Lucene search
K

1654 matches found

NVD
NVD
added 2025/12/12 4:15 p.m.4 views

CVE-2025-53960

When issuing JSON Web Tokens JWT, Apache StreamPark directly uses the user's password as the HMAC signing key e.g., with the HS256 algorithm. An attacker can exploit this vulnerability to perform offline brute-force attacks on the user's password using a captured JWT, or to arbitrarily forge...

5.9CVSS0.00216EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/12 3:30 p.m.5 views

EUVD-2025-203081

Apache StreamPark uses a Weak Encryption Algorithm...

7.5CVSS6.4AI score0.00216EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/12/12 3:30 p.m.12 views

Apache StreamPark uses a Weak Encryption Algorithm

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...

7.5CVSS7.1AI score0.00216EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/12/12 3:15 p.m.8 views

CVE-2025-54981

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...

7.5CVSS0.00216EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/12 3:15 p.m.5 views

CVE-2025-53960 Apache StreamPark: Uses the user’s password as the secret key

When issuing JSON Web Tokens JWT, Apache StreamPark directly uses the user's password as the HMAC signing key e.g., with the HS256 algorithm. An attacker can exploit this vulnerability to perform offline brute-force attacks on the user's password using a captured JWT, or to arbitrarily forge...

6.5AI score0.00216EPSS
Exploits0References1
CVE
CVE
added 2025/12/12 3:10 p.m.16 views

CVE-2025-54981

CVE-2025-54981 affects Apache StreamPark prior to 2.1.7, due to use of AES in ECB mode and a weak RNG for encrypting sensitive data such as JWT tokens. This weak encryption could lead to exposure of confidential data. The vulnerability is documented across multiple sources (NVD, Red Hat, OSV, CNV...

7.5CVSS6.7AI score0.00216EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/12 3:10 p.m.3 views

CVE-2025-54981 Apache StreamPark: Weak Encryption Algorithm in StreamPark

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...

6.7AI score0.00216EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.5 views

Apache StreamPark 安全漏洞

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark suffers from a weak algorithmic vulnerability that stems from the use of weak encryption algorithms, which can be exploited by an attacker to expose sensitive...

7.5CVSS7AI score0.00216EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.3 views

Apache StreamPark 安全漏洞

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark suffers from a security bypass vulnerability due to the use of a fixed, immutable encryption key. An attacker could exploit the vulnerability to decrypt...

5.9CVSS6.4AI score0.00216EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.5 views

Siemens SINEMA Remote Connect Server 安全漏洞

Siemens SINEMA Remote Connect Server is a remote network management platform from Siemens Germany. The platform is primarily used to remotely access, maintain, control and diagnose the underlying network. A security vulnerability exists in Siemens SINEMA Remote Connect Server versions prior to V3...

3.3CVSS8.9AI score0.00093EPSS
Exploits0References1
Snyk
Snyk
added 2025/12/08 7:41 p.m.4 views

Inadequate Encryption Strength

Overview altcha is a Privacy-first CAPTCHA widget, compliant with global regulations GDPR/HIPAA/CCPA/LGDP/DPDPA/PIPL and WCAG accessible. No tracking, self-verifying. Affected versions of this package are vulnerable to Inadequate Encryption Strength in the Proof of Work obfuscation scheme. An...

9.1CVSS6.2AI score0.00192EPSS
Exploits0References2
OSV
OSV
added 2025/12/02 11:15 a.m.4 views

CVE-2025-41743

Insufficient encryption strength in Sprecher Automation SPRECON-E-C, SPRECON-E-P, and SPRECON-E-T3 allows a local unprivileged attacker to extract data from update images and thus obtain limited information about the architecture and internal processes...

4CVSS5.8AI score0.00065EPSS
Exploits1References1
CVE
CVE
added 2025/12/02 10:38 a.m.11 views

CVE-2025-41743

The CVE-2025-41743 entry affects Sprecher Automation SPRECON-E-C, SPRECON-E-P, and SPRECON-E-T3. Root cause: insufficient encryption strength in update images. Impact: a local, unprivileged attacker can extract data from update images and obtain limited information about system architecture and i...

4CVSS6AI score0.00065EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/02 10:38 a.m.3 views

CVE-2025-41743 Sprecher Automation: SPRECON-E series prone to weak encryption of update files

Insufficient encryption strength in Sprecher Automation SPRECON-E-C, SPRECON-E-P, and SPRECON-E-T3 allows a local unprivileged attacker to extract data from update images and thus obtain limited information about the architecture and internal processes...

4CVSS6AI score0.00065EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/11/24 12:0 a.m.7 views

IBM Concert 加密问题漏洞

IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform released in May 2024 by IBM. IBM Concert suffers from a cryptographic issue vulnerability that stems from the use of weak encryption algorithms, which can ...

7.5CVSS6.6AI score0.00154EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/11/18 12:0 a.m.4 views

Siemens SIPROTEC Inadequate Encryption Strength (CVE-2024-38867)

The affected devices are supporting weak ciphers on several ports 443/tcp for web, 4443/tcp for DIGSI 5 and configurable port for syslog over TLS. This could allow an unauthorized attacker in a man-in-the-middle position to decrypt any data passed over to and from those ports. This plugin only...

8.2CVSS7.1AI score0.00205EPSS
Exploits0References7
Redos
Redos
added 2025/11/05 12:0 a.m.10 views

ROS-20251105-06

The vulnerability of Microsoft .NET Framework, .NET software platforms, and Microsoft Visual Studio software development tool is related to insufficiently strong data encryption. Microsoft Visual Studio software development tool is related to insufficiently strong data encryption. Exploitation...

9.9CVSS6.7AI score0.66258EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2025/10/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-55248

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network. CVE-2025-55248 Note...

5.7CVSS7.3AI score0.00681EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 11:24 a.m.9 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in jose-4.15.9.tgz

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in jose-4.15.9.tgz Vulnerability Details CVEID:CVE-2025-45767 DESCRIPTION: jose v6.0.10 was discovered to contain weak encryption. NOTE: this is disputed by a third party because the claim of "do not me...

7CVSS6.9AI score0.00145EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/10/17 12:0 a.m.27 views

Security Update for Microsoft .NET Core (October 2025)

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by information disclosure vulnerability as referenced in the vendor advisory. - Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to...

5.7CVSS7.3AI score0.00681EPSS
Exploits0References7
Rows per page
Query Builder