CWE-326 · Inadequate Encryption Strength

449 CVEs classified under CWE-326 (Inadequate Encryption Strength). Browse by severity and year.

Top CVEs for CWE-326
CVESeverityScorePublishedSummary
CVE-2026-44523Critical10.02026-05-14Note Mark is an open-source note-taking application. Prior to 0.19.4, no minimum length or entropy is enforced on the JWT_SECRET configuration value. The appli…
CVE-2020-6966Critical10.02020-01-24In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE…
CVE-2019-16649Critical10.02019-09-21On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of…
CVE-2018-25272Critical9.82026-04-22ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM leve…
CVE-2025-12478Critical9.82025-10-29Non-Compliant TLS Configuration.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
CVE-2022-45141Critical9.82023-03-06Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac i…
CVE-2022-24116Critical9.82022-12-26Certain General Electric Renewable Energy products have inadequate encryption strength. This affects iNET and iNET II before 8.3.0.
CVE-2022-3273Critical9.82022-10-06Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a4.
CVE-2022-36555Critical9.82022-08-29Hytec Inter HWL-2511-SS v1.05 and below implements a SHA512crypt hash for the root account which can be easily cracked via a brute-force attack.
CVE-2022-30285Critical9.82022-08-02In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. This may allow authentication with invalid c…
CVE-2021-42216Critical9.82021-12-15A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via VerificationController.php.
CVE-2020-14517Critical9.82020-09-16Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is r…
CVE-2020-10275Critical9.82020-06-24The access tokens for the REST API are directly derived from the publicly available default credentials for the web interface. Given a USERNAME and a PASSWORD…
CVE-2013-7287Critical9.82020-02-13MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme.
CVE-2013-2166Critical9.82019-12-10python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass
CVE-2011-4121Critical9.82019-11-26The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key g…
CVE-2019-15806Critical9.82019-08-29CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they i…
CVE-2019-15805Critical9.82019-08-29CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they i…
CVE-2018-20810Critical9.82019-06-28Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and P…
CVE-2019-10907Critical9.82019-04-07Airsonic 10.2.1 uses Spring's default remember-me mechanism based on MD5, with a fixed key of airsonic in GlobalSecurityConfig.java. An attacker able to captur…