Total
625 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-52026 | 1 Aptsys | 1 Gemscms Backend | 2026-02-12 | N/A | 7.5 HIGH |
| An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. As MD5 is a broken cryptographic function, the hashes can be easily reversed using public tools, exposing user credentials in plaintext. This allows remote attackers to perform unauthorized logins and potentially gain access to sensitive POS operations or backend functions. | |||||
| CVE-2026-22585 | 1 Salesforce | 1 Marketing Cloud Engagement | 2026-02-12 | N/A | 9.8 CRITICAL |
| Use of a Broken or Risky Cryptographic Algorithm vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026. | |||||
| CVE-2025-58743 | 2 Microsoft, Milner | 2 Windows, Imagedirector Capture | 2026-02-10 | N/A | 7.5 HIGH |
| Use of a Broken or Risky Cryptographic Algorithm (DES) vulnerability in the Password class in C2SConnections.dll in Milner ImageDirector Capture on Windows allows Encryption Brute Forcing to obtain database credentials.This issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808. | |||||
| CVE-2025-27458 | 1 Endress | 2 Meac300-fnade4, Meac300-fnade4 Firmware | 2026-02-06 | N/A | 6.5 MEDIUM |
| The VNC authentication mechanism bases on a challenge-response system where both server and client use the same password for encryption. The challenge is sent from the server to the client, is encrypted by the client and sent back. The server does the same encryption locally and if the responses match it is prooven that the client knows the correct password. Since all VNC communication is unencrypted, an attacker can obtain the challenge and response and try to derive the password from this information. | |||||
| CVE-2025-49196 | 1 Sick | 1 Field Analytics | 2026-01-26 | N/A | 6.5 MEDIUM |
| A service supports the use of a deprecated and unsafe TLS version. This could be exploited to expose sensitive information, modify data in unexpected ways or spoof identities of other users or devices, affecting the confidentiality and integrity of the device. | |||||
| CVE-2026-21907 | 1 Juniper | 1 Junos Space | 2026-01-23 | N/A | 5.9 MEDIUM |
| A Use of a Broken or Risky Cryptographic Algorithm vulnerability in the TLS/SSL server of Juniper Networks Junos Space allows the use of static key ciphers (ssl-static-key-ciphers), reducing the confidentiality of on-path traffic communicated across the connection. These ciphers also do not support Perfect Forward Secrecy (PFS), affecting the long-term confidentiality of encrypted communications.This issue affects all versions of Junos Space before 24.1R5. | |||||
| CVE-2025-68931 | 1 Samrocketman | 1 Jervis | 2026-01-20 | N/A | 7.5 HIGH |
| Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. This vulnerability is fixed in 2.2. | |||||
| CVE-2025-68702 | 1 Samrocketman | 1 Jervis | 2026-01-20 | N/A | 7.5 HIGH |
| Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses padLeft(32, '0') when it should use padLeft(64, '0') because SHA-256 produces 32 bytes which equates to 64 hex characters. This vulnerability is fixed in 2.2. | |||||
| CVE-2025-68701 | 1 Samrocketman | 1 Jervis | 2026-01-20 | N/A | 7.5 HIGH |
| Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphrase. This vulnerability is fixed in 2.2. | |||||
| CVE-2025-68698 | 1 Samrocketman | 1 Jervis | 2026-01-20 | N/A | 7.5 HIGH |
| Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses PKCS1Encoding which is vulnerable to Bleichenbacher padding oracle attacks. Modern systems should use OAEP (Optimal Asymmetric Encryption Padding). This vulnerability is fixed in 2.2. | |||||
| CVE-2026-20833 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2026-01-15 | N/A | 5.5 MEDIUM |
| Use of a broken or risky cryptographic algorithm in Windows Kerberos allows an authorized attacker to disclose information locally. | |||||
| CVE-2024-39583 | 1 Dell | 1 Insightiq | 2025-12-31 | N/A | 8.1 HIGH |
| Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges. | |||||
| CVE-2025-65831 | 1 Meatmeet | 1 Meatmeet | 2025-12-30 | N/A | 7.5 HIGH |
| The application uses an insecure hashing algorithm (MD5) to hash passwords. If an attacker obtained a copy of these hashes, either through exploiting cloud services, performing TLS downgrade attacks on the traffic from a mobile device, or through another means, they may be able to crack the hash in a reasonable amount of time and gain unauthorized access to the victim's account. | |||||
| CVE-2021-47712 | 1 Kentico | 1 Xperience | 2025-12-24 | N/A | 7.5 HIGH |
| A cryptography vulnerability in Kentico Xperience allows attackers to potentially manipulate URL hash values through existing hashing mechanisms. The hotfix introduces an additional security layer to prevent hash value reuse and potential exploitation. | |||||
| CVE-2025-14762 | 2025-12-18 | N/A | 5.3 MEDIUM | ||
| Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade AWS SDK for Ruby to version 1.208.0 or later. | |||||
| CVE-2025-14764 | 2025-12-18 | N/A | 5.3 MEDIUM | ||
| Missing cryptographic key commitment in the Amazon S3 Encryption Client for Go may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade Amazon S3 Encryption Client for Go to version 4.0 or later. | |||||
| CVE-2025-14760 | 2025-12-18 | N/A | 5.3 MEDIUM | ||
| Missing cryptographic key commitment in the AWS SDK for C++ may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade AWS SDK for C++ to version 1.11.712 or later | |||||
| CVE-2025-14761 | 2025-12-18 | N/A | 5.3 MEDIUM | ||
| Missing cryptographic key commitment in the AWS SDK for PHP may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade AWS SDK for PHP to version 3.368.0 or later | |||||
| CVE-2025-14759 | 2025-12-18 | N/A | 5.3 MEDIUM | ||
| Missing cryptographic key commitment in the Amazon S3 Encryption Client for .NET may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade Amazon S3 Encryption Client for .NET to version 3.2.0 or later. | |||||
| CVE-2025-14763 | 2025-12-18 | N/A | 5.3 MEDIUM | ||
| Missing cryptographic key commitment in the Amazon S3 Encryption Client for Java may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade Amazon S3 Encryption Client for Java to version 4.0.0 or later. | |||||