CVEs classified under CWE-1240, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2024-0323 — CVSS 9.8 (critical): The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An…
CVE-2025-24802 — CVSS 8.6 (high): Plonky2 is a SNARK implementation based on techniques from PLONK and FRI. Lookup tables, whose length is not divisible by 26 =…
CVE-2025-58720 — CVSS 7.8 (high): Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose…
CVE-2025-46424 — CVSS 6.7 (medium): Dell CloudLink, versions prior to 8.2, contain use of a Cryptographic Primitive with a Risky Implementation vulnerability. A high…
CVE-2026-22705 — CVSS 6.4 (medium): RustCrypto: Signatures offers support for digital signatures, which provide authentication of data using public-key cryptography. Prior to…
CVE-2025-64647 — CVSS 5.9 (medium): IBM Concert 1.0.0 through 2.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive…
CVE-2025-53960 — CVSS 5.9 (medium): When issuing JSON Web Tokens (JWT), Apache StreamPark directly uses the user's password as the HMAC signing key (e.g., with the HS256…
CVE-2025-14505 — CVSS 5.6 (medium): The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' (as computed based on step 3.2…
CVE-2025-29808 — CVSS 5.5 (medium): Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose…
CVE-2025-29779: Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing (VSS)…
CVE-2026-27017 — CVSS 5.3 (medium): uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake…
CVE-2026-44410 — CVSS 3.8 (low): This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways…