| 2025-03-25 | CVE-2024-31896 | IBM SPSS Statistics 26.0, 27.0.1, 28.0.1, and 29.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.9 |
| 2025-03-20 | CVE-2025-2539 | The File Away plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax() function in all versions up to, and including, 3.9.9.0.1. | 7.5 |
| 2025-03-14 | CVE-2024-45643 | IBM Security QRadar 3.12 EDR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive credential information. | 5.9 |
| 2025-02-19 | CVE-2024-28780 | IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 Rich Client uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.9 |
| 2025-02-06 | CVE-2024-49797 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Applinx 11.1.0
IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2025-02-04 | CVE-2025-22475 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Dell Data Domain Operating System
Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a Cryptographic Primitive with a Risky Implementation vulnerability. | 7.5 |
| 2025-01-27 | CVE-2024-38320 | IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client 8.1.0.0 through 8.1.23.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.9 |
| 2025-01-20 | CVE-2024-22347 | IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. | 5.9 |
| 2025-01-07 | CVE-2024-52366 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Concert Software
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2025-01-04 | CVE-2024-41763 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |