CVEs classified under CWE-323, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (23)
CVE-2026-59099 — CVSS 9.1 (critical): Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that allows remote unauthenticated attackers to recover plaintext…
CVE-2026-12205 — CVSS 9.1 (critical): Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the…
CVE-2026-49952 — CVSS 9.1 (critical): Discuz! X5.0 releases 20260320 through 20260501 contains an authentication bypass vulnerability that allows unauthenticated remote…
CVE-2025-64767 — CVSS 9.1 (critical): hpke-js is a Hybrid Public Key Encryption (HPKE) module built on top of Web Cryptography API. Prior to version 1.7.5, the public…
CVE-2026-55967 — CVSS 7.5 (high): AES-GCM encryption/decryption with extremely large cumulative single message sizes (>64 GiB) were not properly rejected by the streaming…
CVE-2026-25998 — CVSS 7.5 (high): strongMan is a management interface for strongSwan, an OpenSource IPsec-based VPN. When storing credentials in the database (private keys…
CVE-2025-59870 — CVSS 7.4 (high): HCL MyXalytics is affected by improper management of a static JWT signing secret in the web application, where the secret lacks rotation…
CVE-2025-61739: Due to Nonce reuse, attackers can perform reply attack or decrypt captured packets.
CVE-2026-21383 — CVSS 7.1 (high): Cryptographic Issue when using a static initialization vector for AES-GCM key wrapping, which requires a unique value for each call to…
CVE-2026-5446 — CVSS 7.1 (high): In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every application-data record…
CVE-2023-7003 — CVSS 6.8 (medium): The AES key utilized in the pairing process between a lock using Sciener firmware and a wireless keypad is not unique, and can be reused to…
CVE-2023-28997 — CVSS 6.7 (medium): The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5…
CVE-2025-46632 — CVSS 6.5 (medium): Initialization vector (IV) reuse in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an attacker to discern information…
CVE-2022-37660 — CVSS 6.5 (medium): In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. An attacker that successfully…
CVE-2020-1759 — CVSS 6.4 (medium): A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was…
CVE-2026-3099 — CVSS 5.8 (medium): A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track…
CVE-2024-11022 — CVSS 5.6 (medium): The authentication process to the web server uses a challenge response procedure which inludes the nonce and additional information. This…
CVE-2024-36289 — CVSS 5.3 (medium): Reusing a nonce, key pair in encryption issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If…
CVE-2024-21530 — CVSS 4.5 (medium): Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump…
CVE-2024-41951 — CVSS 4.4 (medium): Pheonix App is a Python application designed to streamline various tasks, from managing files to playing mini-games. The issue is that the…
CVE-2026-56369 — CVSS 3.7 (low): ImageMagick before 7.1.2-22 contains an information disclosure vulnerability in the PasskeyEncipherImage method due to AES-CTR nonce reuse…