Export limit exceeded: 45294 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (670 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-21907 | 2 Juniper, Juniper Networks | 2 Junos Space, Junos Os | 2026-01-23 | 5.9 Medium |
| A Use of a Broken or Risky Cryptographic Algorithm vulnerability in the TLS/SSL server of Juniper Networks Junos Space allows the use of static key ciphers (ssl-static-key-ciphers), reducing the confidentiality of on-path traffic communicated across the connection. These ciphers also do not support Perfect Forward Secrecy (PFS), affecting the long-term confidentiality of encrypted communications.This issue affects all versions of Junos Space before 24.1R5. | ||||
| CVE-2025-68931 | 1 Samrocketman | 1 Jervis | 2026-01-20 | 7.5 High |
| Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. This vulnerability is fixed in 2.2. | ||||
| CVE-2025-68702 | 1 Samrocketman | 1 Jervis | 2026-01-20 | 7.5 High |
| Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses padLeft(32, '0') when it should use padLeft(64, '0') because SHA-256 produces 32 bytes which equates to 64 hex characters. This vulnerability is fixed in 2.2. | ||||
| CVE-2025-68701 | 1 Samrocketman | 1 Jervis | 2026-01-20 | 7.5 High |
| Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphrase. This vulnerability is fixed in 2.2. | ||||
| CVE-2025-68698 | 1 Samrocketman | 1 Jervis | 2026-01-20 | 7.5 High |
| Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses PKCS1Encoding which is vulnerable to Bleichenbacher padding oracle attacks. Modern systems should use OAEP (Optimal Asymmetric Encryption Padding). This vulnerability is fixed in 2.2. | ||||
| CVE-2024-39583 | 1 Dell | 2 Insightiq, Powerscale Insightiq | 2025-12-31 | 8.1 High |
| Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges. | ||||
| CVE-2025-65831 | 1 Meatmeet | 1 Meatmeet | 2025-12-30 | 7.5 High |
| The application uses an insecure hashing algorithm (MD5) to hash passwords. If an attacker obtained a copy of these hashes, either through exploiting cloud services, performing TLS downgrade attacks on the traffic from a mobile device, or through another means, they may be able to crack the hash in a reasonable amount of time and gain unauthorized access to the victim's account. | ||||
| CVE-2021-47712 | 1 Kentico | 1 Xperience | 2025-12-24 | 7.5 High |
| A cryptography vulnerability in Kentico Xperience allows attackers to potentially manipulate URL hash values through existing hashing mechanisms. The hotfix introduces an additional security layer to prevent hash value reuse and potential exploitation. | ||||
| CVE-2025-14764 | 1 Amazon | 1 Aws S3 Encryption Client Go | 2025-12-18 | 5.3 Medium |
| Missing cryptographic key commitment in the Amazon S3 Encryption Client for Go may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade Amazon S3 Encryption Client for Go to version 4.0 or later. | ||||
| CVE-2025-14760 | 1 Amazon | 1 Aws Sdk Cpp | 2025-12-18 | 5.3 Medium |
| Missing cryptographic key commitment in the AWS SDK for C++ may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade AWS SDK for C++ to version 1.11.712 or later | ||||
| CVE-2025-14763 | 1 Amazon | 1 Aws S3 Encryption Client Java | 2025-12-18 | 5.3 Medium |
| Missing cryptographic key commitment in the Amazon S3 Encryption Client for Java may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade Amazon S3 Encryption Client for Java to version 4.0.0 or later. | ||||
| CVE-2025-14762 | 1 Amazon | 1 Aws Sdk Ruby | 2025-12-18 | 5.3 Medium |
| Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade AWS SDK for Ruby to version 1.208.0 or later. | ||||
| CVE-2025-14759 | 1 Amazon | 1 Aws S3 Encryption Client Dotnet | 2025-12-18 | 5.3 Medium |
| Missing cryptographic key commitment in the Amazon S3 Encryption Client for .NET may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade Amazon S3 Encryption Client for .NET to version 3.2.0 or later. | ||||
| CVE-2025-14761 | 1 Amazon | 1 Aws Sdk Php | 2025-12-18 | 5.3 Medium |
| Missing cryptographic key commitment in the AWS SDK for PHP may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade AWS SDK for PHP to version 3.368.0 or later | ||||
| CVE-2025-54981 | 1 Apache | 1 Streampark | 2025-12-15 | 7.5 High |
| Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are recommended to upgrade to version 2.1.7, which fixes the issue. | ||||
| CVE-2025-65849 | 1 Altcha | 1 Altcha | 2025-12-11 | 9.1 Critical |
| A cryptanalytic break in Altcha Proof-of-Work obfuscation mode version 0.8.0 and later allows for remote visitors to recover the Proof-of-Work nonce in constant time via mathematical deduction. NOTE: this is disputed by the Supplier because the product's objective is "to discourage automated scraping / bots, not guarantee resistance to determined attackers." The documentation states “the goal is not to provide a secure cryptographic algorithm but to use a proof-of-work mechanism that allows any capable device to decrypt the hidden data.” | ||||
| CVE-2021-33560 | 5 Debian, Fedoraproject, Gnupg and 2 more | 9 Debian Linux, Fedora, Libgcrypt and 6 more | 2025-12-03 | 7.5 High |
| Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP. | ||||
| CVE-2025-36150 | 1 Ibm | 1 Concert | 2025-12-01 | 5.9 Medium |
| IBM Concert 1.0.0 through 2.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | ||||
| CVE-2025-66017 | 1 Lfdt-lockness | 1 Cggmp21 | 2025-11-27 | N/A |
| CGGMP24 is a state-of-art ECDSA TSS protocol that supports 1-round signing (requires 3 preprocessing rounds), identifiable abort, and a key refresh protocol. In versions 0.6.3 and prior of cggmp21 and version 0.7.0-alpha.1 of cggmp24, presignatures can be used in the way that significantly reduces security. cggmp24 version 0.7.0-alpha.2 release contains API changes that make it impossible to use presignatures in contexts in which it reduces security. | ||||
| CVE-2025-65951 | 1 Mescuwa | 1 Entropy-derby | 2025-11-26 | 8.7 High |
| Inside Track / Entropy Derby is a research-grade horse-racing betting engine. Prior to commit 2d38d2f, the VDF-based timelock encryption system fails to enforce sequential delay against the betting operator. Bettors pre-compute the entire Wesolowski VDF and include vdfOutputHex in their encrypted bet ticket, allowing the house to decrypt immediately using fast proof verification instead of expensive VDF evaluation. This issue has been patched via commit 2d38d2f. | ||||