Total
2500 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-8205 | 1 Comodo | 1 Dragon | 2025-07-31 | 3.7 Low |
| A vulnerability, which was classified as problematic, has been found in Comodo Dragon up to 134.0.6998.179. Affected by this issue is some unknown functionality of the component IP DNS Leakage Detector. The manipulation leads to cleartext transmission of sensitive information. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-7215 | 1 Fnkvision | 1 Fnk-gu2 | 2025-07-13 | 1.6 Low |
| A vulnerability, which was classified as problematic, has been found in FNKvision FNK-GU2 up to 40.1.7. Affected by this issue is some unknown functionality of the file /rom/wpa_supplicant.conf. The manipulation leads to cleartext storage of sensitive information. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7214 | 1 Fnkvision | 1 Fnk-gu2 | 2025-07-13 | 1.6 Low |
| A vulnerability classified as problematic was found in FNKvision FNK-GU2 up to 40.1.7. Affected by this vulnerability is an unknown functionality of the file /etc/shadow of the component MD5. The manipulation leads to risky cryptographic algorithm. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2012-4687 | 1 Postoaktraffic | 1 Awam Bluetooth Reader | 2025-07-09 | N/A |
| Post Oak AWAM Bluetooth Reader Traffic System does not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof a device by predicting a key value. | ||||
| CVE-2012-4898 | 1 Tropos | 9 1310 Distrubution Automation Mesh Router, 1410 Mesh Router, 1410 Wireless Mesh Router and 6 more | 2025-07-09 | N/A |
| Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere. | ||||
| CVE-2012-5862 | 1 Sinapsitech | 4 Esolar Duo Photovoltaic System Monitor, Esolar Light Photovoltaic System Monitor, Esolar Photovoltaic System Monitor and 1 more | 2025-07-08 | N/A |
| These Sinapsi devices store hard-coded passwords in the PHP file of the device. By using the hard-coded passwords in the device, attackers can log into the device with administrative privileges. This could allow the attacker to have unauthorized access. | ||||
| CVE-2025-5136 | 1 Project Team | 1 Tmall Demo | 2025-06-19 | 3.7 Low |
| A vulnerability, which was classified as problematic, was found in Tmall Demo up to 20250505. This affects an unknown part of the file /tmall/order/pay/ of the component Payment Identifier Handler. The manipulation leads to insufficiently random values. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-33037 | 1 Qualcomm | 166 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 163 more | 2025-06-17 | 7.1 High |
| Cryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB data. | ||||
| CVE-2025-4894 | 1 Calmkart | 1 Django-sso-server | 2025-06-05 | 3.7 Low |
| A vulnerability classified as problematic was found in calmkart Django-sso-server up to 057247929a94ffc358788a37ab99e391379a4d15. This vulnerability affects the function gen_rsa_keys of the file common/crypto.py. The manipulation leads to inadequate encryption strength. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | ||||
| CVE-2016-1000352 | 2 Bouncycastle, Redhat | 4 Bc-java, Jboss Fuse, Satellite and 1 more | 2025-05-12 | N/A |
| In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider. | ||||
| CVE-2016-1000339 | 3 Bouncycastle, Debian, Redhat | 5 Bc-java, Debian Linux, Jboss Fuse and 2 more | 2025-05-12 | N/A |
| In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak information on the AES key being used. There was also a leak in AESEngine although it was substantially less. AESEngine has been modified to remove any signs of leakage (testing carried out on Intel X86-64) and is now the primary AES class for the BC JCE provider from 1.56. Use of AESFastEngine is now only recommended where otherwise deemed appropriate. | ||||
| CVE-2016-1000344 | 2 Bouncycastle, Redhat | 4 Bc-java, Jboss Fuse, Satellite and 1 more | 2025-05-12 | N/A |
| In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider. | ||||
| CVE-2016-1000343 | 3 Bouncycastle, Debian, Redhat | 5 Bc-java, Debian Linux, Jboss Fuse and 2 more | 2025-05-12 | N/A |
| In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size. In earlier releases this can be dealt with by explicitly passing parameters to the key pair generator. | ||||
| CVE-2013-1624 | 2 Bouncycastle, Redhat | 8 Bc-java, Legion-of-the-bouncy-castle-c\#-cryptography-api, Jboss Amq and 5 more | 2025-05-12 | N/A |
| The TLS implementation in the Bouncy Castle Java library before 1.48 and C# library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. | ||||
| CVE-2024-20690 | 1 Microsoft | 6 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 3 more | 2025-05-03 | 6.5 Medium |
| Windows Nearby Sharing Spoofing Vulnerability | ||||
| CVE-2024-26228 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-05-03 | 7.8 High |
| Windows Cryptographic Services Security Feature Bypass Vulnerability | ||||
| CVE-2022-32222 | 2 Nodejs, Siemens | 2 Node.js, Sinec Ins | 2025-04-30 | 5.3 Medium |
| A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3. | ||||
| CVE-2023-23919 | 2 Nodejs, Redhat | 2 Node.js, Enterprise Linux | 2025-04-30 | 7.5 High |
| A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service. | ||||
| CVE-2016-6329 | 1 Openvpn | 1 Openvpn | 2025-04-20 | N/A |
| OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack. | ||||
| CVE-2015-9107 | 1 Zohocorp | 1 Manageengine Opmanager | 2025-04-20 | N/A |
| Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices. The implemented algorithm doesn't use a per-system key or even a salt; therefore, it's possible to create a universal decryptor. | ||||