VYPR

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

ClassDraftLikelihood: High

Description

The product uses a broken or risky cryptographic algorithm or protocol.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-20 · CAPEC-459 · CAPEC-473 · CAPEC-475 · CAPEC-608 · CAPEC-614 · CAPEC-97

CVEs mapped to this weakness (257)

page 8 of 13
  • CVE-2025-14759MedDec 17, 2025
    risk 0.27cvss 5.3epss 0.00

    Missing cryptographic key commitment in the Amazon S3 Encryption Client for .NET may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's…

  • CVE-2025-26708MedMar 7, 2025
    risk 0.27cvss 4.2epss 0.00

    There is a configuration defect vulnerability in ZTELink 5.4.9 for iOS. This vulnerability is caused by a flaw in the WiFi parameter configuration of the ZTELink. An attacker can obtain unauthorized access to the WiFi service.

  • CVE-2024-52801MedNov 29, 2024
    risk 0.27cvss epss 0.00

    sftpgo is a full-featured and highly configurable event-driven file transfer solution. Server protocols: SFTP, HTTP/S, FTP/S, WebDAV. The OpenID Connect implementation allows authenticated users to brute force session cookies and thereby gain access to other users' data, since…

  • CVE-2024-34914MedMay 14, 2024
    risk 0.27cvss 5.3epss 0.00

    php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a weak hashing algorithm for its remember_key value. This allows attackers to bruteforce to bruteforce the remember_key value to gain access to accounts that have checked "remember me" when logging in.

  • CVE-2026-8803LowMay 18, 2026
    risk 0.24cvss 3.7epss 0.00

    A flaw has been found in opensourcepos Open Source Point of Sale up to 3.4.2. Impacted is the function Login of the file app/Models/Employee.php of the component Employee Login. This manipulation causes use of weak hash. Remote exploitation of the attack is possible. The attack…

  • CVE-2026-7103LowApr 27, 2026
    risk 0.24cvss 3.7epss 0.00

    A vulnerability was determined in code-projects Chat System 1.0. Affected is an unknown function of the file update_user.php of the component MD5 Hash Handler. This manipulation of the argument Password causes use of weak hash. The attack is possible to be carried out remotely.…

  • CVE-2026-5682LowApr 6, 2026
    risk 0.24cvss 3.7epss 0.00

    A vulnerability has been found in Meesho Online Shopping App up to 27.3 on Android. Affected is an unknown function of the file /api/endpoint of the component com.meesho.supply. Such manipulation leads to risky cryptographic algorithm. The attack may be performed from remote.…

  • CVE-2026-2618LowFeb 17, 2026
    risk 0.24cvss 3.7epss 0.00

    A vulnerability was determined in Beetel 777VR1 up to 01.00.09. This impacts an unknown function of the component SSH Service. This manipulation causes risky cryptographic algorithm. The attack is possible to be carried out remotely. The attack is considered to have high…

  • CVE-2025-14636LowDec 13, 2025
    risk 0.24cvss 3.7epss 0.00

    A security flaw has been discovered in Tenda AX9 22.03.01.46. This affects the function image_check of the component httpd. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is…

  • CVE-2025-9828LowSep 2, 2025
    risk 0.24cvss 3.7epss 0.00

    A vulnerability was determined in Tenda CP6 11.10.00.243. The affected element is the function sub_2B7D04 of the component uhttp. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launched remotely. This attack is characterized by high…

  • CVE-2025-46371LowMay 22, 2026
    risk 0.23cvss 3.6epss 0.00

    Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the ssh. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass.

  • CVE-2020-24588LowMay 11, 2021
    risk 0.23cvss 3.5epss 0.04

    The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is…

  • CVE-2026-10814MedJun 4, 2026
    risk 0.22cvss 4.5epss 0.00

    A vulnerability has been found in milvus-io milvus up to 2.6.13. This vulnerability affects unknown code of the file internal/metastore/kv/rootcoord/kv_catalog.go of the component Grantee ID Hash Handler. The manipulation leads to use of weak hash. The attack needs to be…

  • CVE-2026-11479MedJun 8, 2026
    risk 0.20cvss 4.2epss 0.00

    A vulnerability has been found in yoanbernabeu grepai 0.35.0. This issue affects some unknown processing of the file indexer/chunker.go of the component Qdrant Backend. Such manipulation leads to use of weak hash. The attack may be performed from remote. Attacks of this nature…

  • CVE-2025-8260LowJul 28, 2025
    risk 0.20cvss 3.1epss 0.00

    A security flaw has been discovered in Vaelsys VaelsysV4 up to 5.1.0/5.4.0. This affects an unknown part of the file /grid/vgrid_server.php of the component Web interface. Performing a manipulation of the argument xajaxargs results in use of weak hash. The attack is possible to…

  • CVE-2026-7845LowMay 5, 2026
    risk 0.17cvss 2.6epss 0.00

    A flaw has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. This issue affects the function PIL.Image.tobytes of the file libs/chatchat-server/chatchat/webui_pages/dialogue/dialogue.py of the component Vision Chat Paste Image Handler. This manipulation of the…

  • CVE-2026-11330LowJun 5, 2026
    risk 0.16cvss 3.6epss 0.00

    A weakness has been identified in thedotmack claude-mem up to 11.0.1. The affected element is the function computeObservationContentHash of the file src/services/sqlite/observations/store.ts of the component Observation Content Hash Handler. This manipulation causes use of weak…

  • CVE-2026-11329LowJun 5, 2026
    risk 0.16cvss 3.6epss 0.00

    A vulnerability has been found in onnx onnx-mlir up to 0.5.0.0. Affected by this issue is the function generate_hash_key of the file src/Runtime/python/torch_onnxmlir/src/torch_onnxmlir/backend.py of the component Placeholder Node Cache Handler. Such manipulation leads to use of…

  • CVE-2026-10813LowJun 4, 2026
    risk 0.16cvss 3.6epss 0.00

    A flaw has been found in LMCache up to 0.4.6. This affects the function hex_hash_to_int16 of the file lmcache/integration/vllm/utils.py of the component KV Cache Handler. Executing a manipulation can lead to use of weak hash. The attack needs to be launched locally. The attack…

  • CVE-2026-10812LowJun 4, 2026
    risk 0.16cvss 3.6epss 0.00

    A vulnerability was detected in zilliztech GPTCache up to 0.1.44. Affected by this issue is the function BufferedReader.peek of the file gptcache/processor/pre.py of the component Cache Key Handler. Performing a manipulation of the argument input_data["image"] results in use of…