279 matches found
CVE-2026-41838
IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 throug...
📄 SAP NetWeaver ABAP / SAP_BASIS 918 Cryptographic Weakness
SAML response validation in NetWeaver's SAML Service Provider is susceptible to XML Signature wrapping attacks, specifically through Signature/Object tags. This allows an attacker to manipulate SAML assertion data returned by the identity provider, therefore enabling logging in as an arbitrary...
CVE-2026-40514
SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000...
OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage
A flaw was found in OpenSSH. This vulnerability allows the system to use unintended Elliptic Curve Digital Signature Algorithm ECDSA algorithms. This occurs because the configuration for accepted public key algorithms is misinterpreted, leading to the use of weaker cryptographic methods than...
CVE-2026-46028
A flaw was found in the Linux kernel's algifaead Authenticated Encryption with Associated Data subsystem. Asynchronous async requests for AEAD operations use a shared initialization vector IV buffer. This shared state can be modified by subsequent socket activity before an async request fully...
CVE-2020-37168
The CVE-2020-37168 entry concerns Ecommerce Systempay 1.0, where a weak cryptographic implementation exposes a 16-character production secret key used for payment signature generation. Attackers can extract payment form data and signatures from POST requests to the payment endpoint and perform a ...
CVE-2026-5084 WebDyne::Session versions through 2.075 for Perl generates the session id insecurely
WebDyne::Session versions through 2.075 for Perl generates the session id insecurely. The session handler generates the session id from an MD5 hash seeded with a call to the built-in rand function. The rand function is passed a maximum value based on the process id, the epoch time and the referen...
PT-2026-39577
Name of the Vulnerable Software and Affected Versions WebDyne::Session versions prior to 2.076 Description The session handler generates session identifiers insecurely using an MD5 hash seeded with the built-in rand function. The rand function is seeded by 32-bits, making it predictable and...
CVE-2026-40514
SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000...
EUVD-2026-25856
SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000...
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG for the property source for $random.value as well as $random.int and $random.long. Standard PRNGs like java.util.Random use deterministic mathematical algorithms starting...
Use of a Broken or Risky Cryptographic Algorithm
Overview org.bouncycastle:bcprov-jdk14 is a Java implementation of cryptographic algorithms. Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to the generateCTR process in G3413CTRBlockCipher. An attacker can recover relationships between...
EUVD-2025-209440
The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applications. OECH1 encodings should be considered exploitable and immediately replaced by any other...
CVE-2025-8095
The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applications. OECH1 encodings should be considered exploitable and immediately replaced by any other...
CVE-2025-8095
CVE-2025-8095 describes a vulnerability in the OECH1 prefix encoding used by the OpenEdge platform. The encoding is cryptographically weak and unsuitable for stored encodings or enterprise applications; OECH1 should be considered exploitable and immediately replaced with a supported prefix encodi...
CVE-2025-8095 Recoverable obfuscation using the OECH1 prefix encoding in OpenEdge
The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applications. OECH1 encodings should be considered exploitable and immediately replaced by any other...
CVE-2025-8095
The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applications. OECH1 encodings should be considered exploitable and immediately replaced by any other...
PT-2026-32625
Name of the Vulnerable Software and Affected Versions OpenEdge affected versions not specified Description The OECH1 prefix encoding, used to obfuscate values across the platform, is cryptographically weak. This makes it unsuitable for enterprise applications and stored encodings, as the...
CVE-2026-5083
CVE-2026-5083 affects the Perl module Ado::Sessions up to version 0.935. The vulnerability stems from generating session IDs with a SHA-1 hash seeded by the built-in rand() function, the epoch time, and the PID. The PID comes from a small set of numbers, and the epoch time may be guessed if not l...
PT-2026-31087
Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id. The generate session id function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes using SHA-1 hash seeded with the built-in rand...