674 matches found
CVE-2026-54276
A flaw was found in aiohttp, an asynchronous HTTP client/server framework for asyncio and Python. The DigestAuthMiddleware component can send an authentication response after following a cross-origin redirect. This could allow a remote attacker, in conjunction with an open redirect vulnerability ...
CVE-2026-34022
The Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319, uses weak custom cryptographic algorithms with hard-coded cryptographic keys to protect communication. An attacker in an adversary-in-the-middle position can decrypt the data traffic. During reassessment...
CVE-2026-34022
The CVE-2026-34022 entry affects Wertheim SafeController Family 65000, Controller 65000 (AssemblyVersion 6.11.8130.22319). The root cause is the use of weak custom cryptographic algorithms with hard-coded keys to protect communications, enabling interception of data in transit. During reassessmen...
CVE-2026-34022 Weak custom cryptography and hard-coded keys in Wertheim SafeController 65000 allow traffic decryption
The Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319, uses weak custom cryptographic algorithms with hard-coded cryptographic keys to protect communication. An attacker in an adversary-in-the-middle position can decrypt the data traffic. During reassessment...
EUVD-2026-36705
The Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319, uses weak custom cryptographic algorithms with hard-coded cryptographic keys to protect communication. An attacker in an adversary-in-the-middle position can decrypt the data traffic. During reassessment...
CVE-2026-34022 Weak custom cryptography and hard-coded keys in Wertheim SafeController 65000 allow traffic decryption
The Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319, uses weak custom cryptographic algorithms with hard-coded cryptographic keys to protect communication. An attacker in an adversary-in-the-middle position can decrypt the data traffic. During reassessment...
CVE-2026-48488 phpMyFAQ has Weak Cryptography - SHA1 for Password Hashing
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4, attachment passwords are hashed using SHA-1, a cryptographically broken algorithm. SHA-1 has been vulnerable to collision attacks since 2017 SHAttered. Version 4.1.4 fixes the issue...
CVE-2026-48488 phpMyFAQ has Weak Cryptography - SHA1 for Password Hashing
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4, attachment passwords are hashed using SHA-1, a cryptographically broken algorithm. SHA-1 has been vulnerable to collision attacks since 2017 SHAttered. Version 4.1.4 fixes the issue...
CVE-2026-5926
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 uses weaker than expected cryptographic algorithms that could allow an...
Securly Chrome Extension contains multiple weak encryption and access control vulnerabilities
Overview Version 3.0.7 of the Securly Chrome Extension contains multiple vulnerabilities involving insecure data transmission, weak cryptography, and improper access control. These issues may expose sensitive filtering rules, enable the manipulation of downloaded configuration files, and allow...
CVE-2026-45701
Sulu CMS prior to versions 2.6.23 and 3.0.6 uses a weak cryptographic hash for password reset tokens and API key generation, as documented across CVE-2026-45701 disclosures. The vulnerability originates in the affected components (User.php and ResettingController.php) within the SecurityBundle, l...
CVE-2025-46371
Dell PowerFlex Manager, versions =4.6.2, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the ssh. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass...
CVE-2026-44053
A flaw was found in Netatalk. Weak cryptography in the dhcast128 User Authentication Module UAM allows a remote attacker to potentially compromise the confidentiality and integrity of data. This vulnerability could enable unauthorized access to sensitive information or allow for the manipulation ...
CVE-2026-44053
Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST128 UAM, which allows a remote attacker to obtain authentication credentials or impersonate a user via cryptanalytic attack...
CVE-2026-44053 Weak cryptography in DHCAST128 UAM
Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST128 UAM, which allows a remote attacker to obtain authentication credentials or impersonate a user via cryptanalytic attack...
EUVD-2026-31232
Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST128 UAM, which allows a remote attacker to obtain authentication credentials or impersonate a user via cryptanalytic attack...
CVE-2026-44053
Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST128 UAM, which allows a remote attacker to obtain authentication credentials or impersonate a user via cryptanalytic attack...
CVE-2026-44053 Weak cryptography in DHCAST128 UAM
Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST128 UAM, which allows a remote attacker to obtain authentication credentials or impersonate a user via cryptanalytic attack...
CVE-2026-44053
Netatalk 1.5.0–4.2.2 uses weak cryptography in the DHCAST128 UAM, enabling remote credential theft or user impersonation. The issue is fixed in Netatalk 4.5.0. Affected products: Netatalk 1.5.0–4.2.2; vulnerability: weak cryptographic algorithm in DHCAST128 UAM; impact: confidentiality and integr...
GHSA-7FV8-6PP7-6H85 Sulu: Weak Cryptographical usage for API Key generation and Reset Tokens
Impact The password reset tokenand API key generation uses a weak cryptographical hash algorithm. Patches Fixed in 2.6.23 and 3.0.6 version. Workarounds Patch the related User.php and ResettingController.php file in the SecurityBundle...