CWE-327 · Use of a Broken or Risky Cryptographic Algorithm
678 CVEs classified under CWE-327 (Use of a Broken or Risky Cryptographic Algorithm). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-50086 | Critical | 10.0 | 2026-06-12 | The Aqara IAM/SSO gateway (gw-builder.aqara.com) exposes bidirectional AES round-trups against the platform's signing key without authentication. This is an in… |
CVE-2026-21718 | Critical | 10.0 | 2026-02-27 | An authentication bypass vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, enabling any attackers to bypass the authentication requirement… |
CVE-2024-51478 | Critical | 9.9 | 2024-10-31 | YesWiki is a wiki system written in PHP. Prior to 4.4.5, the use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows… |
CVE-2026-28252 | Critical | 9.8 | 2026-03-12 | A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to bypass authent… |
CVE-2025-13476 | Critical | 9.8 | 2026-03-05 | Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension dive… |
CVE-2025-69929 | Critical | 9.8 | 2026-01-29 | An issue in N3uron Web User Interface v.1.21.7-240207.1047 allows a remote attacker to escalate privileges via the password hashing on the client side using th… |
CVE-2026-22585 | Critical | 9.8 | 2026-01-24 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subsc… |
CVE-2024-4282 | Critical | 9.8 | 2025-02-15 | Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22. |
CVE-2022-3365 | Critical | 9.8 | 2025-01-28 | Due to reliance on a trivial substitution cipher, sent in cleartext, and the reliance on a default password when the user does not set a password, the Remote M… |
CVE-2024-32911 | Critical | 9.8 | 2024-06-13 | There is a possible escalation of privilege due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privi… |
CVE-2024-31510 | Critical | 9.8 | 2024-05-24 | An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker to escalate privileges via the crypto_sign_signature parameter in the /pqcrystals-dilithiu… |
CVE-2023-5347 | Critical | 9.8 | 2024-01-09 | An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system in… |
CVE-2023-34039 | Critical | 9.8 | 2023-08-29 | Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with netwo… |
CVE-2023-34130 | Critical | 9.8 | 2023-07-13 | SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and… |
CVE-2022-36937 | Critical | 9.8 | 2023-05-10 | HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in the stream extension. TLS1.0 has numerous published vulnera… |
CVE-2023-0452 | Critical | 9.8 | 2023-01-26 | Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for encrypting privileged user credentials. A configuration file that is accessible without au… |
CVE-2022-30273 | Critical | 9.8 | 2022-07-26 | The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In… |
CVE-2021-45696 | Critical | 9.8 | 2021-12-27 | An issue was discovered in the sha2 crate 0.9.7 before 0.9.8 for Rust. Hashes of long messages may be incorrect when the AVX2-accelerated backend is used. |
CVE-2020-36363 | Critical | 9.8 | 2021-08-12 | Amazon AWS CloudFront TLSv1.2_2019 allows TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, which some entities consider to be w… |
CVE-2021-22738 | Critical | 9.8 | 2021-05-26 | Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that could cause unauthorized a… |