PT-2026-42771

Dell PowerFlex Manager, versions =4.6.2, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the ssh. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass...

PT-2026-41855

Name of the Vulnerable Software and Affected Versions Apache OFBiz versions prior to 24.09.06 Description Apache OFBiz contains a hard-coded cryptographic key. This flaw may allow remote attackers to gain unauthorized access, expose sensitive data, or tamper with application data. Recommendations...

CVE-2025-14813

: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all core modules. This vulnerability is associated with program files G3413CTRBlockCipher. This issue affects BC-JAVA: from 1.59 before 1.80.2, from 1.81 before 1.81.1, from 1.82...

PT-2026-33028

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all core modules. This vulnerability is associated with program files G3413CTRBlockCipher. GOSTCTR implementation unable to process more than 255 blocks correctly. This issue affec...

CVE-2026-0234 Cortex XSOAR: Improper Verification of Cryptographic Signature in Microsoft Teams integration

An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources...

Mbed TLS 安全漏洞

Mbed TLS is an open-source, portable, easy-to-use, readable, and flexible SSL library developed by Mbed TLS. There are security vulnerabilities in Mbed TLS versions 3.5.x, 3.6.5, and earlier, as well as in TF-PSA-Crypto version 1.0. These vulnerabilities stem from improper input validation in...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature while doing key agreement with PSAALGFFDH. An attacker can influence the shared secret to a small, predictable set of values by sending crafted public keys during key exchange. Remediatio...

CVE-2024-51346

An issue in Eufy Homebase 2 version 3.3.4.1h allows a local attacker to obtain sensitive information via the cryptographic scheme...

GHSA-VJPQ-XX5G-QVMM BSV Blockchain SDK has an Authentication Signature Data Preparation Vulnerability

BRC-104 Authentication Signature Data Preparation Vulnerability Summary A critical cryptographic vulnerability in the TypeScript SDK's BRC-104 authentication implementation caused incorrect signature data preparation, resulting in signature incompatibility between SDK implementations and potentia...

PT-2026-20262

Name of the Vulnerable Software and Affected Versions BSV Blockchain SDK versions prior to 2.0.0 Description A cryptographic issue exists in the BSV Blockchain SDK's BRC-104 authentication implementation. Specifically, incorrect signature data preparation in the Peer.ts file, within the...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libsodium (SUSE-SU-2026:0368-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0368-1 advisory. - CVE-2025-15444: Fixed cryptographic bypass via improper elliptic curve point validation...

CVE-2025-68931

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. This vulnerability is fixed in 2.2...

Use of a Broken or Risky Cryptographic Algorithm

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to the JWT verification middleware using unsafe default fallback algorithm. An attacker can gain unauthorized access or escalate...

Use of a Broken or Risky Cryptographic Algorithm

Overview net.gleske:jervis is a Self service Jenkins job generation using Jenkins Job DSL plugin groovy scripts. Reads .jervis.yml and generates a job in Jenkins. Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm via the AES/CBC/PKCS5Padding...

Use of a Broken or Risky Cryptographic Algorithm

Overview net.gleske:jervis is a Self service Jenkins job generation using Jenkins Job DSL plugin groovy scripts. Reads .jervis.yml and generates a job in Jenkins. Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to improper padding of SHA-25...

Jervis 加密问题漏洞

Jervis is an automation tool from the personal developer Sam Gleske. A vulnerability in cryptographic issues exists in versions prior to Jervis 2.2, which stems from the use of PKCS1Encoding encryption that is vulnerable to the Bleichenbacher padding prediction attack...

CVE-2023-40300

NETSCOUT nGeniusPULSE 3.8 has a Hardcoded Cryptographic Key...

CVE-2020-7339

Use of a Broken or Risky Cryptographic Algorithm vulnerability in McAfee Database Security Server and Sensor prior to 4.8.0 in the form of a SHA1 signed certificate that would allow an attacker on the same local network to potentially intercept communication between the Server and Sensors...

CVE-1999-0391

The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user...

Use of Hard-coded Cryptographic Key

Overview org.apache.syncope.core.idrepo:syncope-core-idrepo-logic is an Apache Syncope Core IdRepo Logic Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key in the password encryption process. An attacker can recover original cleartext password values by...