CVEs classified under CWE-325, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (32)
CVE-2026-4601 — CVSS 8.7 (high): Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash…
CVE-2025-30147: Besu Native contains scripts and tooling that is used to build and package the native libraries used by the Ethereum client Hyperledger…
CVE-2026-45445 — CVSS 7.5 (high): Issue summary: When an application drives an AES-OCB context through the public EVP_Cipher() one-shot interface, the application-supplied…
CVE-2026-41395 — CVSS 7.5 (high): OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query ordering for…
CVE-2026-22863 — CVSS 7.5 (high): Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.6.0, node:crypto doesn't finalize cipher. The vulnerability allows an…
CVE-2025-60704 — CVSS 7.5 (high): Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-49440 — CVSS 7.4 (high): Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, node:crypto.checkPrime(candidate[, options][, callback]) and…
CVE-2022-20742 — CVSS 7.4 (high): A vulnerability in an IPsec VPN library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)…
CVE-2026-9266: A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and…
CVE-2022-20793 — CVSS 6.8 (medium): A vulnerability in pairing process of Cisco TelePresence CE Software and RoomOS Software for Cisco Touch 10 Devices could allow…
CVE-2023-28998 — CVSS 6.7 (medium): The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5…
CVE-2026-48480: The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp implementation of…
CVE-2022-1279 — CVSS 6.5 (medium): A vulnerability in the encryption implementation of EBICS messages in the open source librairy ebics-java/ebics-java-client allows an…
CVE-2019-3738 — CVSS 6.5 (medium): RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote…
CVE-2023-34471 — CVSS 6.3 (medium): AMI SPx contains a vulnerability in the BMC where a user may cause a missing cryptographic step by generating a hash-based message…
CVE-2022-29229 — CVSS 6.3 (medium): CaSS is a Competency and Skills System. CaSS Library, (npm:cassproject) has a missing cryptographic step when storing cryptographic keys…
CVE-2025-58359: ZF FROST is a Rust implementation of FROST (Flexible Round-Optimised Schnorr Threshold signatures). In versions 2.0.0 through 2.1.0…
CVE-2026-0420 — CVSS 5.9 (medium): An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an…
CVE-2023-40012 — CVSS 5.9 (medium): uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Versions of uthenticode prior to the…
CVE-2020-10702 — CVSS 5.5 (medium): A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in…
CVE-2026-29142 — CVSS 5.3 (medium): SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to forge a GINA-encrypted email.
CVE-2026-6458: Missing cryptographic step in Caliptra Core Firmware (aes_256_gcm_update module) results in an incorrect GCM authentication tag. When the…
CVE-2025-49600 — CVSS 4.9 (medium): In MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_verify may accept invalid signatures if hash computation fails and internal errors go unchecked…
CVE-2023-39199 — CVSS 4.9 (medium): Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via…
CVE-2026-45446 — CVSS 4.8 (medium): Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452) mishandle the authentication of AAD (Additional…
CVE-2025-59339 — CVSS 4.4 (medium): The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. Session-recording ttyrec files, may be…
CVE-2025-69418 — CVSS 4.0 (medium): Issue summary: When using the low-level OCB API directly with AES-NI or<br>other hardware-accelerated code paths, inputs whose length is…
CVE-2026-42770 — CVSS 3.7 (low): Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, the peer key is not properly checked for the subgroup…
CVE-2025-5323 — CVSS 3.7 (low): A vulnerability, which was classified as problematic, has been found in fossasia open-event-server 1.19.1. This issue affects the function…
CVE-2015-20112 — CVSS 3.4 (low): RLPx 5 has two CTR streams based on the same key, IV, and nonce. This can facilitate decryption on a private network.