Lucene search
K

1649 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 11:42 a.m.6 views

CVE-2001-1546

Pathways Homecare 6.5 uses weak encryption for user names and passwords, which allows local users to gain privileges by recovering the passwords from the pwhc.ini file...

7.8CVSS7AI score0.00413EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:39 a.m.6 views

CVE-2003-1276

Netfone.exe of NetTelephone 3.5.6 uses weak encryption for user PIN's and stores user account numbers in plaintext in the HKEYCURRENTUSER\Software\MediaRing.com\SDK\NetTelephone\settings registry key, which could allow local users to gain unauthorized access to NetTelephone accounts...

4.6CVSS7AI score0.00223EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:29 a.m.11 views

CVE-2021-27457

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected products utilize a weak encryption algorithm for storage of sensitive data, which may allow an attacker to more easily obtain credentials used for access...

7.5CVSS6.8AI score0.00452EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:27 a.m.7 views

CVE-2021-33589

Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than on the tin of the algorithm...

7.5CVSS6.8AI score0.00492EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:7 a.m.6 views

CVE-2019-20775

An issue was discovered on LG mobile devices with Android OS 9.0 Qualcomm SDM450, SDM845, SM6150, and SM8150 chipsets software. Weak encryption leads to local information disclosure. The LG ID is LVE-SMP-190010 August 2019...

5.5CVSS6.5AI score0.00066EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:52 a.m.11 views

CVE-2020-10377

A weak encryption vulnerability in Mitel MiVoice Connect Client before 214.100.1214.0 could allow an unauthenticated attacker to gain access to user credentials. A successful exploit could allow an attacker to access the system with compromised user credentials...

9.8CVSS7.2AI score0.00542EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:42 a.m.11 views

CVE-1999-0476

A weak encryption algorithm is used for passwords in SCO TermVision, allowing them to be easily decrypted by a local user...

7.2CVSS6.7AI score0.00287EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:40 a.m.6 views

CVE-1999-0356

ControlIT v4.5 and earlier uses weak encryption to store usernames and passwords in an address book...

10CVSS6.9AI score0.01312EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/31 3:23 p.m.6 views

Security Bulletin: IBM Event Streams is vulnerable to Weak Encryption (CVE-2025-45767)

Summary IBM Event Streams is vulnerable to weak encryption due to the JOSE library. JOSE is used for JSON Object Signing and Encryption in token-based authentication. Vulnerability Details CVEID:CVE-2025-45767 DESCRIPTION: jose v6.0.10 was discovered to contain weak encryption. NOTE: this is...

7CVSS7AI score0.00136EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/12/29 9:30 p.m.4 views

EUVD-2025-205644

A vulnerability in the SSH server of TP-Link TL-WR820N v2.80 allows the use of a weak cryptographic algorithm, enabling an adjacent attacker to intercept and decrypt SSH traffic. Exploitation may expose sensitive information and compromise confidentiality...

6CVSS6.1AI score0.00307EPSS
Exploits1References4
CNVD
CNVD
added 2025/12/25 12:0 a.m.2 views

Apache StreamPark Weak Algorithm Vulnerability

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark suffers from a weak algorithmic vulnerability that stems from the use of weak encryption algorithms, which can be exploited by an attacker to expose sensitive...

7.5CVSS7.1AI score0.00216EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/16 11:7 a.m.5 views

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data version 5.2.2 Vulnerability Details CVEID:CVE-2025-45767 DESCRIPTION: jose v6.0.10 was discovered to contain weak encryption. NOTE: this is disputed by a third party because the claim o...

8.2CVSS6.7AI score0.02328EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/13 3:58 p.m.5 views

CVE-2025-53960

When issuing JSON Web Tokens JWT, Apache StreamPark directly uses the user's password as the HMAC signing key e.g., with the HS256 algorithm. An attacker can exploit this vulnerability to perform offline brute-force attacks on the user's password using a captured JWT, or to arbitrarily forge...

5.9CVSS6.8AI score0.00216EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/12 6:30 p.m.3 views

EUVD-2025-203092

Apache StreamPark: Use the user’s password as the secret key Vulnerability...

5.9CVSS6.5AI score0.00216EPSS
Exploits0References4
OSV
OSV
added 2025/12/12 6:30 p.m.4 views

GHSA-3HG2-RH4R-8QF6 Apache StreamPark: Use the user’s password as the secret key Vulnerability

When encrypting sensitive data, weak encryption keys that are fixed or directly generated based on user passwords are used. Attackers can obtain these keys through methods such as reverse engineering, code leaks, or password guessing, thereby decrypting stored or transmitted encrypted data, leadi...

8.2CVSS7.1AI score0.00216EPSS
Exploits0References5
NVD
NVD
added 2025/12/12 4:15 p.m.3 views

CVE-2025-53960

When issuing JSON Web Tokens JWT, Apache StreamPark directly uses the user's password as the HMAC signing key e.g., with the HS256 algorithm. An attacker can exploit this vulnerability to perform offline brute-force attacks on the user's password using a captured JWT, or to arbitrarily forge...

5.9CVSS0.00216EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/12 3:30 p.m.5 views

EUVD-2025-203081

Apache StreamPark uses a Weak Encryption Algorithm...

7.5CVSS6.4AI score0.00216EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/12/12 3:30 p.m.11 views

Apache StreamPark uses a Weak Encryption Algorithm

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...

7.5CVSS7.1AI score0.00216EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/12/12 3:15 p.m.8 views

CVE-2025-54981

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...

7.5CVSS0.00216EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/12 3:15 p.m.4 views

CVE-2025-53960 Apache StreamPark: Uses the user’s password as the secret key

When issuing JSON Web Tokens JWT, Apache StreamPark directly uses the user's password as the HMAC signing key e.g., with the HS256 algorithm. An attacker can exploit this vulnerability to perform offline brute-force attacks on the user's password using a captured JWT, or to arbitrarily forge...

6.5AI score0.00216EPSS
Exploits0References1
Rows per page
Query Builder