CWE-322 · Key Exchange without Entity Authentication
23 CVEs classified under CWE-322 (Key Exchange without Entity Authentication). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-1709 | Critical | 9.4 | 2026-02-06 | A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This auth… |
CVE-2025-13914 | High | 8.7 | 2026-04-09 | A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM attacker to im… |
CVE-2025-20163 | High | 8.7 | 2025-06-04 | A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to impersonate Cisc… |
CVE-2022-39254 | High | 8.6 | 2022-09-29 | matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their dev… |
CVE-2022-39252 | High | 8.6 | 2022-09-29 | matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, w… |
CVE-2022-39250 | High | 8.6 | 2022-09-29 | Matrix JavaScript SDK is the Matrix Client-Server software development kit (SDK) for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malici… |
CVE-2022-39255 | High | 8.6 | 2022-09-28 | Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can co… |
CVE-2022-39248 | High | 8.6 | 2022-09-28 | matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legi… |
CVE-2022-39251 | High | 8.6 | 2022-09-28 | Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construc… |
CVE-2024-47519 | High | 8.3 | 2025-01-10 | Backup uploads to ETM subject to man-in-the-middle interception |
CVE-2026-45361 | High | 8.1 | 2026-05-25 | Apache Airflow providers-google's `ComputeEngineSSHHook` disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Co… |
CVE-2026-33697 | High | 7.5 | 2026-03-26 | Cocos AI is a confidential computing system for AI. The current implementation of attested TLS (aTLS) in CoCoS is vulnerable to a relay attack affecting all ve… |
CVE-2022-39257 | High | 7.5 | 2022-09-28 | Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can co… |
CVE-2022-39246 | High | 7.5 | 2022-09-28 | matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages appearing… |
CVE-2022-39249 | High | 7.5 | 2022-09-28 | Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construc… |
CVE-2026-44467 | Medium | 6.8 | 2026-05-13 | The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. From 1.2581.0 to before 1.4304.0, Cla… |
CVE-2024-4871 | Medium | 6.8 | 2024-05-14 | A vulnerability was found in Satellite. When running a remote execution job on a host, the host's SSH key is not being checked. When the key changes, the Satel… |
CVE-2026-1354 | Medium | 6.4 | 2026-04-21 | Zero Motorcycles firmware versions 44 and prior enable an attacker to forcibly pair a device with the motorcycle via Bluetooth. Once paired, an attacker can… |
CVE-2025-62501 | | 2026-02-03 | SSH Hostkey misconfiguration vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows attackers to obtain device credentials through a specially cr… | |
CVE-2025-54422 | | 2025-07-29 | Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.1 and below, a critical security vul… |