Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in Bouncy Castle bcprov-jdk (CVE-2025-14813, CVE-2026-5598)

Summary IBM Sterling Control Center is affected by vulnerabilities CVE-2025-14813, CVE-2026-5598 reported for bcprov-jdk18on-1.81.jar. Vulnerability Details CVEID:CVE-2025-14813 DESCRIPTION: : Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JA...

Use of a Broken or Risky Cryptographic Algorithm

Overview org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are...

Use of a Broken or Risky Cryptographic Algorithm

Overview flowise-ui is a Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in the process that handles JWT secret assignment. An attacker can gain unauthorized access and impersonate any user, including administrators, by crafting valid JWTs usin...

UBUNTU-CVE-2026-5588

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all pkix modules, Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All pkix modules, Legion of the Bouncy Castle Inc. BCPIX-LTS bcpkix on All pkix modules. This vulnerability...

CVE-2026-5588

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all pkix modules, Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All pkix modules, Legion of the Bouncy Castle Inc. BCPIX-LTS bcpkix on All pkix modules. This vulnerability...

PT-2026-25601

Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.69.15 allows remote attackers to configure a downgraded scheme for authentication...

CVE-2025-58743

Use of a Broken or Risky Cryptographic Algorithm DES vulnerability in the Password class in C2SConnections.dll in Milner ImageDirector Capture on Windows allows Encryption Brute Forcing to obtain database credentials.This issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808...

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to missing cryptographic key commitment when storing encrypted data keys in an instruction file. An attacker with write access to the S3 bucket can manipulate encrypted data keys to...

JLSEC-2025-221 Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c i...

Use of a Broken or Risky Cryptographic Algorithm in the function mbedtlsmpiexpmod in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information typically an untrusted operating system attacking a...

EUVD-2025-20617

Malicious code in bioql PyPI...

CVE-2024-36496

The configuration file is encrypted with a static key derived from a static five-character password which allows an attacker to decrypt this file. The application hashes this five-character password with the outdated and broken MD5 algorithm no salt and uses the first five bytes as the key for RC...

CVE-2021-33018

The use of a broken or risky cryptographic algorithm in Philips Vue PACS versions 12.2.x.x and prior is an unnecessary risk that may result in the exposure of sensitive information...

CVE-2020-25728

The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm involving an increment that allows a malicious user to change any user's account password include the admin account...

Use Of A Broken Or Risky Cryptographic Algorithm

github.com/beego/beego is vulnerable to Use of a Broken or Risky Cryptographic Algorithm. The vulnerability is due to the use of MD5 as a hashing algorithm, which allows two different inputs to produce the same hash value...

Design/Logic Flaw

Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm...

DeviceFarmer stf uses DES-ECB

DeviceFarmer stf v3.6.6 suffers from Use of a Broken or Risky Cryptographic Algorithm...

Important: golang-github-cpuguy83-md2man

Issue Overview: 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling,...

AZL-13023 CVE-2021-36647 affecting package fluent-bit for versions less than 2.0.9-1

Use of a Broken or Risky Cryptographic Algorithm in the function mbedtlsmpiexpmod in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information typically an untrusted operating system attacking a...

Use of a Broken or Risky Cryptographic Algorithm

The ElGamal implementation in Botan, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's...

CVE-2020-25728

The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm involving an increment that allows a malicious user to change any user's account password include the admin account...