Search Results (450 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-1697 1 Vtun Project 1 Vtun 2026-04-16 7.5 High
Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak encryption algorithm that produces the same ciphertext from the same plaintext blocks, which could allow remote attackers to gain sensitive information.
CVE-2002-1682 1 Daansystems 1 Newsreactor 2026-04-16 5.5 Medium
NewsReactor 1.0 uses a weak encryption scheme, which could allow local users to decrypt the passwords and gain access to other users' newsgroup accounts.
CVE-2005-0366 1 Gnupg 1 Gnupg 2026-04-16 N/A
The integrity check feature in OpenPGP, when handling a message that was encrypted using cipher feedback (CFB) mode, allows remote attackers to recover part of the plaintext via a chosen-ciphertext attack when the first 2 bytes of a message block are known, and an oracle or other mechanism is available to determine whether an integrity check failed.
CVE-2005-2281 1 Juvare 1 Webeoc 2026-04-16 7.5 High
WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which makes it easier for attackers to crack passwords.
CVE-2002-1946 1 Tata 1 Integrated Dialer 2026-04-16 5.5 Medium
Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software 1.2.000, when the "Save Password" option is used, stores the password with a weak encryption scheme (one-to-one mapping) in a registry key, which allows local users to obtain and decrypt the password.
CVE-2001-1546 1 Mckesson 1 Pathways Homecare 2026-04-16 7.8 High
Pathways Homecare 6.5 uses weak encryption for user names and passwords, which allows local users to gain privileges by recovering the passwords from the pwhc.ini file.
CVE-2002-1910 1 Click-2 1 Ingenium Learning Management System 2026-04-16 7.5 High
Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak encryption for passwords (reversible algorithm), which allows attackers to obtain passwords.
CVE-2002-1975 1 Sharp 4 Zaurus Sl-5000d, Zaurus Sl-5000d Firmware, Zaurus Sl-5500 and 1 more 2026-04-16 5.5 Medium
Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt the screen-locking password as stored in the Security.conf file, which makes it easier for local users to guess the password via brute force methods.
CVE-2002-1872 1 Microsoft 1 Sql Server 2026-04-16 7.5 High
Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.
CVE-2004-2172 1 Netsourcecommerce 1 Productcart 2026-04-16 7.5 High
EarlyImpact ProductCart uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via a chosen plaintext attack.
CVE-2002-1739 1 Mdaemon 1 Mdaemon 2026-04-16 5.5 Medium
Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption algorithm to store user passwords, which allows local users to crack passwords.
CVE-2024-21881 1 Enphase 1 Envoy 2026-04-15 N/A
Inadequate Encryption Strength vulnerability allow an authenticated attacker to execute arbitrary OS Commands via encrypted package upload.This issue affects Envoy: 4.x and 5.x
CVE-2025-22446 2026-04-15 4.6 Medium
Inadequate encryption strength for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent access.
CVE-2023-6728 2026-04-15 3.3 Low
Nokia SR OS bof.cfg file encryption is vulnerable to a brute force attack. This weakness allows an attacker in possession of the encrypted file to decrypt the bof.cfg file and obtain the BOF configuration content.
CVE-2024-23580 1 Hcl Software 1 Dryice Optibot Reset Station 2026-04-15 6.5 Medium
HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of One-Time Passwords (OTPs). This could allow an attacker with access to the database to recover some or all encrypted values.
CVE-2024-30119 1 Hcl Software 1 Dryice Optibot Reset Station 2026-04-15 3.7 Low
HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header.  This could allow an attacker to intercept or manipulate data during redirection.
CVE-2024-23579 1 Hcl Software 1 Dryice Optibot Reset Station 2026-04-15 6.5 Medium
HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of security questions. This could allow an attacker with access to the database to recover some or all encrypted values.
CVE-2025-46833 2026-04-15 N/A
Programs/P73_SimplePythonEncryption.py illustrates a simple Python encryption example using the RSA Algorithm. In versions prior to commit 6ce60b1, an attacker may be able to decrypt the data using brute force attacks and because of this the whole application can be impacted. This issue has been patched in commit 6ce60b1. A workaround involves increasing the key size, for RSA or DSA this is at least 2048 bits, for ECC this is at least 256 bits.
CVE-2025-2516 1 Kingsoft 1 Wps Office 2026-04-15 N/A
The use of a weak cryptographic key pair in the signature verification process in WPS Office (Kingsoft) on Windows allows an attacker who successfully recovered the private key to sign components. As older versions of WPS Office did not validate the update server's certificate, an Adversary-In-The-Middle attack was possible allowing updates to be hijacked.
CVE-2025-9513 1 Editso 1 Fuso 2026-04-15 3.7 Low
A flaw has been found in editso fuso up to 1.0.4-beta.7. This affects the function PenetrateRsaAndAesHandshake of the file src/net/penetrate/handshake/mod.rs. This manipulation of the argument priv_key causes inadequate encryption strength. Remote exploitation of the attack is possible. A high degree of complexity is needed for the attack. The exploitability is reported as difficult.