CVE Daily
← All tags

Tag: Cryptographic Weakness

All CVEs associated with "Cryptographic Weakness". Page 1/1 • 19 CVEs.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-08-08
High

CVE-2025-8393

A TLS vulnerability exists in the phone application used to manage a connected device. The phone application accepts self-signed certificates when establishing TLS communication which may result in…

CVSS: 7.3 CWE: CWE-295
Read more
2025-08-07
Critical

CVE-2025-45765

ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is "keysize is not something that is enforced by this library. Currently more recent versions of Open…

CVSS: 9.1 CWE: CWE-326
Read more
2025-08-06
High

CVE-2025-45766

poco v1.14.1-release was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This di…

CVSS: 7.0 CWE: CWE-327
Read more
Low

CVE-2025-45764

jsrsasign v11.1.0 was discovered to contain weak encryption. NOTE: this issue has been disputed by a third party who believes that CVE IDs can be assigned for key lengths in specific applications tha…

CVSS: 3.2 CWE: CWE-326
Read more
2025-08-01
High

CVE-2025-8476

Alpine iLX-507 TIDAL Improper Certificate Validation Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices.…

CVSS: 8.0 CWE: CWE-295
Read more
High

CVE-2025-45767

jose v6.0.10 was discovered to contain weak encryption. NOTE: this is disputed by a third party because the claim of "do not meet recommended security standards" does not reflect guidance in a final…

CVSS: 7.0 CWE: CWE-327
Read more
2025-07-31
High

CVE-2025-45768

pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses the library (admittedly, library users ma…

CVSS: 7.0 CWE: CWE-311
Read more
High

CVE-2025-45770

jwt v5.4.3 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is s…

CVSS: 7.0 CWE: CWE-326
Read more
High

CVE-2025-45769

php-jwt v6.11.0 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute…

CVSS: 7.3 CWE: CWE-326
Read more
2025-07-24
Medium

CVE-2025-36005

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could…

CVSS: 5.9 CWE: CWE-295
Read more
2025-07-10
High

CVE-2025-46788

Improper certificate validation in Zoom Workplace for Linux before version 6.4.13 may allow an unauthorized user to conduct an information disclosure via network access.

CVSS: 7.4 CWE: CWE-295
Read more
2025-07-08
Medium

CVE-2025-48802

Improper certificate validation in Windows SMB allows an authorized attacker to perform spoofing over a network.

CVSS: 6.5 CWE: CWE-295
Read more
2025-07-06
Low

CVE-2025-7095

A vulnerability classified as critical has been found in Comodo Internet Security Premium 12.3.4.8162. This affects an unknown part of the component Update Handler. The manipulation leads to improper…

CVSS: 3.7 CWE: CWE-287
Read more
2025-06-10
Medium

CVE-2025-24471

An Improper Certificate Validation vulnerability [CWE-295] in FortiOS version 7.6.1 and below, version 7.4.7 and below may allow an EAP verified remote user to connect from FortiClient via revoked ce…

CVSS: 6.5 CWE: CWE-295
Read more
2025-04-17
Low

CVE-2025-26478

Dell ECS version 3.8.1.4 and prior contain an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, lea…

CVSS: 3.1 CWE: CWE-295
Read more
2025-03-14
Medium

CVE-2023-48785

An improper certificate validation vulnerability [CWE-295] in FortiNAC-F version 7.2.4 and below may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS com…

CVSS: 4.8 CWE: CWE-295
Read more
Medium

CVE-2024-40590

An improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager d…

CVSS: 4.8 CWE: CWE-295
Read more
2024-05-03
High

CVE-2023-35721

NETGEAR Multiple Routers curl_post Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded…

CVSS: 8.8 CWE: CWE-295
Read more
2022-03-08
Medium

CVE-2021-37209

A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.8), RUGGEDCOM i801 (All versions < V4.3.8), RUGGEDCOM i802 (All versions < V4.3.8), RUGGEDCOM i803 (All versions < V4.3.8),…

CVSS: 6.7 CWE: CWE-326
Read more