | 7.5 High |
| Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0 allows adjacent attackers to decrypt encrypted messages or inject commands. | ||||
| CVE-2024-41594 | 1 Draytek | 48 Vigor1000b, Vigor1000b Firmware, Vigor165 and 45 more | 2025-03-19 | 7.5 High |
| An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL. | ||||
| CVE-2025-2349 | 2025-03-17 | 3.1 Low | ||
| A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/passwd of the component Password Hash Handler. The manipulation leads to password hash with insufficient computational effort. Access to the local network is required for this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2017-11317 | 1 Telerik | 1 Ui For Asp.net Ajax | 2025-03-14 | 9.8 Critical |
| Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code. | ||||
| CVE-2017-1000486 | 1 Primetek | 1 Primefaces | 2025-03-14 | 9.8 Critical |
| Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution | ||||
| CVE-2024-37034 | 1 Couchbase | 1 Couchbase Server | 2025-03-14 | 5.9 Medium |
| An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. It does not ensure that credentials are negotiated with the Key-Value (KV) service using SCRAM-SHA when remote link encryption is configured for Half-Secure. | ||||
| CVE-2024-22892 | 1 Openslides | 1 Openslides | 2025-03-14 | 7.5 High |
| OpenSlides 4.0.15 was discovered to be using a weak hashing algorithm to store passwords. | ||||
| CVE-2024-21881 | 1 Enphase | 1 Envoy | 2025-03-11 | N/A |
| Inadequate Encryption Strength vulnerability allow an authenticated attacker to execute arbitrary OS Commands via encrypted package upload.This issue affects Envoy: 4.x and 5.x | ||||
| CVE-2018-15811 | 1 Dnnsoftware | 1 Dotnetnuke | 2025-03-07 | 7.5 High |
| DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters. | ||||
| CVE-2018-18325 | 1 Dnnsoftware | 1 Dotnetnuke | 2025-03-07 | 7.5 High |
| DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811. | ||||
| CVE-2022-45141 | 1 Samba | 1 Samba | 2025-03-06 | 9.8 Critical |
| Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96). | ||||
| CVE-2023-22271 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2025-03-05 | 5.3 Medium |
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a Weak Cryptography for Passwords vulnerability that can lead to a security feature bypass. A low-privileged attacker can exploit this in order to decrypt a user's password. The attack complexity is high since a successful exploitation requires to already have in possession this encrypted secret. | ||||
| CVE-2023-23911 | 1 Rocket.chat | 1 Rocket.chat | 2025-02-28 | 7.5 High |
| An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key of a chat room. | ||||
| CVE-2024-38277 | 2025-02-13 | 5.4 Medium | ||
| A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two. | ||||
| CVE-2024-0753 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2025-02-13 | 6.5 Medium |
| In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | ||||
| CVE-2023-2197 | 1 Hashicorp | 1 Vault | 2025-02-13 | 2.5 Low |
| HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKM_AES_CBC_PAD or CKM_AES_CBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in order to derive Vault’s root key. Fixed in 1.13.2 | ||||
| CVE-2024-13026 | 2025-02-12 | N/A | ||
| A vulnerability exists in Algo Edge up to 2.1.1 - a previously used (legacy) component of navify® Algorithm Suite. The vulnerability impacts the authentication mechanism of this component and could allow an attacker with adjacent access to the laboratory network and the Algo Edge system to craft valid authentication tokens and access the component. Other components of navify® Algorithm Suite are not affected. | ||||
| CVE-2024-54089 | 2025-02-12 | 7.5 High | ||
| A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC Series (P2 Ethernet) (All versions), TALON TC Series (BACnet) (All versions). Affected devices contain a weak encryption mechanism based on a hard-coded key. This could allow an attacker to guess or decrypt the password from the cyphertext. | ||||