CWE-326 · Inadequate Encryption Strength
449 CVEs classified under CWE-326 (Inadequate Encryption Strength). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-44523 | Critical | 10.0 | 2026-05-14 | Note Mark is an open-source note-taking application. Prior to 0.19.4, no minimum length or entropy is enforced on the JWT_SECRET configuration value. The appli… |
CVE-2020-6966 | Critical | 10.0 | 2020-01-24 | In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE… |
CVE-2019-16649 | Critical | 10.0 | 2019-09-21 | On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of… |
CVE-2018-25272 | Critical | 9.8 | 2026-04-22 | ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM leve… |
CVE-2025-12478 | Critical | 9.8 | 2025-10-29 | Non-Compliant TLS Configuration.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 . |
CVE-2022-45141 | Critical | 9.8 | 2023-03-06 | Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac i… |
CVE-2022-24116 | Critical | 9.8 | 2022-12-26 | Certain General Electric Renewable Energy products have inadequate encryption strength. This affects iNET and iNET II before 8.3.0. |
CVE-2022-3273 | Critical | 9.8 | 2022-10-06 | Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. |
CVE-2022-36555 | Critical | 9.8 | 2022-08-29 | Hytec Inter HWL-2511-SS v1.05 and below implements a SHA512crypt hash for the root account which can be easily cracked via a brute-force attack. |
CVE-2022-30285 | Critical | 9.8 | 2022-08-02 | In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. This may allow authentication with invalid c… |
CVE-2021-42216 | Critical | 9.8 | 2021-12-15 | A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via VerificationController.php. |
CVE-2020-14517 | Critical | 9.8 | 2020-09-16 | Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is r… |
CVE-2020-10275 | Critical | 9.8 | 2020-06-24 | The access tokens for the REST API are directly derived from the publicly available default credentials for the web interface. Given a USERNAME and a PASSWORD… |
CVE-2013-7287 | Critical | 9.8 | 2020-02-13 | MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme. |
CVE-2013-2166 | Critical | 9.8 | 2019-12-10 | python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass |
CVE-2011-4121 | Critical | 9.8 | 2019-11-26 | The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key g… |
CVE-2019-15806 | Critical | 9.8 | 2019-08-29 | CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they i… |
CVE-2019-15805 | Critical | 9.8 | 2019-08-29 | CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they i… |
CVE-2018-20810 | Critical | 9.8 | 2019-06-28 | Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and P… |
CVE-2019-10907 | Critical | 9.8 | 2019-04-07 | Airsonic 10.2.1 uses Spring's default remember-me mechanism based on MD5, with a fixed key of airsonic in GlobalSecurityConfig.java. An attacker able to captur… |