CVE-2026-41858

Weak Randomness / Insecure Cryptographic Primitive CWE-338 in Get-RandomPassword in BOSH-Ecosystem / windows-utilities-release allows a network attacker to estimate VM boot time and reconstruct a small candidate list to recover the Administrator password. The randomizepassword job exists solely t...

CVE-2026-6659

Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts. The built-in rand function is predictable, and unsuitable for cryptography...

CVE-2026-32959

SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a use of a broken or risky cryptographic algorithm. Information in the traffic may be retrieved via man-in-the-middle attack...

CVE-2026-5682

A vulnerability has been found in Meesho Online Shopping App up to 27.3 on Android. Affected is an unknown function of the file /api/endpoint of the component com.meesho.supply. Such manipulation leads to risky cryptographic algorithm. The attack may be performed from remote. The attack requires ...

PT-2026-30730

A vulnerability has been found in Meesho Online Shopping App up to 27.3 on Android. Affected is an unknown function of the file /api/endpoint of the component com.meesho.supply. Such manipulation leads to risky cryptographic algorithm. The attack may be performed from remote. The attack requires ...

CVE-2026-3598

Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux Config string generation, web console export modules allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program routin...

Gladinet CentreStack & Triofox - Hardcoded Credentials

Gladinet CentreStack and Triofox 16.12.10420.56791 contain a hardcoded credentials vulnerability caused by use of hardcoded AES cryptoscheme values, letting attackers perform arbitrary local file inclusion without authentication, potentially leading to full system compromise. id: CVE-2025-14611...

PT-2025-46980

Name of the Vulnerable Software and Affected Versions Desktop Alert PingAlert versions 6.1.0.11 through 6.1.1.2 Description A flaw exists in the Application Server component of the software due to the use of a Broken or Risky Cryptographic Algorithm. Recommendations Update to a version beyond...

Siemens RUGGEDCOM ROS Devices Use of a Broken or Risky Cryptographic Algorithm (CVE-2023-52236)

The affected products support insecure cryptographic algorithms. An attacker could leverage these legacy algorithms to achieve a man-in- the-middle attack or impersonate communicating parties. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for mor...

PT-2024-40973 · Unknown · Magiccrypt

Name of the Vulnerable Software and Affected Versions: MagicCrypt affected versions not specified Description: The issue concerns the use of insecure cryptographic algorithms and practices that compromise the integrity of encrypted data. Specifically, MagicCrypt64 uses the insecure DES block ciph...

CVE-2024-21988

StorageGRID formerly StorageGRID Webscale versions prior to 11.7.0.9 and 11.8.0.5 are susceptible to disclosure of sensitive information via complex MiTM attacks due to a vulnerability in the SSH cryptographic implementation...

Insecure Cryptography

elixir is vulnerable to Insecure Cryptography. The vulnerability is due to Elixir's implementation of Blowfish in CFB mode without generating a unique initialization vector IV for each encryption operation, which allows context-dependent users to obtain sensitive information and decrypt the...

PT-2024-14310 · Ylianst · Ylianst Meshcentral

Name of the Vulnerable Software and Affected Versions: Ylianst MeshCentral version 1.1.16 Description: The issue is related to the use of a broken or risky cryptographic algorithm. Recommendations: For Ylianst MeshCentral version 1.1.16, at the moment, there is no information about a newer versio...

CVE-2023-47152

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions...

CVE-2023-28076

CloudLink 7.1.2 and all prior versions contain a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability leading to some information disclosure...

Debian: Security Advisory (DLA-410-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-303-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Insecure Cryptography

packbackbooks/lti-1p3-tool uses an insecure cryptographic configuration. The vulnerability exists due to improper configuration of generating cookies and openid values which allows an attacker to predict the token value and forge the token...

Insecure Cryptography

node uses an insecure cryptographic configuration. The vulnerability exists in opensslcommon.gypi because the default openssl.cnf directory on linux is not configured properly which allows an attacker to create new files on shared systems...

Insecure Cryptography

ujson is vulnerable to insecure cryptography. The vulnerability exists in a JSON string contains escaped surrogate characters which are not part of a proper surrogate pair, the library may decode those characters incorrectly which allows remote attackers to cause unintended behavior in the...