CWE-327— Use of a Broken or Risky Cryptographic Algorithm
The product uses a broken or risky cryptographic algorithm or protocol.— MITRE CWE catalog
688 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-327page 12 of 14
- CVE-2024-8603HIGHCVSS 7.5EG 7.52025-01-15
A “Use of a Broken or Risky Cryptographic Algorithm” vulnerability in the SSL/TLS component used in B&R Automation Runtime versions before 6.1 and B&R mapp View versions before 6.1 may be abused by unauthenticated network-based attacke…
- CVE-2025-10237MEDIUMCVSS 6.7EG 6.72026-06-10
During an internal security assessment, a potential vulnerability was discovered in some ThinkPad embedded controller firmware that could allow a privileged local user to perform arbitrary reads or writes to privileged memory regions.
- CVE-2025-11650LOWCVSS 1.8EG 1.82025-10-12
A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file /etc/shadow of the component Password Handler. Executing manipulation can lead to use of weak hash. The physical de…
- CVE-2025-13916MEDIUMCVSS 5.9EG 5.92026-04-01
IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information
- CVE-2025-14175MEDIUMCVSS 6.5EG 6.52025-12-29
A vulnerability in the SSH server of TP-Link TL-WR820N v2.80 allows the use of a weak cryptographic algorithm, enabling an adjacent attacker to intercept and decrypt SSH traffic. Exploitation may expose sensitive information and compromis…
- CVE-2025-14636LOWCVSS 3.7EG 3.72025-12-13
A security flaw has been discovered in Tenda AX9 22.03.01.46. This affects the function image_check of the component httpd. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level…
- CVE-2025-14759MEDIUMCVSS 5.3EG 5.32025-12-17
Missing cryptographic key commitment in the Amazon S3 Encryption Client for .NET may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "i…
- CVE-2025-14760MEDIUMCVSS 5.3EG 5.32025-12-17
Missing cryptographic key commitment in the AWS SDK for C++ may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" inst…
- CVE-2025-14761MEDIUMCVSS 5.3EG 5.32025-12-17
Missing cryptographic key commitment in the AWS SDK for PHP may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" inst…
- CVE-2025-14762MEDIUMCVSS 5.3EG 5.32025-12-17
Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" ins…
- CVE-2025-14763MEDIUMCVSS 5.3EG 5.32025-12-17
Missing cryptographic key commitment in the Amazon S3 Encryption Client for Java may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "i…
- CVE-2025-14764MEDIUMCVSS 5.3EG 5.32025-12-17
Missing cryptographic key commitment in the Amazon S3 Encryption Client for Go may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "ins…
- CVE-2025-14813HIGHCVSS 7.5EG 9.32026-04-15
: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (core modules). This vulnerability is associated with program files G3413CTRBlockCipher. This issue affects BC-…
- CVE-2025-14859HIGHCVSS 7.0EG 7.02026-04-07
The Semtech LR11xx LoRa transceivers implement secure boot functionality using digital signatures to authenticate firmware. However, the implementation uses a non-standard cryptographic hashing algorithm that is vulnerable to second preima…
- CVE-2025-21062HIGHCVSS 7.8EG 7.82025-10-10
Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.67.2 allows local attackers to replace the restoring application. User interaction is required for triggering this vulnerability.
- CVE-2025-22475LOWCVSS 3.7EG 3.72025-02-04
Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a Cryptographic Primitive with a Risky Implementation vulnerability. A remote attacker could potentially exploit this vulnerability, leading t…
- CVE-2025-24007HIGHCVSS 7.5EG 7.52025-05-13
A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIUS Safety Relays 3SK2 (All versions). Affected devices only provide weak password obfuscation. An attacker with network access could retriev…
- CVE-2025-2539HIGHCVSS 7.5EG 7.52025-03-20
The File Away plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax() function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers,…
- CVE-2025-2545LOWCVSS 2.3EG 2.32025-05-05
Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES (3DES) cryptographic algorithm is used to protect emails sent with S/MIME encryption. Triple DES is considered obsolete and insecure due…
- CVE-2025-26486MEDIUMCVSS 6.0EG 6.02025-03-19
Broken or Risky Cryptographic Algorithm, Use of Password Hash With Insufficient Computational Effort, Use of Weak Hash, Use of a One-Way Hash with a Predictable Salt vulnerabilities in Beta80 "Life 1st Identity Manager" enable an attacke…
- CVE-2025-26708MEDIUMCVSS 4.2EG 4.22025-03-07
There is a configuration defect vulnerability in ZTELink 5.4.9 for iOS. This vulnerability is caused by a flaw in the WiFi parameter configuration of the ZTELink. An attacker can obtain unauthorized access to the WiFi service.
- CVE-2025-27458MEDIUMCVSS 6.5EG 6.52025-07-03
The VNC authentication mechanism bases on a challenge-response system where both server and client use the same password for encryption. The challenge is sent from the server to the client, is encrypted by the client and sent back. The ser…
- CVE-2025-27508HIGHCVSS 7.5EG 7.52025-03-05
Emissary is a P2P based data-driven workflow engine. The ChecksumCalculator class within allows for hashing and checksum generation, but it includes or defaults to algorithms that are no longer recommended for secure cryptographic use case…
- CVE-2025-2920LOWCVSS 2.0EG 2.02025-03-28
A vulnerability was found in Netis WF-2404 1.1.124EN. It has been rated as problematic. This issue affects some unknown processing of the file /еtc/passwd. The manipulation leads to use of weak hash. It is possible to launch the attack on…
- CVE-2025-30477MEDIUMCVSS 4.4EG 4.42025-07-21
Dell PowerScale OneFS, versions prior to 9.11.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Informatio…
- CVE-2025-3200CRITICALCVSS 9.1EG 9.12025-04-28
An unauthenticated remote attacker could exploit the used, insecure TLS 1.0 and TLS 1.1 protocols to intercept and manipulate encrypted communications between the Com-Server and connected systems.
- CVE-2025-33084MEDIUMCVSS 5.9EG 5.92025-09-01
IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensiti…
- CVE-2025-33102MEDIUMCVSS 5.9EG 5.92025-09-01
IBM Concert Software 1.0.0 through 1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
- CVE-2025-34208HIGHCVSS 7.5EG 7.52025-10-02
Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) store user passwords using unsalted SHA-512 hashes with a fall-back to unsalted SHA-1. The hashing is performed via PHP's `hash()` function i…
- CVE-2025-34500HIGHCVSS 7.0EG 7.02025-10-24
Deck Mate 2's firmware update mechanism accepts packages without cryptographic signature verification, encrypts them with a single hard-coded AES key shared across devices, and uses a truncated HMAC for integrity validation. Attackers with…
- CVE-2025-34519HIGHCVSS 7.5EG 7.52025-10-16
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords using the MD5 hash function without applying a per‑password salt. Because MD5 is a fast, unsalt…
- CVE-2025-36150MEDIUMCVSS 5.9EG 5.92025-11-24
IBM Concert 1.0.0 through 2.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
- CVE-2025-36161MEDIUMCVSS 5.9EG 5.92025-11-20
IBM Concert 1.0.0 through 2.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict-Transport-Security. An attacker could exploit this vulnerability to obtain sensitive inform…
- CVE-2025-37127HIGHCVSS 7.2EG 7.22025-09-16
A vulnerability in the cryptographic logic used by HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to gain shell access. Successful exploitation could allow an attacker to execute arbitrary com…
- CVE-2025-3838MEDIUMCVSS 6.1EG 6.12025-04-21
An Improper Authorization vulnerability was identified in the EOL OVA based connect component which is deployed for installation purposes in the customer internal network. Under certain conditions, this could allow a bad actor to gain unau…
- CVE-2025-3938MEDIUMCVSS 6.8EG 6.82025-05-22
Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15…
- CVE-2025-41223MEDIUMCVSS 4.8EG 4.82025-07-08
A vulnerability has been identified in RUGGEDCOM i800 (All versions), RUGGEDCOM i801 (All versions), RUGGEDCOM i802 (All versions), RUGGEDCOM i803 (All versions), RUGGEDCOM M2100 (All versions), RUGGEDCOM M2200 (All versions), RUGGEDCOM M9…
- CVE-2025-43723MEDIUMCVSS 5.9EG 5.92025-11-10
Dell PowerScale OneFS, versions prior to 9.10.1.3 and versions 9.11.0.0 through 9.12.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit t…
- CVE-2025-43891MEDIUMCVSS 5.3EG 5.32025-10-07
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7…
- CVE-2025-43909LOWCVSS 3.7EG 3.72025-10-07
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7…
- CVE-2025-43913MEDIUMCVSS 5.3EG 5.32025-10-07
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7…
- CVE-2025-45766HIGHCVSS 7.0EG 7.02025-08-06
poco v1.14.1-release was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rul…
- CVE-2025-45767HIGHCVSS 7.0EG 7.02025-08-01
jose v6.0.10 was discovered to contain weak encryption. NOTE: this is disputed by a third party because the claim of "do not meet recommended security standards" does not reflect guidance in a final publication.
- CVE-2025-46371MEDIUMCVSS 5.5EG 5.52026-05-26
Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) a Use of a Broken or Risky Cryptographic... Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the ssh. A low p…
- CVE-2025-48946LOWCVSS 3.7EG 3.72025-05-30
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. liboqs prior to version 0.13.0 supports the HQC algorithm, an algorithm with a theoretical design flaw which leads to large…
- CVE-2025-49196MEDIUMCVSS 6.5EG 6.52025-06-12
A service supports the use of a deprecated and unsafe TLS version. This could be exploited to expose sensitive information, modify data in unexpected ways or spoof identities of other users or devices, affecting the confidentiality and int…
- CVE-2025-49756LOWCVSS 3.3EG 3.32025-07-08
Use of a broken or risky cryptographic algorithm in Office Developer Platform allows an authorized attacker to bypass a security feature locally.
- CVE-2025-51726HIGHCVSS 8.4EG 8.42025-08-04
CyberGhostVPNSetup.exe (Windows installer) is signed using the weak cryptographic hash algorithm SHA-1, which is vulnerable to collision attacks. This allows a malicious actor to craft a fake installer with a forged SHA-1 certificate that …
- CVE-2025-52026HIGHCVSS 7.5EG 7.52026-01-23
An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email add…
- CVE-2025-54340MEDIUMCVSS 4.1EG 4.12025-11-14
A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. There is a Broken or Risky Cryptographic Algorithm.
Map vulnerabilities like CWE-327 to your infrastructure
EchelonGraph correlates every CVE — across CWE-327 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →