Weaknesses of type CWE-326
175 resultsCVE-2026-44351CRITICALfast-jwt: Empty HMAC secret accepted via async key resolver - JWT auth bypassEPSS 0.2%CVE-2026-33512HIGHAVideo has an unauthenticated decrypt oracle leaking any ciphertextEPSS 0.2%CVE-2024-45719LOWApache Answer: Predictable Authorization Token Using UUIDv1EPSS 0.2%CVE-2025-46833MEDIUMPrograms/P73_SimplePythonEncryption.py has weak cryptographic keyEPSS 0.2%CVE-2025-55039MEDIUMApache Spark, Apache Spark: RPC encryption defaults to unauthenticated AES-CTR mode, enabling man-in-the-middle ciphertext modification attacksEPSS 0.2%CVE-2024-45259MEDIUMAn issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. By intercepting an HTTP reqEPSS 0.2%CVE-2025-12478CRITICALNon-Compliant TLS ConfigurationEPSS 0.2%CVE-2025-4894MEDIUMcalmkart Django-sso-server crypto.py gen_rsa_keys inadequate encryptionEPSS 0.2%CVE-2025-46409HIGHInadequate encryption strength issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If this vulnerability is eEPSS 0.2%CVE-2021-32010MEDIUMClients may connect to a GateManager with TLS 1.0EPSS 0.2%CVE-2023-36748MEDIUMA vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEEPSS 0.2%CVE-2024-38867HIGHA vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.64), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 EPSS 0.2%CVE-2025-65295HIGHMultiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 deviEPSS 0.2%CVE-2025-11935MEDIUMForward Secrecy Violation in WolfSSL TLS 1.3EPSS 0.2%CVE-2025-46626HIGHReuse of a static AES key and initialization vector for encrypted traffic to the 'ate' management service of the Tenda RX2 Pro 16.03.30.14 aEPSS 0.2%CVE-2024-30119LOWHCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security HeaderEPSS 0.2%CVE-2021-27450—SSH server configuration file does not implement some best practices. This could lead to a weakening of the SSH protocol strength, which couEPSS 0.2%CVE-2019-18263—An issue was found in Philips Veradius Unity, Pulsera, and Endura Dual WAN Router, Veradius Unity (718132) with wireless option (shipped betEPSS 0.2%CVE-2023-21444HIGHImproper cryptographic implementation in Samsung Flow for PC 4.9.14.0 allows adjacent attackers to decrypt encrypted messages or inject commEPSS 0.2%CVE-2023-21443HIGHImproper cryptographic implementation in Samsung Flow for Android prior to version 4.9.04 allows adjacent attackers to decrypt encrypted mesEPSS 0.2%