EUVD-2026-36411

A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediation of CVE-2026-0714. The firmware introduced TPM2 parameter encryption as a countermeasure again...

PT-2026-48857

A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediation of CVE-2026-0714. The firmware introduced TPM2 parameter encryption as a countermeasure again...

Missing Cryptographic Step

Overview Affected versions of this package are vulnerable to Missing Cryptographic Step in EVPPKEYderivesetpeer when called with a DHX X9.42 peer key. A malicious peer can recover the victim's private key. A peer presenting an X9.42 key that carries the victim's p and g, and a forged q passes all...

CVE-2026-36721

A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...

Missing Cryptographic Step

Overview Affected versions of this package are vulnerable to Missing Cryptographic Step due to the lack of enforcement for receiving a cryptographically-signed final chunk before the termination of the outer HTTP body. An attacker can cause undetected truncation of chunked messages by forwarding...

PT-2026-43430

Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available. The random bytes function fell back to using the built-in rand function when none of the Perl modules Crypt::PRNG, Crypt::OpenSSL::Random, Net::SSLeay, Crypt::Random, or...

Missing Cryptographic Step

jsrsasign is vulnerable to Missing Cryptographic Step. The vulnerability is due to improper handling of invalid DSA signature values without retry logic, which allows an attacker to recover the private key by forcing signature parameters to predictable values...

CVE-2026-4601

Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zero, so the library emits an invalid signature witho...

DEBIAN-CVE-2026-3230

Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required keyshare extension,...

CVE-2025-47383 Missing Cryptographic Step in Data Modem

Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE...

CVE-2025-47383

CVE-2025-47383 describes a weak configuration that may cause a cryptographic issue when a VoWiFi call is triggered from UE. Connected records repeat the description and list a CVSS v3.1 base score of 7.2 (HIGH) with NETWORK attack vector, low attack complexity, and high impact on confidentiality,...

Missing Cryptographic Step

Overview org.webjars.npm:jsrsasign is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by...

Missing Cryptographic Step

Overview jsrsasign is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be...

Missing Cryptographic Step

Overview Affected versions of this package are vulnerable to Missing Cryptographic Step that exposes the final 1-15 bytes of a message when the low-level OCB API is used directly with AES-NI or other hardware accelerated code paths. Common implementations of openssl using EVP are not vulnerable...

CVE-2025-60704

Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network...

CVE-2025-60704

Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network...

CVE-2025-60704

Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network...

EUVD-2021-19431

Malware in sbrugna...

CVE-2022-29053

A missing cryptographic steps vulnerability CWE-325 in the functions that encrypt the keytab files in FortiOS version 7.2.0, 7.0.0 through 7.0.5 and below 7.0.0 may allow an attacker in possession of the encrypted file to decipher it...

CVE-2021-3680

showdoc is vulnerable to Missing Cryptographic Step...