Total
472 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-22314 | 1 Ibm | 1 Storage Defender Resiliency Service | 2025-08-19 | N/A | 7.5 HIGH |
| IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.12 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | |||||
| CVE-2024-31896 | 1 Ibm | 1 Spss Statistics | 2025-08-18 | N/A | 7.5 HIGH |
| IBM SPSS Statistics 26.0, 27.0.1, 28.0.1, and 29.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | |||||
| CVE-2024-27256 | 1 Ibm | 2 Mq Operator, Supplied Mq Advanced Container Images | 2025-08-18 | N/A | 7.5 HIGH |
| IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | |||||
| CVE-2024-38320 | 6 Apple, Hp, Ibm and 3 more | 8 Macos, Hp-ux, Aix and 5 more | 2025-08-18 | N/A | 7.5 HIGH |
| IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client 8.1.0.0 through 8.1.23.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | |||||
| CVE-2024-22347 | 1 Ibm | 2 Devops Velocity, Urbancode Velocity | 2025-08-14 | N/A | 7.5 HIGH |
| IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | |||||
| CVE-2024-41986 | 2025-08-12 | N/A | 6.4 MEDIUM | ||
| A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application support insecure TLS 1.0 and 1.1 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data. | |||||
| CVE-2025-2539 | 1 File Away Project | 1 File Away | 2025-08-11 | N/A | 7.5 HIGH |
| The File Away plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax() function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers, leveraging the use of a reversible weak algorithm, to read the contents of arbitrary files on the server, which can contain sensitive information. | |||||
| CVE-2024-1040 | 1 Gesslergmbh | 2 Web-master, Web-master Firmware | 2025-08-07 | N/A | 4.4 MEDIUM |
| Gessler GmbH WEB-MASTER user account is stored using a weak hashing algorithm. The attacker can restore the passwords by breaking the hashes stored on the device. | |||||
| CVE-2025-30477 | 1 Dell | 1 Powerscale Onefs | 2025-08-06 | N/A | 4.9 MEDIUM |
| Dell PowerScale OneFS, versions prior to 9.11.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. | |||||
| CVE-2024-55885 | 1 Beego | 1 Beego | 2025-08-01 | N/A | 7.5 HIGH |
| beego is an open-source web framework for the Go programming language. Versions of beego prior to 2.3.4 use MD5 as a hashing algorithm. MD5 is no longer considered secure against well-funded opponents due to its vulnerability to collision attacks. Version 2.3.4 replaces MD5 with SHA256. | |||||
| CVE-2025-8260 | 1 Vaelsys | 1 Vaelsys | 2025-07-31 | N/A | 7.5 HIGH |
| A vulnerability has been found in Vaelsys 4.1.0 and classified as problematic. This vulnerability affects unknown code of the file /grid/vgrid_server.php of the component MD4 Hash Handler. The manipulation of the argument xajaxargs leads to use of weak hash. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-54426 | 2025-07-28 | N/A | N/A | ||
| Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. In versions prior to commit 36f70d1, the Curve25519Add and Curve25519ScalarMul precompiles incorrectly handle invalid Ristretto point representations. Instead of returning an error, they silently treat invalid input bytes as the Ristretto identity element, leading to potentially incorrect cryptographic results. This is fixed in commit 36f70d1. | |||||
| CVE-2024-52366 | 1 Ibm | 1 Concert | 2025-07-18 | N/A | 5.9 MEDIUM |
| IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | |||||
| CVE-2024-43189 | 1 Ibm | 1 Concert | 2025-07-18 | N/A | 5.9 MEDIUM |
| IBM Concert Software 1.0.0 through 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | |||||
| CVE-2022-43851 | 3 Ibm, Linux, Microsoft | 3 Aspera Console, Linux Kernel, Windows | 2025-07-17 | N/A | 7.5 HIGH |
| IBM Aspera Console 3.4.0 through 3.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | |||||
| CVE-2024-55912 | 2 Ibm, Linux | 2 Concert, Linux Kernel | 2025-07-16 | N/A | 5.9 MEDIUM |
| IBM Concert Software 1.0.0 through 1.0.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | |||||
| CVE-2024-45643 | 2 Ibm, Linux | 2 Security Qradar Edr, Linux Kernel | 2025-07-16 | N/A | 7.5 HIGH |
| IBM Security QRadar 3.12 EDR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive credential information. | |||||
| CVE-2024-49784 | 3 Ibm, Linux, Microsoft | 3 Openpages With Watson, Linux Kernel, Windows | 2025-07-14 | N/A | 6.5 MEDIUM |
| IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data with AES encryption and CBC mode. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data values they could exploit this weaker algorithm to use additional cryptographic methods to possibly extract the encrypted data. | |||||
| CVE-2025-7214 | 2025-07-09 | N/A | 1.6 LOW | ||
| A vulnerability classified as problematic was found in FNKvision FNK-GU2 up to 40.1.7. Affected by this vulnerability is an unknown functionality of the file /etc/shadow of the component MD5. The manipulation leads to risky cryptographic algorithm. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-49756 | 2025-07-08 | N/A | 3.3 LOW | ||
| Use of a broken or risky cryptographic algorithm in Office Developer Platform allows an authorized attacker to bypass a security feature locally. | |||||