CWE-325 · Missing Cryptographic Step
43 CVEs classified under CWE-325 (Missing Cryptographic Step). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-15086 | Critical | 9.8 | 2020-07-29 | In TYPO3 installations with the "mediace" extension from version 7.6.2 and before version 7.6.5, it has been discovered that an internal verification mechanism… |
CVE-2020-15098 | High | 8.8 | 2020-07-29 | In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, it has been discovered that an inte… |
CVE-2026-4601 | High | 8.7 | 2026-03-23 | Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA sig… |
CVE-2018-5383 | High | 8.0 | 2018-08-07 | Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before t… |
CVE-2026-41395 | High | 7.5 | 2026-04-28 | OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query ordering for signatures but hashe… |
CVE-2026-4258 | High | 7.5 | 2026-03-17 | All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicK… |
CVE-2025-60704 | High | 7.5 | 2025-11-11 | Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network. |
CVE-2023-46129 | High | 7.5 | 2023-10-30 | NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptogra… |
CVE-2022-20742 | High | 7.4 | 2022-05-03 | A vulnerability in an IPsec VPN library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an un… |
CVE-2025-47383 | High | 7.2 | 2026-03-02 | Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE. |
CVE-2023-28999 | Medium | 6.9 | 2023-04-04 | Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS… |
CVE-2025-3938 | Medium | 6.8 | 2025-05-22 | Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows… |
CVE-2022-20793 | Medium | 6.8 | 2024-11-15 | A vulnerability in pairing process of Cisco TelePresence CE Software and RoomOS Software for Cisco Touch 10 Devices could allow an unauthenticated, r… |
CVE-2020-26244 | Medium | 6.8 | 2020-12-02 | Python oic is a Python OpenID Connect implementation. In Python oic before version 1.2.1, there are several related cryptographic issues affecting client imple… |
CVE-2023-28998 | Medium | 6.7 | 2023-04-04 | The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server a… |
CVE-2024-43547 | Medium | 6.5 | 2024-10-08 | Windows Kerberos Information Disclosure Vulnerability |
CVE-2022-1279 | Medium | 6.5 | 2022-04-14 | A vulnerability in the encryption implementation of EBICS messages in the open source librairy ebics-java/ebics-java-client allows an attacker sniffing network… |
CVE-2019-3738 | Medium | 6.5 | 2019-09-18 | RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially… |
CVE-2023-34471 | Medium | 6.3 | 2023-07-05 | AMI SPx contains a vulnerability in the BMC where a user may cause a missing cryptographic step by generating a hash-based message authentication code (HMAC)… |
CVE-2022-29229 | Medium | 6.3 | 2022-05-18 | CaSS is a Competency and Skills System. CaSS Library, (npm:cassproject) has a missing cryptographic step when storing cryptographic keys that can allow a serve… |