Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-325 (缺少必要的密码学步骤) — Vulnerability Class 34

34 vulnerabilities classified as CWE-325 (缺少必要的密码学步骤). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-29142 Plaintext secure-mail.html — Secure Email Gateway 7.5AIHighAI2026-04-02
CVE-2026-4601 jsrsasign 安全漏洞 — jsrsasign 8.7 High2026-03-23
CVE-2025-47383 Missing Cryptographic Step in Data Modem — Snapdragon 7.2 High2026-03-02
CVE-2025-69418 Unauthenticated/unencrypted trailing bytes with low-level OCB function calls — OpenSSL 9.1AICriticalAI2026-01-27
CVE-2026-22863 Deno node:crypto doesn't finalize cipher — deno 7.5 -2026-01-15
CVE-2025-60704 Windows Kerberos Elevation of Privilege Vulnerability — Windows 10 Version 1607 7.5 High2025-11-11
CVE-2025-59339 The Bastion ttyrec files are not signed after encryption by the osh-encrypt-rsync script — the-bastion 4.4 Medium2025-09-17
CVE-2025-58359 frost-core: refresh shares with smaller min_signers will reduce group security — frost 6.5AIMediumAI2025-09-04
CVE-2025-49600 Mbed TLS 安全漏洞 — mbedtls 4.9 Medium2025-07-04
CVE-2015-20112 Ethereum RLPx 安全漏洞 — RLPx 3.4 Low2025-06-29
CVE-2025-3938 Missing Cryptographic Step — Niagara Framework 6.8 Medium2025-05-22
CVE-2025-30147 ALTBN128_ADD, ALTBN128_MUL, ALTBN128_PAIRING precompile functions do not check if points are on curve — besu-native 7.5AIHighAI2025-05-07
CVE-2022-20793 Cisco Touch 10 Device Insufficient Identity Verification Vulnerability — Cisco RoomOS Software 6.8 Medium2024-11-15
CVE-2024-43547 Windows Kerberos Information Disclosure Vulnerability — Windows 10 Version 1809 6.5 Medium2024-10-08
CVE-2023-39199 Zoom Client 加密问题漏洞 — Zoom Clients 4.9 Medium2023-11-14
CVE-2023-40012 uthenticode EKU validation bypass — uthenticode 5.9 Medium2023-08-09
CVE-2023-34471 Missing Cryptographic Step — MegaRAC_SPx 6.3 Medium2023-07-05
CVE-2023-28999 Nextcloud: Lack of authenticity of metadata keys allows a malicious server to gain access to E2EE folders — security-advisories 6.9 Medium2023-04-04
CVE-2023-28998 Nextcloud Desktop client misbehaves with E2EE when the server returns empty list of metadata keys — security-advisories 6.7 Medium2023-04-04
CVE-2022-30115 curl 安全漏洞 — https://github.com/curl/curl 4.3 -2022-06-01
CVE-2022-29229 Missing Cryptographic Step in cassproject — CASS 6.3 Medium2022-05-18
CVE-2022-20742 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IPsec IKEv2 VPN Information Disclosure Vulnerability — Cisco Adaptive Security Appliance (ASA) Software 7.4 High2022-05-03
CVE-2022-1279 Insecure EBICS messages encryption implementation in ebics-java/ebics-java-client could allow an adjacent attacker to decrypt EBICS payloads — ebics-java-client 6.5 Medium2022-04-14
CVE-2021-22946 libcurl 安全漏洞 — https://github.com/curl/curl 9.1 -2021-09-29
CVE-2021-3680 Missing Cryptographic Step in star7th/showdoc — star7th/showdoc 6.5 -2021-08-04
CVE-2020-26244 Cryptographic issues in Python oic — pyoidc 6.8 Medium2020-12-02
CVE-2020-15098 Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS — TYPO3 CMS 8.8 High2020-07-29
CVE-2020-10702 QEMU 安全漏洞 — qemu 5.5 Medium2020-06-04
CVE-2019-3738 Dell RSA BSAFE Crypto-J 数据伪造问题漏洞 — RSA BSAFE Crypto-J 6.5 -2019-09-18
CVE-2018-5383 Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange — macOS 5.3 -2018-08-07

Vulnerabilities classified as CWE-325 (缺少必要的密码学步骤) represent 34 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.