CWE-327
Use of a Broken or Risky Cryptographic Algorithm
Description
The product uses a broken or risky cryptographic algorithm or protocol.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-20 · CAPEC-459 · CAPEC-473 · CAPEC-475 · CAPEC-608 · CAPEC-614 · CAPEC-97
CVEs mapped to this weakness (257)
page 9 of 13| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-10804 | Low | 0.16 | 3.6 | 0.00 | Jun 4, 2026 | A vulnerability has been found in Streamlit up to 1.53.0. Impacted is an unknown function in the library lib/streamlit/runtime/caching/hashing.py of the component Palette Handler. Such manipulation leads to use of weak hash. Local access is required to approach this attack. The… | ||
| CVE-2026-10803 | Low | 0.16 | 3.6 | 0.00 | Jun 4, 2026 | A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digest_utils of the file mlflow/data/digest_utils.py of the component Dataset Digest Computation. This manipulation causes use of weak hash. It is possible to launch the attack on the local… | ||
| CVE-2026-10801 | Low | 0.16 | 3.6 | 0.00 | Jun 4, 2026 | A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template._save_pil_image of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be… | ||
| CVE-2026-10800 | Low | 0.16 | 3.6 | 0.00 | Jun 4, 2026 | A weakness has been identified in PaddlePaddle FastDeploy up to 2.4.1. Affected by this issue is the function hash_features of the file fastdeploy/multimodal/hasher.py of the component MultimodalHasher. Executing a manipulation can lead to use of weak hash. The attack requires… | ||
| CVE-2026-10766 | Low | 0.16 | 3.6 | 0.00 | Jun 3, 2026 | A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculate_dataframe_hash of the file mlrun/utils/helpers.py of the component DataFrame Hash Handler. The manipulation leads to use of weak hash. The attack can only be… | ||
| CVE-2025-9383 | Low | 0.16 | 2.5 | 0.00 | Aug 24, 2025 | A security vulnerability has been detected in FNKvision Y215 CCTV Camera 10.194.120.40. This issue affects the function crypt of the file /etc/passwd. The manipulation leads to use of weak hash. The attack can only be performed from a local environment. The complexity of an… | ||
| CVE-2024-55539 | Low | 0.16 | 2.5 | 0.00 | Dec 23, 2024 | Weak algorithm used to sign RPM package. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux) before build 39185, Acronis Cyber Protect 16 (Linux) before build 39938. | ||
| CVE-2026-44405 | Low | 0.15 | 3.4 | 0.00 | May 6, 2026 | In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm. | ||
| CVE-2025-2545 | Low | 0.15 | — | 0.00 | May 5, 2025 | Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES (3DES) cryptographic algorithm is used to protect emails sent with S/MIME encryption. Triple DES is considered obsolete and insecure due to its susceptibility to birthday… | ||
| CVE-2025-2920 | Low | 0.13 | 2.0 | 0.00 | Mar 28, 2025 | A vulnerability was found in Netis WF-2404 1.1.124EN. It has been rated as problematic. This issue affects some unknown processing of the file /еtc/passwd. The manipulation leads to use of weak hash. It is possible to launch the attack on the physical device. The complexity of… | ||
| CVE-2025-11650 | Low | 0.12 | 1.8 | 0.00 | Oct 12, 2025 | A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file /etc/shadow of the component Password Handler. Executing manipulation can lead to use of weak hash. The physical device can be targeted for the attack. The… | ||
| CVE-2025-7214 | Low | 0.10 | 1.6 | 0.00 | Jul 9, 2025 | A vulnerability classified as problematic was found in FNKvision FNK-GU2 up to 40.1.7. Affected by this vulnerability is an unknown functionality of the file /etc/shadow of the component MD5. The manipulation leads to risky cryptographic algorithm. It is possible to launch the… | ||
| CVE-2026-11481 | Low | 0.09 | 2.5 | 0.00 | Jun 8, 2026 | A vulnerability was determined in yoanbernabeu grepai up to 0.35.0. The affected element is the function PostgresStore.LookupByContentHash of the file indexer/chunker.go of the component Postgres Embedding Cache. Executing a manipulation of the argument content_hash can lead to… | ||
| CVE-2026-10783 | Low | 0.09 | 2.5 | 0.00 | Jun 4, 2026 | A security flaw has been discovered in gradio-app gradio 6.14.0. This affects the function save_audio_to_cache of the component Audio Cache Key Handler. Performing a manipulation results in use of weak hash. The attack must be initiated from a local position. The attack is… | ||
| CVE-1999-0007 | 0.01 | — | 0.08 | Jun 26, 1998 | Information from SSL-encrypted sessions via PKCS #1. | |||
| CVE-2026-54780 | low | 0.00 | — | — | Jun 19, 2026 | ### Impact CoreWCF’s WS-Security 1.0 receive pipeline validates the `SignatureMethod` of an incoming `ds:SignedInfo` against the configured `SecurityAlgorithmSuite`, but does not validate the `DigestMethod` declared on each `ds:Reference`. As a result, a sender can populate… | ||
| CVE-2026-33512 | 0.00 | — | 0.00 | Mar 23, 2026 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the API plugin exposes a `decryptString` action without any authentication. Anyone can submit ciphertext and receive plaintext. Ciphertext is issued publicly (e.g., `view/url2Embed.json.php`), so… | |||
| CVE-2026-28490 | 0.00 | — | 0.00 | Mar 16, 2026 | Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encryption (JWE) RSA1_5 key management… | |||
| CVE-2026-31839 | 0.00 | — | 0.00 | Mar 11, 2026 | Striae is a firearms examiner's comparison companion. A high-severity integrity bypass vulnerability existed in Striae's digital confirmation workflow prior to v3.0.0. Hash-only validation trusted manifest hash fields that could be modified together with package content,… | |||
| CVE-2026-28479 | 0.00 | — | 0.00 | Mar 5, 2026 | OpenClaw versions prior to 2026.2.15 use SHA-1 to hash sandbox identifier cache keys for Docker and browser sandbox configurations, which is deprecated and vulnerable to collision attacks. An attacker can exploit SHA-1 collisions to cause cache poisoning, allowing one sandbox… |
- risk 0.16cvss 3.6epss 0.00
A vulnerability has been found in Streamlit up to 1.53.0. Impacted is an unknown function in the library lib/streamlit/runtime/caching/hashing.py of the component Palette Handler. Such manipulation leads to use of weak hash. Local access is required to approach this attack. The…
- risk 0.16cvss 3.6epss 0.00
A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digest_utils of the file mlflow/data/digest_utils.py of the component Dataset Digest Computation. This manipulation causes use of weak hash. It is possible to launch the attack on the local…
- risk 0.16cvss 3.6epss 0.00
A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template._save_pil_image of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be…
- risk 0.16cvss 3.6epss 0.00
A weakness has been identified in PaddlePaddle FastDeploy up to 2.4.1. Affected by this issue is the function hash_features of the file fastdeploy/multimodal/hasher.py of the component MultimodalHasher. Executing a manipulation can lead to use of weak hash. The attack requires…
- risk 0.16cvss 3.6epss 0.00
A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculate_dataframe_hash of the file mlrun/utils/helpers.py of the component DataFrame Hash Handler. The manipulation leads to use of weak hash. The attack can only be…
- risk 0.16cvss 2.5epss 0.00
A security vulnerability has been detected in FNKvision Y215 CCTV Camera 10.194.120.40. This issue affects the function crypt of the file /etc/passwd. The manipulation leads to use of weak hash. The attack can only be performed from a local environment. The complexity of an…
- risk 0.16cvss 2.5epss 0.00
Weak algorithm used to sign RPM package. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux) before build 39185, Acronis Cyber Protect 16 (Linux) before build 39938.
- risk 0.15cvss 3.4epss 0.00
In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm.
- risk 0.15cvss —epss 0.00
Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES (3DES) cryptographic algorithm is used to protect emails sent with S/MIME encryption. Triple DES is considered obsolete and insecure due to its susceptibility to birthday…
- risk 0.13cvss 2.0epss 0.00
A vulnerability was found in Netis WF-2404 1.1.124EN. It has been rated as problematic. This issue affects some unknown processing of the file /еtc/passwd. The manipulation leads to use of weak hash. It is possible to launch the attack on the physical device. The complexity of…
- risk 0.12cvss 1.8epss 0.00
A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file /etc/shadow of the component Password Handler. Executing manipulation can lead to use of weak hash. The physical device can be targeted for the attack. The…
- risk 0.10cvss 1.6epss 0.00
A vulnerability classified as problematic was found in FNKvision FNK-GU2 up to 40.1.7. Affected by this vulnerability is an unknown functionality of the file /etc/shadow of the component MD5. The manipulation leads to risky cryptographic algorithm. It is possible to launch the…
- risk 0.09cvss 2.5epss 0.00
A vulnerability was determined in yoanbernabeu grepai up to 0.35.0. The affected element is the function PostgresStore.LookupByContentHash of the file indexer/chunker.go of the component Postgres Embedding Cache. Executing a manipulation of the argument content_hash can lead to…
- risk 0.09cvss 2.5epss 0.00
A security flaw has been discovered in gradio-app gradio 6.14.0. This affects the function save_audio_to_cache of the component Audio Cache Key Handler. Performing a manipulation results in use of weak hash. The attack must be initiated from a local position. The attack is…
- CVE-1999-0007Jun 26, 1998risk 0.01cvss —epss 0.08
Information from SSL-encrypted sessions via PKCS #1.
- risk 0.00cvss —epss —
### Impact CoreWCF’s WS-Security 1.0 receive pipeline validates the `SignatureMethod` of an incoming `ds:SignedInfo` against the configured `SecurityAlgorithmSuite`, but does not validate the `DigestMethod` declared on each `ds:Reference`. As a result, a sender can populate…
- CVE-2026-33512Mar 23, 2026risk 0.00cvss —epss 0.00
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the API plugin exposes a `decryptString` action without any authentication. Anyone can submit ciphertext and receive plaintext. Ciphertext is issued publicly (e.g., `view/url2Embed.json.php`), so…
- CVE-2026-28490Mar 16, 2026risk 0.00cvss —epss 0.00
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encryption (JWE) RSA1_5 key management…
- CVE-2026-31839Mar 11, 2026risk 0.00cvss —epss 0.00
Striae is a firearms examiner's comparison companion. A high-severity integrity bypass vulnerability existed in Striae's digital confirmation workflow prior to v3.0.0. Hash-only validation trusted manifest hash fields that could be modified together with package content,…
- CVE-2026-28479Mar 5, 2026risk 0.00cvss —epss 0.00
OpenClaw versions prior to 2026.2.15 use SHA-1 to hash sandbox identifier cache keys for Docker and browser sandbox configurations, which is deprecated and vulnerable to collision attacks. An attacker can exploit SHA-1 collisions to cause cache poisoning, allowing one sandbox…