VYPR

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

ClassDraftLikelihood: High

Description

The product uses a broken or risky cryptographic algorithm or protocol.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-20 · CAPEC-459 · CAPEC-473 · CAPEC-475 · CAPEC-608 · CAPEC-614 · CAPEC-97

CVEs mapped to this weakness (257)

page 9 of 13
  • CVE-2026-10804LowJun 4, 2026
    risk 0.16cvss 3.6epss 0.00

    A vulnerability has been found in Streamlit up to 1.53.0. Impacted is an unknown function in the library lib/streamlit/runtime/caching/hashing.py of the component Palette Handler. Such manipulation leads to use of weak hash. Local access is required to approach this attack. The…

  • CVE-2026-10803LowJun 4, 2026
    risk 0.16cvss 3.6epss 0.00

    A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digest_utils of the file mlflow/data/digest_utils.py of the component Dataset Digest Computation. This manipulation causes use of weak hash. It is possible to launch the attack on the local…

  • CVE-2026-10801LowJun 4, 2026
    risk 0.16cvss 3.6epss 0.00

    A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template._save_pil_image of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be…

  • CVE-2026-10800LowJun 4, 2026
    risk 0.16cvss 3.6epss 0.00

    A weakness has been identified in PaddlePaddle FastDeploy up to 2.4.1. Affected by this issue is the function hash_features of the file fastdeploy/multimodal/hasher.py of the component MultimodalHasher. Executing a manipulation can lead to use of weak hash. The attack requires…

  • CVE-2026-10766LowJun 3, 2026
    risk 0.16cvss 3.6epss 0.00

    A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculate_dataframe_hash of the file mlrun/utils/helpers.py of the component DataFrame Hash Handler. The manipulation leads to use of weak hash. The attack can only be…

  • CVE-2025-9383LowAug 24, 2025
    risk 0.16cvss 2.5epss 0.00

    A security vulnerability has been detected in FNKvision Y215 CCTV Camera 10.194.120.40. This issue affects the function crypt of the file /etc/passwd. The manipulation leads to use of weak hash. The attack can only be performed from a local environment. The complexity of an…

  • CVE-2024-55539LowDec 23, 2024
    risk 0.16cvss 2.5epss 0.00

    Weak algorithm used to sign RPM package. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux) before build 39185, Acronis Cyber Protect 16 (Linux) before build 39938.

  • CVE-2026-44405LowMay 6, 2026
    risk 0.15cvss 3.4epss 0.00

    In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm.

  • CVE-2025-2545LowMay 5, 2025
    risk 0.15cvss epss 0.00

    Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES (3DES) cryptographic algorithm is used to protect emails sent with S/MIME encryption. Triple DES is considered obsolete and insecure due to its susceptibility to birthday…

  • CVE-2025-2920LowMar 28, 2025
    risk 0.13cvss 2.0epss 0.00

    A vulnerability was found in Netis WF-2404 1.1.124EN. It has been rated as problematic. This issue affects some unknown processing of the file /еtc/passwd. The manipulation leads to use of weak hash. It is possible to launch the attack on the physical device. The complexity of…

  • CVE-2025-11650LowOct 12, 2025
    risk 0.12cvss 1.8epss 0.00

    A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file /etc/shadow of the component Password Handler. Executing manipulation can lead to use of weak hash. The physical device can be targeted for the attack. The…

  • CVE-2025-7214LowJul 9, 2025
    risk 0.10cvss 1.6epss 0.00

    A vulnerability classified as problematic was found in FNKvision FNK-GU2 up to 40.1.7. Affected by this vulnerability is an unknown functionality of the file /etc/shadow of the component MD5. The manipulation leads to risky cryptographic algorithm. It is possible to launch the…

  • CVE-2026-11481LowJun 8, 2026
    risk 0.09cvss 2.5epss 0.00

    A vulnerability was determined in yoanbernabeu grepai up to 0.35.0. The affected element is the function PostgresStore.LookupByContentHash of the file indexer/chunker.go of the component Postgres Embedding Cache. Executing a manipulation of the argument content_hash can lead to…

  • CVE-2026-10783LowJun 4, 2026
    risk 0.09cvss 2.5epss 0.00

    A security flaw has been discovered in gradio-app gradio 6.14.0. This affects the function save_audio_to_cache of the component Audio Cache Key Handler. Performing a manipulation results in use of weak hash. The attack must be initiated from a local position. The attack is…

  • CVE-1999-0007Jun 26, 1998
    risk 0.01cvss epss 0.08

    Information from SSL-encrypted sessions via PKCS #1.

  • CVE-2026-54780lowJun 19, 2026
    risk 0.00cvss epss

    ### Impact CoreWCF’s WS-Security 1.0 receive pipeline validates the `SignatureMethod` of an incoming `ds:SignedInfo` against the configured `SecurityAlgorithmSuite`, but does not validate the `DigestMethod` declared on each `ds:Reference`. As a result, a sender can populate…

  • CVE-2026-33512Mar 23, 2026
    risk 0.00cvss epss 0.00

    WWBN AVideo is an open source video platform. In versions up to and including 26.0, the API plugin exposes a `decryptString` action without any authentication. Anyone can submit ciphertext and receive plaintext. Ciphertext is issued publicly (e.g., `view/url2Embed.json.php`), so…

  • CVE-2026-28490Mar 16, 2026
    risk 0.00cvss epss 0.00

    Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encryption (JWE) RSA1_5 key management…

  • CVE-2026-31839Mar 11, 2026
    risk 0.00cvss epss 0.00

    Striae is a firearms examiner's comparison companion. A high-severity integrity bypass vulnerability existed in Striae's digital confirmation workflow prior to v3.0.0. Hash-only validation trusted manifest hash fields that could be modified together with package content,…

  • CVE-2026-28479Mar 5, 2026
    risk 0.00cvss epss 0.00

    OpenClaw versions prior to 2026.2.15 use SHA-1 to hash sandbox identifier cache keys for Docker and browser sandbox configurations, which is deprecated and vulnerable to collision attacks. An attacker can exploit SHA-1 collisions to cause cache poisoning, allowing one sandbox…