Monthly
TLS protocol downgrade exposure in HCL DFXAnalytics allows network-positioned attackers to intercept and decrypt sensitive communications by exploiting continued support for deprecated TLS 1.0 and TLS 1.1 protocols. All versions of DFXAnalytics are affected per the wildcard CPE string, with high confidentiality impact and no integrity or availability degradation. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog; however, the CVSS AC:H rating reflects the prerequisite man-in-the-middle network position rather than any inherent technical barrier to exploitation once that position is achieved.
JWT algorithm confusion in Strapi's users-permissions plugin enables authentication control weakening when the plugin::users-permissions.jwt.algorithm setting is absent from configuration. The plugin silently accepts HS384 and HS512 tokens alongside the intended HS256, allowing an attacker who has already obtained the jwtSecret to mint tokens using non-standard HMAC variants and bypass any algorithm-enforcement logic. No public exploit code is identified at time of analysis and this vulnerability is not listed in CISA KEV; real-world risk is substantially bounded by the prerequisite of jwtSecret compromise, reflected in the CVSS 4.0 score of 6.3 with High Complexity and Presence-of-attack-requirement modifiers.
Session hijacking in the Setracker2 Android companion app (com.tgelec.setracker) version 3.1.5 and earlier stems from the use of MD5 to generate the request signature that authenticates traffic between the mobile client and the backend REST API. Because MD5 is cryptographically broken, an attacker who can observe a signed request may reverse the signature to recover the embedded session ID and then impersonate the legitimate user, issuing authenticated API calls against the kids'/GPS-tracker backend. Reported by CISA ICS-CERT (DHS) and tracked in a CSAF advisory; no public exploit identified at time of analysis and it is not listed in CISA KEV.
wolfSSL's ML-KEM ARM64 NEON decapsulation path compares only half of the re-encrypted ciphertext during the Fujisaki-Okamoto implicit rejection step, breaking the IND-CCA2 security proof for post-quantum key exchange on that architecture. This affects any ARM64 deployment of wolfSSL with ML-KEM (FIPS 203) compiled in and in active use. An attacker who can submit adaptively chosen ciphertexts to a decapsulating party - for example via man-in-the-middle position during a post-quantum TLS handshake - may exploit the broken comparison to bypass implicit rejection, potentially enabling shared-secret recovery through repeated adaptive queries. No public exploit has been identified and the vulnerability is not listed in the CISA KEV at time of analysis.
wolfSSL's certificate chain verification accepted MD5-signed certificates when MD5 was compiled in for any purpose (e.g., TLS 1.0 PRF or HMAC), violating RFC 8446 compliance and the fundamental prohibition on broken hash algorithms in certificate signatures. An attacker with low-level positioning who can influence the certificate chain presented to a wolfSSL-based application could potentially bypass chain integrity checks by presenting an MD5-signed leaf certificate. No public exploit has been identified and no CISA KEV listing exists; the CVSS 4.0 score of 2.3 reflects the high complexity and constrained impact of realistic exploitation.
Cryptographic decapsulation flaw in wolfSSL's ML-KEM-1024 (Kyber) x86-64 AVX2 code path (versions 5.7.0 through 5.9.1) breaks IND-CCA2 security by failing to compare the final 32-byte block of the 1568-byte ciphertext during the constant-time check, so the Fujisaki-Okamoto transform's mandatory implicit rejection is bypassed. An attacker acting as a chosen-ciphertext oracle can submit ciphertexts altered only in those trailing bytes and have decapsulation return the genuine shared secret rather than a rejection value. There is no public exploit identified at time of analysis, the EPSS score is very low (0.15%, 5th percentile), and CISA SSVC rates exploitation as none with partial technical impact.
WS-Security DigestMethod validation in CoreWCF's receive pipeline can be bypassed, allowing a remote sender to present XML Digital Signatures that use cryptographically weak per-reference hash algorithms (e.g., SHA-1) even when the configured SecurityAlgorithmSuite explicitly prohibits them. Affected are all CoreWCF.Primitives releases below v1.8.1 and the 1.9.0 release (pre-1.9.1). The service silently accepts these weakened signatures as policy-compliant, undermining the integrity guarantees that the algorithm suite is designed to enforce. No public exploit or CISA KEV listing exists; the vendor has released patches in v1.8.1 and v1.9.1 with no available workaround.
Broken or risky cryptographic algorithm use in Dell PowerFlex Manager 4.6.0.1 exposes network-accessible infrastructure management communications to potential interception and modification. Remote unauthenticated attackers who achieve the requisite network positioning - consistent with the CVSS AC:H rating - could exploit weak or deprecated cryptographic primitives to partially disclose sensitive management data (C:L) or tamper with communications in transit (I:L). Dell has published advisory DSA-2026-066 under the multi-CVE release DSA-2026-066; no public exploit code and no active exploitation (CISA KEV absent) have been identified at time of analysis.
Weak SSH cryptographic algorithms in Canon EOS Network Setting Tool version 1.5.0 and earlier allow network-adjacent attackers to undermine the confidentiality and integrity of SSH sessions used by the tool, per Canon PSIRT advisory CP2026-005. The CVSS 4.0 vector (AV:N/AC:H/UI:P/VC:H/VI:H) reflects high attack complexity and required user interaction, and there is no public exploit identified at time of analysis.
Unauthenticated cryptographic oracle exposure in the Aqara IAM/SSO gateway (gw-builder.aqara.com) lets remote attackers submit data for bidirectional AES encrypt/decrypt operations performed with the platform's signing key, with no authentication required. Because the same key that signs SSO tokens can be exercised as an oracle, an attacker can recover protected material and potentially forge or manipulate signed authentication tokens (tagged Authentication Bypass). Publicly available exploit code exists (SSVC exploitation=poc) and CISA's SSVC rates it automatable with total technical impact, though EPSS remains very low at 0.06%.
TLS protocol downgrade exposure in HCL DFXAnalytics allows network-positioned attackers to intercept and decrypt sensitive communications by exploiting continued support for deprecated TLS 1.0 and TLS 1.1 protocols. All versions of DFXAnalytics are affected per the wildcard CPE string, with high confidentiality impact and no integrity or availability degradation. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog; however, the CVSS AC:H rating reflects the prerequisite man-in-the-middle network position rather than any inherent technical barrier to exploitation once that position is achieved.
JWT algorithm confusion in Strapi's users-permissions plugin enables authentication control weakening when the plugin::users-permissions.jwt.algorithm setting is absent from configuration. The plugin silently accepts HS384 and HS512 tokens alongside the intended HS256, allowing an attacker who has already obtained the jwtSecret to mint tokens using non-standard HMAC variants and bypass any algorithm-enforcement logic. No public exploit code is identified at time of analysis and this vulnerability is not listed in CISA KEV; real-world risk is substantially bounded by the prerequisite of jwtSecret compromise, reflected in the CVSS 4.0 score of 6.3 with High Complexity and Presence-of-attack-requirement modifiers.
Session hijacking in the Setracker2 Android companion app (com.tgelec.setracker) version 3.1.5 and earlier stems from the use of MD5 to generate the request signature that authenticates traffic between the mobile client and the backend REST API. Because MD5 is cryptographically broken, an attacker who can observe a signed request may reverse the signature to recover the embedded session ID and then impersonate the legitimate user, issuing authenticated API calls against the kids'/GPS-tracker backend. Reported by CISA ICS-CERT (DHS) and tracked in a CSAF advisory; no public exploit identified at time of analysis and it is not listed in CISA KEV.
wolfSSL's ML-KEM ARM64 NEON decapsulation path compares only half of the re-encrypted ciphertext during the Fujisaki-Okamoto implicit rejection step, breaking the IND-CCA2 security proof for post-quantum key exchange on that architecture. This affects any ARM64 deployment of wolfSSL with ML-KEM (FIPS 203) compiled in and in active use. An attacker who can submit adaptively chosen ciphertexts to a decapsulating party - for example via man-in-the-middle position during a post-quantum TLS handshake - may exploit the broken comparison to bypass implicit rejection, potentially enabling shared-secret recovery through repeated adaptive queries. No public exploit has been identified and the vulnerability is not listed in the CISA KEV at time of analysis.
wolfSSL's certificate chain verification accepted MD5-signed certificates when MD5 was compiled in for any purpose (e.g., TLS 1.0 PRF or HMAC), violating RFC 8446 compliance and the fundamental prohibition on broken hash algorithms in certificate signatures. An attacker with low-level positioning who can influence the certificate chain presented to a wolfSSL-based application could potentially bypass chain integrity checks by presenting an MD5-signed leaf certificate. No public exploit has been identified and no CISA KEV listing exists; the CVSS 4.0 score of 2.3 reflects the high complexity and constrained impact of realistic exploitation.
Cryptographic decapsulation flaw in wolfSSL's ML-KEM-1024 (Kyber) x86-64 AVX2 code path (versions 5.7.0 through 5.9.1) breaks IND-CCA2 security by failing to compare the final 32-byte block of the 1568-byte ciphertext during the constant-time check, so the Fujisaki-Okamoto transform's mandatory implicit rejection is bypassed. An attacker acting as a chosen-ciphertext oracle can submit ciphertexts altered only in those trailing bytes and have decapsulation return the genuine shared secret rather than a rejection value. There is no public exploit identified at time of analysis, the EPSS score is very low (0.15%, 5th percentile), and CISA SSVC rates exploitation as none with partial technical impact.
WS-Security DigestMethod validation in CoreWCF's receive pipeline can be bypassed, allowing a remote sender to present XML Digital Signatures that use cryptographically weak per-reference hash algorithms (e.g., SHA-1) even when the configured SecurityAlgorithmSuite explicitly prohibits them. Affected are all CoreWCF.Primitives releases below v1.8.1 and the 1.9.0 release (pre-1.9.1). The service silently accepts these weakened signatures as policy-compliant, undermining the integrity guarantees that the algorithm suite is designed to enforce. No public exploit or CISA KEV listing exists; the vendor has released patches in v1.8.1 and v1.9.1 with no available workaround.
Broken or risky cryptographic algorithm use in Dell PowerFlex Manager 4.6.0.1 exposes network-accessible infrastructure management communications to potential interception and modification. Remote unauthenticated attackers who achieve the requisite network positioning - consistent with the CVSS AC:H rating - could exploit weak or deprecated cryptographic primitives to partially disclose sensitive management data (C:L) or tamper with communications in transit (I:L). Dell has published advisory DSA-2026-066 under the multi-CVE release DSA-2026-066; no public exploit code and no active exploitation (CISA KEV absent) have been identified at time of analysis.
Weak SSH cryptographic algorithms in Canon EOS Network Setting Tool version 1.5.0 and earlier allow network-adjacent attackers to undermine the confidentiality and integrity of SSH sessions used by the tool, per Canon PSIRT advisory CP2026-005. The CVSS 4.0 vector (AV:N/AC:H/UI:P/VC:H/VI:H) reflects high attack complexity and required user interaction, and there is no public exploit identified at time of analysis.
Unauthenticated cryptographic oracle exposure in the Aqara IAM/SSO gateway (gw-builder.aqara.com) lets remote attackers submit data for bidirectional AES encrypt/decrypt operations performed with the platform's signing key, with no authentication required. Because the same key that signs SSO tokens can be exercised as an oracle, an attacker can recover protected material and potentially forge or manipulate signed authentication tokens (tagged Authentication Bypass). Publicly available exploit code exists (SSVC exploitation=poc) and CISA's SSVC rates it automatable with total technical impact, though EPSS remains very low at 0.06%.