CWE-327 · Use of a Broken or Risky Cryptographic Algorithm

678 CVEs classified under CWE-327 (Use of a Broken or Risky Cryptographic Algorithm). Browse by severity and year.

Top CVEs for CWE-327
CVESeverityScorePublishedSummary
CVE-2026-50086Critical10.02026-06-12The Aqara IAM/SSO gateway (gw-builder.aqara.com) exposes bidirectional AES round-trups against the platform's signing key without authentication. This is an in…
CVE-2026-21718Critical10.02026-02-27An authentication bypass vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, enabling any attackers to bypass the authentication requirement…
CVE-2024-51478Critical9.92024-10-31YesWiki is a wiki system written in PHP. Prior to 4.4.5, the use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows…
CVE-2026-28252Critical9.82026-03-12A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to bypass authent…
CVE-2025-13476Critical9.82026-03-05Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension dive…
CVE-2025-69929Critical9.82026-01-29An issue in N3uron Web User Interface v.1.21.7-240207.1047 allows a remote attacker to escalate privileges via the password hashing on the client side using th…
CVE-2026-22585Critical9.82026-01-24Use of a Broken or Risky Cryptographic Algorithm vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subsc…
CVE-2024-4282Critical9.82025-02-15Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22.
CVE-2022-3365Critical9.82025-01-28Due to reliance on a trivial substitution cipher, sent in cleartext, and the reliance on a default password when the user does not set a password, the Remote M…
CVE-2024-32911Critical9.82024-06-13There is a possible escalation of privilege due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privi…
CVE-2024-31510Critical9.82024-05-24An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker to escalate privileges via the crypto_sign_signature parameter in the /pqcrystals-dilithiu…
CVE-2023-5347Critical9.82024-01-09An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system in…
CVE-2023-34039Critical9.82023-08-29Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with netwo…
CVE-2023-34130Critical9.82023-07-13SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and…
CVE-2022-36937Critical9.82023-05-10HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in the stream extension. TLS1.0 has numerous published vulnera…
CVE-2023-0452Critical9.82023-01-26Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for encrypting privileged user credentials. A configuration file that is accessible without au…
CVE-2022-30273Critical9.82022-07-26The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In…
CVE-2021-45696Critical9.82021-12-27An issue was discovered in the sha2 crate 0.9.7 before 0.9.8 for Rust. Hashes of long messages may be incorrect when the AVX2-accelerated backend is used.
CVE-2020-36363Critical9.82021-08-12Amazon AWS CloudFront TLSv1.2_2019 allows TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, which some entities consider to be w…
CVE-2021-22738Critical9.82021-05-26Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that could cause unauthorized a…