Search Results (1717 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-23601 2 Arubanetworks, Hpe 19 7010, 7030, 7205 and 16 more 2026-04-16 5.4 Medium
A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of tampered data to specific endpoints, bypassing standard cryptographic separation.
CVE-2001-1546 1 Mckesson 1 Pathways Homecare 2026-04-16 7.8 High
Pathways Homecare 6.5 uses weak encryption for user names and passwords, which allows local users to gain privileges by recovering the passwords from the pwhc.ini file.
CVE-2002-1697 1 Vtun Project 1 Vtun 2026-04-16 7.5 High
Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak encryption algorithm that produces the same ciphertext from the same plaintext blocks, which could allow remote attackers to gain sensitive information.
CVE-2005-2946 2 Canonical, Openssl 2 Ubuntu Linux, Openssl 2026-04-16 7.5 High
The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature.
CVE-2005-0366 1 Gnupg 1 Gnupg 2026-04-16 N/A
The integrity check feature in OpenPGP, when handling a message that was encrypted using cipher feedback (CFB) mode, allows remote attackers to recover part of the plaintext via a chosen-ciphertext attack when the first 2 bytes of a message block are known, and an oracle or other mechanism is available to determine whether an integrity check failed.
CVE-2002-1739 1 Mdaemon 1 Mdaemon 2026-04-16 5.5 Medium
Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption algorithm to store user passwords, which allows local users to crack passwords.
CVE-2002-1682 1 Daansystems 1 Newsreactor 2026-04-16 5.5 Medium
NewsReactor 1.0 uses a weak encryption scheme, which could allow local users to decrypt the passwords and gain access to other users' newsgroup accounts.
CVE-1999-0007 5 C2net, Hp, Microsoft and 2 more 13 Stonghold Web Server, Open Market Secure Webserver, Exchange Server and 10 more 2026-04-16 N/A
Information from SSL-encrypted sessions via PKCS #1.
CVE-2005-2281 1 Juvare 1 Webeoc 2026-04-16 7.5 High
WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which makes it easier for attackers to crack passwords.
CVE-2002-1910 1 Click-2 1 Ingenium Learning Management System 2026-04-16 7.5 High
Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak encryption for passwords (reversible algorithm), which allows attackers to obtain passwords.
CVE-2002-1872 1 Microsoft 1 Sql Server 2026-04-16 7.5 High
Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.
CVE-2002-2058 1 Teekai 1 Tracking Online 2026-04-16 7.5 High
TeeKai Tracking Online 1.0 uses weak encryption of web usage statistics in data/userlog/log.txt, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'.
CVE-2002-1946 1 Tata 1 Integrated Dialer 2026-04-16 5.5 Medium
Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software 1.2.000, when the "Save Password" option is used, stores the password with a weak encryption scheme (one-to-one mapping) in a registry key, which allows local users to obtain and decrypt the password.
CVE-2005-4860 1 Spectrumcu 1 Cash Receipting System 2026-04-16 7.8 High
Spectrum Cash Receipting System before 6.504 uses weak cryptography (static substitution) in the PASSFILE password file, which makes it easier for local users to gain privileges by decrypting a password.
CVE-2004-2172 1 Netsourcecommerce 1 Productcart 2026-04-16 7.5 High
EarlyImpact ProductCart uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via a chosen plaintext attack.
CVE-2002-1975 1 Sharp 4 Zaurus Sl-5000d, Zaurus Sl-5000d Firmware, Zaurus Sl-5500 and 1 more 2026-04-16 5.5 Medium
Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt the screen-locking password as stored in the Security.conf file, which makes it easier for local users to guess the password via brute force methods.
CVE-2026-33266 1 Apache 1 Openmeetings 2026-04-15 7.5 High
Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The remember-me cookie encryption key is set to default value in openmeetings.properties and not being auto-rotated. In case OM admin hasn't changed the default encryption key, an attacker who has stolen a cookie from a logged-in user can get full user credentials. This issue affects Apache OpenMeetings: from 6.1.0 before 9.0.0. Users are recommended to upgrade to version 9.0.0, which fixes the issue.
CVE-2023-5342 1 Redhat 1 Enterprise Linux 2026-04-15 4.1 Medium
The Fedora Secure Boot CA certificate shipped with shim in Fedora was expired which could lead to old or invalid signed boot components being loaded.
CVE-2025-22446 2026-04-15 4.6 Medium
Inadequate encryption strength for some Edge Orchestrator software for Intel(R) Tiberâ„¢ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent access.
CVE-2024-56516 2026-04-15 N/A
free-one-api allows users to access large language model reverse engineering libraries through the standard OpenAI API format. In versions up to and including 1.0.1, MD5 is used to hash passwords before sending them to the backend. MD5 is a cryptographically broken hashing algorithm and is no longer considered secure for password storage or transmission. It is vulnerable to collision attacks and can be easily cracked using modern hardware, exposing user credentials to potential compromise. As of time of publication, a replacement for MD5 has not been committed to the free-one-api GitHub repository.