CVE-2025-31977

HCL BigFix SM is affected by cryptographic weakness due to weak or outdated encryption algorithms. An attacker with network access could exploit this weakness to decrypt or manipulate encrypted communications under certain conditions...

PT-2025-32640 · Smartclient · Smartclient Soa Audit +2

Name of the Vulnerable Software and Affected Versions: SmartClient Opcenter QL Home SC versions 13.2 through 2505 SmartClient SOA Audit versions 13.2 through 2505 SmartClient SOA Cockpit versions 13.2 through 2505 Description: The affected application lacks adequate encryption of sensitive...

CVE-2025-54887 jwe: Missing AES-GCM authentication tag validation in encrypted JWEs

jwe is a Ruby implementation of the RFC 7516 JSON Web Encryption JWE standard. In versions 1.1.0 and below, authentication tags of encrypted JWEs can be brute forced, which may result in loss of confidentiality for those JWEs and provide ways to craft arbitrary JWEs. This puts users at risk becau...

PT-2025-32334

Name of the Vulnerable Software and Affected Versions jwe versions 1.1.0 and below Description The authentication tag of encrypted JWEs can be brute forced, potentially leading to a loss of confidentiality and the ability to craft arbitrary JWEs. This allows modification of JWEs to decrypt to an...

CVE-2025-45766

poco v1.14.1-release was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is...

jsrsasign 加密问题漏洞

jsrsasign is a signature verification library by the individual developer Kenji Urushima. A cryptographic issue vulnerability exists in jsrsasign version v11.1.0, which stems from a weak encryption issue...

CVE-2025-45770

jwt v5.4.3 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant ...

CVE-2025-40680

Lack of sensitive data encryption in CapillaryScope v2.5.0 of Capillary io, which stores both the proxy credentials and the JWT session token in plain text within different registry keys on the Windows operating system. Any authenticated local user with read access to the registry can extract the...

CVE-2025-40680

CapillaryScope v2.5.0 (Capillary io) stores proxy credentials and the JWT session token in plain text in Windows registry keys. This exposes sensitive data to any authenticated local user with registry read access, as noted across multiple sources (NVD/Red Hat/CIRCL/CVE records). The root cause i...

CVE-2025-40680 Encryption of sensitive data in CapillaryScope missing

Lack of sensitive data encryption in CapillaryScope v2.5.0 of Capillary io, which stores both the proxy credentials and the JWT session token in plain text within different registry keys on the Windows operating system. Any authenticated local user with read access to the registry can extract the...

CVE-2025-52374

The CVE-2025-52374 entry concerns hMailServer 5.8.6 and 5.6.9-beta. A hardcoded cryptographic key in Encryption.cs is cited as the root cause, enabling an attacker to decrypt passwords stored in hMailAdmin.exe.config and potentially access other hMailServer admin consoles that use configured conn...

IBM OpenPages with Watson Encryption Issue Vulnerability

IBM OpenPages with Watson is an AI-powered financial risk analytics solution from International Business Machines IBM. The platform is based on AI technology to predict risk factors and minimize risks in financial activities by integrating, automatically identifying, measuring, monitoring,...

IBM Cognos Analytics Mobile 加密问题漏洞

IBM Cognos Analytics Mobile is an application from International Business Machines IBM, Inc. Integrated reporting, modeling, analytics, dashboards, cases and event management. An encryption issue vulnerability exists in IBM Cognos Analytics Mobile versions 1.1.0 through 1.1.22, which stems from t...

CVE-2025-32874

An issue was discovered in Kaseya Rapid Fire Tools Network Detective through 2.0.16.0. A vulnerability exists in the EncryptionUtil class because symmetric encryption is implemented in a deterministic and non-randomized fashion. The method Encryptbyte clearData derives both the encryption key and...

CVE-2025-32874

An issue was discovered in Kaseya Rapid Fire Tools Network Detective through 2.0.16.0. A vulnerability exists in the EncryptionUtil class because symmetric encryption is implemented in a deterministic and non-randomized fashion. The method Encryptbyte clearData derives both the encryption key and...

CVE-2025-32874

An issue was discovered in Kaseya Rapid Fire Tools Network Detective through 2.0.16.0. A vulnerability exists in the EncryptionUtil class because symmetric encryption is implemented in a deterministic and non-randomized fashion. The method Encryptbyte clearData derives both the encryption key and...

CVE-2025-32874

An issue was discovered in Kaseya Rapid Fire Tools Network Detective through 2.0.16.0. A vulnerability exists in the EncryptionUtil class because symmetric encryption is implemented in a deterministic and non-randomized fashion. The method Encryptbyte clearData derives both the encryption key and...

CVE-2025-32874

CVE-2025-32874 affects Kaseya Rapid Fire Tools Network Detective up to version 2.0.16.0. The issue is in the EncryptionUtil class where symmetric encryption is implemented deterministically; the key and IV are derived from a fixed, hardcoded input using a static salt. As a result, identical plain...

CVE-2024-49783

IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data, they could exploit this vulnerability t...

CVE-2025-6995

Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords...