Skip to main content

CWE-326

Inadequate Encryption Strength

283 CVEs Avg CVSS 7.0 MITRE
31
CRITICAL
126
HIGH
116
MEDIUM
10
LOW
57
POC
2
KEV

Monthly

CVE-2026-14868 HIGH PATCH This Week

Privilege escalation in ARC Informatique PcVue SCADA/HMI software (all versions prior to 17.0.0) arises because the encryption algorithm protecting user-account configuration in the built-in user directory is cryptographically inadequate (CWE-326). A local attacker with low privileges can decrypt or tamper with the stored account configuration and ultimately obtain privileged access to the PcVue application. No public exploit identified at time of analysis, and it is not listed in CISA KEV; the vendor CVSS 4.0 base score is 8.4 (High).

Information Disclosure Pcvue
NVD VulDB
CVSS 4.0
8.4
EPSS
0.1%
CVE-2026-7830 HIGH This Week

Credential disclosure in UltraVNC through 1.8.2.2 lets a passive network observer break the MS-Logon II authentication handshake and recover plaintext usernames and passwords. The rfbUltraVNC_MsLogonIIAuth scheme relies on a Diffie-Hellman exchange whose prime fits in an unsigned 64-bit integer and a private exponent derived from time(NULL)-seeded libc rand(), both of which are trivially solvable, so an attacker who sniffs or man-in-the-middles the exchange derives the shared key in seconds to a minute. There is no public exploit identified at time of analysis and no EPSS/KEV signal supplied; CVSS is 7.4 (AC:H reflecting the need to observe the handshake), and MS-Logon III (X25519 + AES-256-GCM) is not affected.

Microsoft Information Disclosure Ultravnc
NVD GitHub
CVSS 3.1
7.4
EPSS
0.2%
CVE-2026-41860 HIGH PATCH This Week

Credential theft and UAA token redirection in Cloud Foundry BOSH versions prior to v282.1.9 allows a network-positioned local attacker to intercept Basic-auth secrets and OAuth requests flowing between bosh-monitor and the BOSH director or UAA. The flaw stems from hard-coded OpenSSL::SSL::VERIFY_NONE in the HttpRequestHelper, effectively disabling TLS certificate validation. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

OpenSSL Information Disclosure
NVD VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-8878 HIGH This Week

Information disclosure in Securly Chrome Extension version 3.0.7 allows remote unauthenticated attackers to retrieve SHA-1 hashes via publicly accessible endpoints, where the hashes are weakly protected by a reversible Caesar cipher. The flaw enables recovery of sensitive identifiers protecting filtered content data, with no public exploit identified at time of analysis and an EPSS score of 0.02% indicating very low predicted exploitation activity.

Information Disclosure Google Chrome
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-45787 npm MEDIUM PATCH GHSA This Month

electerm's sync encryption uses deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no message authentication code, allowing attackers to crack common passwords across multiple installations and perform undetected bit-flip attacks on synced bookmark and profile data. Affects electerm versions prior to 3.9.5. No public exploit code identified at time of analysis, but the cryptographic weaknesses are fundamental and exploitable without specialized tooling.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
6.0
EPSS
0.0%
CVE-2026-33361 HIGH This Week

Weak XOR obfuscation in Meari IoT SDK's libmrplayer.so library enables remote unauthenticated attackers to decrypt baby monitor image snapshots from CloudEdge 5.5.0, Arenti 1.8.1, and white-label apps (versions ≤1.8.x). The '.jpgx3' file format applies reversible XOR encryption only to the first 1024 bytes using a predictable key derivation model, exposing confidential video surveillance imagery. EPSS data unavailable; no CISA KEV listing or public exploit code confirmed, though proof-of-concept research published by runZero demonstrates practical decryption. CVSS 7.5 reflects HIGH confidentiality impact with network-accessible attack surface requiring no authentication.

Information Disclosure Com Meari Sdk
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-44523 Go CRITICAL PATCH GHSA Act Now

JWT secret validation bypass in Note Mark allows full account takeover through offline token forgery. The Go-based note-taking application accepts HS256 signing secrets shorter than RFC 7518's required 32 bytes, enabling attackers to capture a single valid JWT from network traffic or logs, brute-force the weak secret offline, and forge authentication tokens for any user including administrators. Publicly available exploit code exists (vendor-published PoC in GitHub advisory GHSA-q6mh-rqwh-g786). Vendor-released patch available in commit 18b587758667 and release v0.19.4. CVSS 10.0 reflects unauthenticated network exploitation with scope change, though real-world impact requires JWT capture as a prerequisite.

Python RCE
NVD GitHub
CVSS 3.1
10.0
EPSS
0.0%
CVE-2018-25272 CRITICAL POC Act Now

ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Elba5
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2025-1241 MEDIUM PATCH This Month

Fortra GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 use a static initialization vector (IV) for encryption, allowing authenticated administrative users to brute-force decryption of encrypted data. The vulnerability requires high-privilege access and computational effort but results in complete confidentiality loss of encrypted values. No public exploit code or active exploitation has been confirmed at time of analysis.

Information Disclosure Goanywhere Mft
NVD VulDB
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-5363 MEDIUM Monitor

TP-Link Archer C7 v5 and v5.8 routers use weak RSA-1024 encryption for admin password transmission during web login, allowing adjacent attackers with network traffic interception capability to perform cryptanalytic attacks (brute-force or key factorization) to recover plaintext credentials and gain unauthorized administrative access. EPSS score of P (Probable) and active POC availability indicate realistic exploitation risk in local network environments; however, exploitation requires both network adjacency and successful cryptanalysis of a 1024-bit RSA key, limiting attack scope to motivated adversaries on shared networks (e.g., compromised WiFi).

Authentication Bypass TP-Link
NVD VulDB
CVSS 4.0
5.4
EPSS
0.0%
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Privilege escalation in ARC Informatique PcVue SCADA/HMI software (all versions prior to 17.0.0) arises because the encryption algorithm protecting user-account configuration in the built-in user directory is cryptographically inadequate (CWE-326). A local attacker with low privileges can decrypt or tamper with the stored account configuration and ultimately obtain privileged access to the PcVue application. No public exploit identified at time of analysis, and it is not listed in CISA KEV; the vendor CVSS 4.0 base score is 8.4 (High).

Information Disclosure Pcvue
NVD VulDB
EPSS 0% CVSS 7.4
HIGH This Week

Credential disclosure in UltraVNC through 1.8.2.2 lets a passive network observer break the MS-Logon II authentication handshake and recover plaintext usernames and passwords. The rfbUltraVNC_MsLogonIIAuth scheme relies on a Diffie-Hellman exchange whose prime fits in an unsigned 64-bit integer and a private exponent derived from time(NULL)-seeded libc rand(), both of which are trivially solvable, so an attacker who sniffs or man-in-the-middles the exchange derives the shared key in seconds to a minute. There is no public exploit identified at time of analysis and no EPSS/KEV signal supplied; CVSS is 7.4 (AC:H reflecting the need to observe the handshake), and MS-Logon III (X25519 + AES-256-GCM) is not affected.

Microsoft Information Disclosure Ultravnc
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Credential theft and UAA token redirection in Cloud Foundry BOSH versions prior to v282.1.9 allows a network-positioned local attacker to intercept Basic-auth secrets and OAuth requests flowing between bosh-monitor and the BOSH director or UAA. The flaw stems from hard-coded OpenSSL::SSL::VERIFY_NONE in the HttpRequestHelper, effectively disabling TLS certificate validation. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

OpenSSL Information Disclosure
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Information disclosure in Securly Chrome Extension version 3.0.7 allows remote unauthenticated attackers to retrieve SHA-1 hashes via publicly accessible endpoints, where the hashes are weakly protected by a reversible Caesar cipher. The flaw enables recovery of sensitive identifiers protecting filtered content data, with no public exploit identified at time of analysis and an EPSS score of 0.02% indicating very low predicted exploitation activity.

Information Disclosure Google Chrome
NVD VulDB
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

electerm's sync encryption uses deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no message authentication code, allowing attackers to crack common passwords across multiple installations and perform undetected bit-flip attacks on synced bookmark and profile data. Affects electerm versions prior to 3.9.5. No public exploit code identified at time of analysis, but the cryptographic weaknesses are fundamental and exploitable without specialized tooling.

Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Weak XOR obfuscation in Meari IoT SDK's libmrplayer.so library enables remote unauthenticated attackers to decrypt baby monitor image snapshots from CloudEdge 5.5.0, Arenti 1.8.1, and white-label apps (versions ≤1.8.x). The '.jpgx3' file format applies reversible XOR encryption only to the first 1024 bytes using a predictable key derivation model, exposing confidential video surveillance imagery. EPSS data unavailable; no CISA KEV listing or public exploit code confirmed, though proof-of-concept research published by runZero demonstrates practical decryption. CVSS 7.5 reflects HIGH confidentiality impact with network-accessible attack surface requiring no authentication.

Information Disclosure Com Meari Sdk
NVD GitHub
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

JWT secret validation bypass in Note Mark allows full account takeover through offline token forgery. The Go-based note-taking application accepts HS256 signing secrets shorter than RFC 7518's required 32 bytes, enabling attackers to capture a single valid JWT from network traffic or logs, brute-force the weak secret offline, and forge authentication tokens for any user including administrators. Publicly available exploit code exists (vendor-published PoC in GitHub advisory GHSA-q6mh-rqwh-g786). Vendor-released patch available in commit 18b587758667 and release v0.19.4. CVSS 10.0 reflects unauthenticated network exploitation with scope change, though real-world impact requires JWT capture as a prerequisite.

Python RCE
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Elba5
NVD Exploit-DB
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

Fortra GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 use a static initialization vector (IV) for encryption, allowing authenticated administrative users to brute-force decryption of encrypted data. The vulnerability requires high-privilege access and computational effort but results in complete confidentiality loss of encrypted values. No public exploit code or active exploitation has been confirmed at time of analysis.

Information Disclosure Goanywhere Mft
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM Monitor

TP-Link Archer C7 v5 and v5.8 routers use weak RSA-1024 encryption for admin password transmission during web login, allowing adjacent attackers with network traffic interception capability to perform cryptanalytic attacks (brute-force or key factorization) to recover plaintext credentials and gain unauthorized administrative access. EPSS score of P (Probable) and active POC availability indicate realistic exploitation risk in local network environments; however, exploitation requires both network adjacency and successful cryptanalysis of a 1024-bit RSA key, limiting attack scope to motivated adversaries on shared networks (e.g., compromised WiFi).

Authentication Bypass TP-Link
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy