ReportizFlow
Filtered by vendor
Subscriptions
Total
680 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-13476 | 2 Rakuten, Rakuten Viber | 3 Viber, Rakuten Viber Cloak - Android, Rakuten Viber Cloak - Windows | 2026-03-10 | 9.8 Critical |
| Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension diversity, allowing Deep Packet Inspection (DPI) systems to trivially identify and block proxy traffic, undermining censorship circumvention. (CWE-327) | ||||
| CVE-2025-14175 | 1 Tp-link | 3 Tl-wr802n, Tl-wr820n, Tl-wr820n Firmware | 2026-03-08 | 6.5 Medium |
| A vulnerability in the SSH server of TP-Link TL-WR820N v2.80 allows the use of a weak cryptographic algorithm, enabling an adjacent attacker to intercept and decrypt SSH traffic. Exploitation may expose sensitive information and compromise confidentiality. | ||||
| CVE-2025-66597 | 1 Yokogawa | 2 Fast/tools, Fast\/tools | 2026-03-06 | 7.5 High |
| A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product supports weak cryptographic algorithms, potentially allowing an attacker to decrypt communications with the web server. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04 | ||||
| CVE-2025-66598 | 1 Yokogawa | 2 Fast/tools, Fast\/tools | 2026-03-06 | 7.5 High |
| A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product supports old SSL/TLS versions, potentially allowing an attacker to decrypt communications with the web server. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04 | ||||
| CVE-2024-43178 | 2 Ibm, Linux | 2 Concert, Linux Kernel | 2026-03-06 | 5.9 Medium |
| IBM Concert 1.0.0 through 2.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | ||||
| CVE-2025-14480 | 1 Ibm | 1 Aspera Faspio Gateway | 2026-03-06 | 5.1 Medium |
| IBM Aspera faspio Gateway 1.3.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information | ||||
| CVE-2025-14456 | 1 Ibm | 1 Mq Appliance | 2026-03-06 | 5.9 Medium |
| IBM MQ Appliance 9.4 CD through 9.4.4.0 to 9.4.4.1 | ||||
| CVE-2025-63912 | 1 Cohesity | 2 Tranzman, Tranzman Migration Appliance | 2026-03-05 | 7.5 High |
| Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to use a weak cryptography algorithm for data encryption, allowing attackers to trivially reverse the encyption and expose credentials. | ||||
| CVE-2025-62514 | 2 Parsec.cloud, Scille | 2 Parsec, Parsec-cloud | 2026-03-02 | 8.3 High |
| Parsec is a cloud-based application for cryptographically secure file sharing. In versions on the 3.x branch prior to 3.6.0, `libparsec_crypto`, a component of the Parsec application, does not check for weak order point of Curve25519 when compiled with its RustCrypto backend. In practice this means an attacker in a man-in-the-middle position would be able to provide weak order points to both parties in the Diffie-Hellman exchange, resulting in a high probability to for both parties to obtain the same shared key (hence leading to a successful SAS code exchange, misleading both parties into thinking no MITM has occurred) which is also known by the attacker. Note only Parsec web is impacted (as Parsec desktop uses `libparsec_crypto` with the libsodium backend). Version 3.6.0 of Parsec patches the issue. | ||||
| CVE-2025-69929 | 1 N3uron | 1 Web User Interface | 2026-02-27 | 9.8 Critical |
| An issue in N3uron Web User Interface v.1.21.7-240207.1047 allows a remote attacker to escalate privileges via the password hashing on the client side using the MD5 algorithm over a predictable string format | ||||
| CVE-2024-45643 | 2 Ibm, Linux | 2 Security Qradar Edr, Linux Kernel | 2026-02-26 | 5.9 Medium |
| IBM Security QRadar 3.12 EDR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive credential information. | ||||
| CVE-2025-55112 | 1 Bmc | 2 Control-m/agent, Control-m\/agent | 2026-02-26 | 7.4 High |
| Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 (and potentially earlier unsupported versions) that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between the Control-M/Agent and Server. | ||||
| CVE-2025-21062 | 1 Samsung | 1 Smart Switch | 2026-02-26 | 7.8 High |
| Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.67.2 allows local attackers to replace the restoring application. User interaction is required for triggering this vulnerability. | ||||
| CVE-2022-1252 | 1 Sir | 1 Gnuboard | 2026-02-24 | 8.2 High |
| Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the 'Let others see my information.' box is ticked off. Or to send emails to any email address, with full control of its contents | ||||
| CVE-2021-40006 | 1 Huawei | 1 Harmonyos | 2026-02-24 | 4.6 Medium |
| Vulnerability of design defects in the security algorithm component. Successful exploitation of this vulnerability may affect confidentiality. | ||||
| CVE-2025-14636 | 1 Tenda | 2 Ax9, Ax9 Firmware | 2026-02-24 | 3.7 Low |
| A security flaw has been discovered in Tenda AX9 22.03.01.46. This affects the function image_check of the component httpd. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2020-1596 | 1 Microsoft | 19 Windows 10, Windows 10 1507, Windows 10 1607 and 16 more | 2026-02-23 | 5.4 Medium |
| <p>A information disclosure vulnerability exists when TLS components use weak hash algorithms. An attacker who successfully exploited this vulnerability could obtain information to further compromise a users's encrypted transmission channel.</p> <p>To exploit the vulnerability, an attacker would have to conduct a man-in-the-middle attack.</p> <p>The update addresses the vulnerability by correcting how TLS components use hash algorithms.</p> | ||||
| CVE-2022-34444 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | 5.9 Medium |
| Dell PowerScale OneFS, versions 9.2.0.x through 9.4.0.x contain an information vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to cause data leak. | ||||
| CVE-2024-25968 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | 5.9 Medium |
| Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains a use of a broken or risky cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure. | ||||
| CVE-2024-25963 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | 5.9 Medium |
| Dell PowerScale OneFS, versions 8.2.2.x through 9.5.0.x contains a use of a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure. | ||||