Export limit exceeded: 351172 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (1631 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-15005 | 1 Couchcms | 1 Couchcms | 2026-02-24 | 3.7 Low |
| A security flaw has been discovered in CouchCMS up to 2.4. Affected is an unknown function of the file couch/config.example.php of the component reCAPTCHA Handler. The manipulation of the argument K_RECAPTCHA_SITE_KEY/K_RECAPTCHA_SECRET_KEY results in use of hard-coded cryptographic key . It is possible to launch the attack remotely. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2025-14636 | 1 Tenda | 2 Ax9, Ax9 Firmware | 2026-02-24 | 3.7 Low |
| A security flaw has been discovered in Tenda AX9 22.03.01.46. This affects the function image_check of the component httpd. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2020-1596 | 1 Microsoft | 19 Windows 10, Windows 10 1507, Windows 10 1607 and 16 more | 2026-02-23 | 5.4 Medium |
| <p>A information disclosure vulnerability exists when TLS components use weak hash algorithms. An attacker who successfully exploited this vulnerability could obtain information to further compromise a users's encrypted transmission channel.</p> <p>To exploit the vulnerability, an attacker would have to conduct a man-in-the-middle attack.</p> <p>The update addresses the vulnerability by correcting how TLS components use hash algorithms.</p> | ||||
| CVE-2025-41743 | 1 Sprecher-automation | 6 Sprecon-e-c, Sprecon-e-c Firmware, Sprecon-e-p and 3 more | 2026-02-23 | 4 Medium |
| Insufficient encryption strength in Sprecher Automation SPRECON-E-C, SPRECON-E-P, and SPRECON-E-T3 allows a local unprivileged attacker to extract data from update images and thus obtain limited information about the architecture and internal processes. | ||||
| CVE-2025-55248 | 4 Apple, Linux, Microsoft and 1 more | 22 Macos, Linux Kernel, .net and 19 more | 2026-02-22 | 4.8 Medium |
| Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network. | ||||
| CVE-2024-32852 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | 5.9 Medium |
| Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.0 contain use of a broken or risky cryptographic algorithm vulnerability. An unprivileged network malicious attacker could potentially exploit this vulnerability, leading to data leaks. | ||||
| CVE-2025-43723 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | 5.9 Medium |
| Dell PowerScale OneFS, versions prior to 9.10.1.3 and versions 9.11.0.0 through 9.12.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. | ||||
| CVE-2024-22463 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | 7.4 High |
| Dell PowerScale OneFS 8.2.x through 9.6.0.x contains a use of a broken or risky cryptographic algorithm vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to compromise of confidentiality and integrity of sensitive information | ||||
| CVE-2022-34444 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | 5.9 Medium |
| Dell PowerScale OneFS, versions 9.2.0.x through 9.4.0.x contain an information vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to cause data leak. | ||||
| CVE-2024-25963 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | 5.9 Medium |
| Dell PowerScale OneFS, versions 8.2.2.x through 9.5.0.x contains a use of a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure. | ||||
| CVE-2024-25968 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | 5.9 Medium |
| Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains a use of a broken or risky cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure. | ||||
| CVE-2025-36379 | 1 Ibm | 2 Qradar Edr, Security Qradar Edr | 2026-02-20 | 5.9 Medium |
| IBM Security QRadar EDR 3.12 through 3.12.23 IBM Security ReaQta uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | ||||
| CVE-2025-45769 | 1 Google | 1 Firebase Php-jwt | 2026-02-18 | 6.5 Medium |
| php-jwt v6.11.0 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record. | ||||
| CVE-2025-20667 | 1 Mediatek | 88 Lr12a, Lr13, Mt2735 and 85 more | 2026-02-17 | 6.5 Medium |
| In Modem, there is a possible information disclosure due to incorrect error handling. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01513293; Issue ID: MSV-2741. | ||||
| CVE-2025-48823 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2026-02-13 | 5.9 Medium |
| Cryptographic issues in Windows Cryptographic Services allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-49756 | 1 Microsoft | 3 365, 365 Apps, Office 365 | 2026-02-13 | 3.3 Low |
| Use of a broken or risky cryptographic algorithm in Office Developer Platform allows an authorized attacker to bypass a security feature locally. | ||||
| CVE-2025-52026 | 1 Aptsys | 2 Gemscms, Gemscms Backend | 2026-02-12 | 7.5 High |
| An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. As MD5 is a broken cryptographic function, the hashes can be easily reversed using public tools, exposing user credentials in plaintext. This allows remote attackers to perform unauthorized logins and potentially gain access to sensitive POS operations or backend functions. | ||||
| CVE-2024-30098 | 1 Microsoft | 22 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 19 more | 2026-02-10 | 7.5 High |
| Windows Cryptographic Services Security Feature Bypass Vulnerability | ||||
| CVE-2024-54855 | 1 Fabricators | 2 Vanilla Os 2 Core Image, Vanilla Os Core Image | 2026-02-10 | 6.4 Medium |
| fabricators Ltd Vanilla OS 2 Core image v1.1.0 was discovered to contain static keys for the SSH service, allowing attackers to possibly execute a man-in-the-middle attack during connections with other hosts. | ||||
| CVE-2025-58740 | 2 Microsoft, Milner | 2 Windows, Imagedirector Capture | 2026-02-10 | 5.5 Medium |
| The use of a hard-coded encryption key in calls to the Password function in C2SGlobalSettings.dll in Milner ImageDirector Capture on Windows allows a local attacker to decrypt database credentials by reading the cryptographic key from the executable. This issue affects ImageDirector Capture: from 7.0.9 before 7.6.3.25808. | ||||