Total
655 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-23601 | 2026-03-04 | 5.4 Medium | ||
| A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of tampered data to specific endpoints, bypassing standard cryptographic separation. | ||||
| CVE-2025-14480 | 1 Ibm | 1 Aspera Faspio Gateway | 2026-03-04 | 5.1 Medium |
| IBM Aspera faspio Gateway 1.3.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information | ||||
| CVE-2025-14456 | 1 Ibm | 1 Mq Appliance | 2026-03-04 | 5.9 Medium |
| IBM MQ Appliance 9.4 CD through 9.4.4.0 to 9.4.4.1 | ||||
| CVE-2026-27804 | 2 Parse Community, Parseplatform | 2 Parse Server, Parse-server | 2026-03-04 | 9.1 Critical |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.3 and 9.1.1-alpha.4, an unauthenticated attacker can forge a Google authentication token with `alg: "none"` to log in as any user linked to a Google account, without knowing their credentials. All deployments with Google authentication enabled are affected. The fix in versions 8.6.3 and 9.1.1-alpha.4 hardcodes the expected `RS256` algorithm instead of trusting the JWT header, and replaces the Google adapter's custom key fetcher with `jwks-rsa` which rejects unknown key IDs. As a workaround, dsable Google authentication until upgrading is possible. | ||||
| CVE-2025-63912 | 2026-03-03 | N/A | ||
| Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to use a weak cryptography algorithm for data encryption, allowing attackers to trivially reverse the encyption and expose credentials. | ||||
| CVE-2026-21718 | 1 Copeland | 9 Copeland Xweb 300d Pro, Copeland Xweb 500b Pro, Copeland Xweb 500d Pro and 6 more | 2026-03-02 | 10 Critical |
| An authentication bypass vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, enabling any attackers to bypass the authentication requirement and achieve pre-authenticated code execution on the system. | ||||
| CVE-2025-62514 | 2 Parsec.cloud, Scille | 2 Parsec, Parsec-cloud | 2026-03-02 | 8.3 High |
| Parsec is a cloud-based application for cryptographically secure file sharing. In versions on the 3.x branch prior to 3.6.0, `libparsec_crypto`, a component of the Parsec application, does not check for weak order point of Curve25519 when compiled with its RustCrypto backend. In practice this means an attacker in a man-in-the-middle position would be able to provide weak order points to both parties in the Diffie-Hellman exchange, resulting in a high probability to for both parties to obtain the same shared key (hence leading to a successful SAS code exchange, misleading both parties into thinking no MITM has occurred) which is also known by the attacker. Note only Parsec web is impacted (as Parsec desktop uses `libparsec_crypto` with the libsodium backend). Version 3.6.0 of Parsec patches the issue. | ||||
| CVE-2026-24785 | 1 Jmlepisto | 1 Clatter | 2026-02-27 | 9.1 Critical |
| Clatter is a no_std compatible, pure Rust implementation of the Noise protocol framework with post-quantum support. Versiosn prior to2.2.0 have a protocol compliance vulnerability. The library allowed post-quantum handshake patterns that violated the PSK validity rule (Noise Protocol Framework Section 9.3). This could allow PSK-derived keys to be used for encryption without proper randomization by self-chosen ephemeral randomness, weakening security guarantees and potentially allowing catastrophic key reuse. Affected default patterns include `noise_pqkk_psk0`, `noise_pqkn_psk0`, `noise_pqnk_psk0`, `noise_pqnn_psk0``, and some hybrid variants. Users of these patterns may have been using handshakes that do not meet the intended security properties. The issue is fully patched and released in Clatter v2.2.0. The fixed version includes runtime checks to detect offending handshake patterns. As a workaround, avoid using offending `*_psk0` variants of post-quantum patterns. Review custom handshake patterns carefully. | ||||
| CVE-2025-69929 | 1 N3uron | 1 Web User Interface | 2026-02-27 | 9.8 Critical |
| An issue in N3uron Web User Interface v.1.21.7-240207.1047 allows a remote attacker to escalate privileges via the password hashing on the client side using the MD5 algorithm over a predictable string format | ||||
| CVE-2026-27519 | 1 Binardat | 3 10g08-0800gsm, 10g08-0800gsm Firmware, 10g08-0800gsm Network Switch | 2026-02-27 | 7.5 High |
| Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior use RC4 with a hard-coded key embedded in client-side JavaScript. Because the key is static and exposed, an attacker can decrypt protected values and defeat confidentiality protections. | ||||
| CVE-2026-1626 | 1 Sick Ag | 2 Sick Lms1000, Sick Mrs1000 | 2026-02-27 | 6.5 Medium |
| An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic. | ||||
| CVE-2026-1627 | 1 Sick Ag | 2 Sick Lms1000, Sick Mrs1000 | 2026-02-27 | 6.5 Medium |
| An attacker may exploit the use of outdated and weak MAC algorithms in the device’s SSH service to potentially compromise the integrity of the SSH session, allowing manipulation of transmitted data if the attacker can interact with the network traffic. | ||||
| CVE-2024-45643 | 2 Ibm, Linux | 2 Security Qradar Edr, Linux Kernel | 2026-02-26 | 5.9 Medium |
| IBM Security QRadar 3.12 EDR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive credential information. | ||||
| CVE-2025-55112 | 1 Bmc | 2 Control-m/agent, Control-m\/agent | 2026-02-26 | 7.4 High |
| Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 (and potentially earlier unsupported versions) that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between the Control-M/Agent and Server. | ||||
| CVE-2025-21062 | 1 Samsung | 1 Smart Switch | 2026-02-26 | 7.8 High |
| Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.67.2 allows local attackers to replace the restoring application. User interaction is required for triggering this vulnerability. | ||||
| CVE-2026-22585 | 1 Salesforce | 1 Marketing Cloud Engagement | 2026-02-26 | 9.8 Critical |
| Use of a Broken or Risky Cryptographic Algorithm vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026. | ||||
| CVE-2023-50781 | 2 M2crypto Project, Redhat | 5 M2crypto, Enterprise Linux, Rhev Hypervisor and 2 more | 2026-02-25 | 7.5 High |
| A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. | ||||
| CVE-2023-50782 | 3 Couchbase, Cryptography.io, Redhat | 7 Couchbase Server, Cryptography, Ansible Automation Platform and 4 more | 2026-02-25 | 7.5 High |
| A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. | ||||
| CVE-2026-26219 | 2 Newbee-ltd, Newbee-mall Project | 2 Newbee-mall, Newbee-mall | 2026-02-25 | 9.1 Critical |
| newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure, backup leakage, or other compromise vectors to rapidly recover plaintext credentials via offline attacks. | ||||
| CVE-2022-1252 | 1 Sir | 1 Gnuboard | 2026-02-24 | 8.2 High |
| Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the 'Let others see my information.' box is ticked off. Or to send emails to any email address, with full control of its contents | ||||