CVEs from 2026
Total
14,035
critical
critical 1,231
high
high 4,634
medium
medium 4,444
low
low 484
% Critical
8.8%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 522
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 239
- openclaw 172
- commerce 104
- commerce_b2b 89
- grafana 80
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-1415 | low | 3.3 | 3.3 | 4mo ago | A vulnerability was identified in GPAC up to 2.4.0. Affected is the function gf_media_export_webvtt_metadata of the file src/media_tools/media_export.c. The manipulation of the argument Name leads to… | |||
| CVE-2026-44220 | low | 3.2 | 3.2 | 22d ago | ciguard: discover_pipeline_files follows symlinks out of scan root | |||
| CVE-2026-45362 | low | 3.2 | 3.2 | 22d ago | Sangoma Switchvox before 8.4 places cleartext SIP authentication credentials in a backup file. | |||
| CVE-2026-43969 | low | 3.2 | 3.2 | 23d ago | cowlib: Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1 | |||
| CVE-2026-31369 | low | 3.2 | 3.2 | 1mo ago | PcManager is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability | |||
| CVE-2026-10705 | low | 3.1 | 3.1 | 6h ago | A flaw has been found in dask up to 3.0. Affected by this issue is the function nunique_approx of the file dask/dataframe/hyperloglog.py of the component HLL Handler. This manipulation causes resourc… | |||
| CVE-2026-10565 | low | 3.1 | 3.1 | 1d ago | A security flaw has been discovered in Open5GS up to 2.7.6. The impacted element is the function gmm_state_security_mode of the file src/amf/gmm-sm.c of the component NGAP Handover. Performing a mani… | |||
| CVE-2026-45426 | low | 3.1 | 3.1 | 2d ago | Exploitation requires the attacker to already be an authenticated Airflow worker holding a valid Log-server JWT issued for at least one Dag. Apache Airflow's Log server authorized JWT tokens against … | |||
| CVE-2026-40963 | low | 3.1 | 3.1 | 2d ago | The structure_data endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those linked Dags. An authenticated U… | |||
| CVE-2026-9991 | low | 3.1 | 3.1 | 5d ago | Inappropriate implementation in Media in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HT… | |||
| CVE-2026-9959 | low | 3.1 | 3.1 | 5d ago | Race in WebRTC in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9950 | low | 3.1 | 3.1 | 5d ago | Insufficient validation of untrusted input in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a… | |||
| CVE-2026-9944 | low | 3.1 | 3.1 | 5d ago | Uninitialized Use in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium sec… | |||
| CVE-2026-9920 | low | 3.1 | 3.1 | 5d ago | Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chr… | |||
| CVE-2026-10011 | low | 3.1 | 3.1 | 5d ago | Inappropriate implementation in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Ch… | |||
| CVE-2026-49009 | low | 3.1 | 3.1 | 7d ago | Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal. | |||
| CVE-2026-47715 | low | 3.1 | 3.1 | 8d ago | Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, Bugsink issue event pages accept a direct event identifier from the URL and, in affected versions, look up that event without also requir… | |||
| CVE-2026-47716 | low | 3.1 | 3.1 | 8d ago | Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, In affected versions, the issue list view authorizes access through the project in the URL, but applies the requested bulk action to the … | |||
| CVE-2026-48851 | low | 3.1 | 3.1 | 8d ago | PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session. | |||
| CVE-2026-9398 | low | 3.1 | 3.1 | 9d ago | A security vulnerability has been detected in Besen BS20 EV Charging Station up to 20260426. This affects an unknown part of the component BLE/WiFi. Such manipulation leads to authentication bypass b… | |||
| CVE-2026-9394 | low | 3.1 | 3.1 | 10d ago | A vulnerability was determined in Besen BS20 EV Charging Station up to 20260426. This impacts an unknown function of the component Bluetooth Low Energy Handler. Executing a manipulation can lead to w… | |||
| CVE-2026-39967 | low | 3.1 | 3.1 | 12d ago | TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the bot engine's the findResult query does not filter results by typebotId, allowing an authenticated user to load result data (user a… | |||
| CVE-2026-9249 | low | 3.1 | 3.1 | 12d ago | Unverified password change in Devolutions Server allows an attacker to change a user's password without providing the previous one via a crafted password change request. This issue affects : * D… | |||
| CVE-2026-44057 | low | 3.1 | 3.1 | 13d ago | A dead bounds check in the Spotlight RPC unmarshaller in Netatalk 3.0.0 through 4.4.2 results in an unreachable code path that provides no effective bounds protection, which may allow a remote authen… | |||
| CVE-2026-7836 | low | 3.1 | 3.1 | 13d ago | An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attacker to cause limited data modification v… | |||
| CVE-2026-7835 | low | 3.1 | 3.1 | 13d ago | A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted input that triggers incorrect format string pro… | |||
| CVE-2026-44070 | low | 3.1 | 3.1 | 13d ago | An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted character convers… | |||
| CVE-2026-0968 | low | 3.1 | 3.1 | 15d ago | Moderate: libssh security update | |||
| CVE-2026-8741 | low | 3.1 | 3.1 | 17d ago | A vulnerability has been found in EMQX up to 6.2.0. This affects an unknown function of the file apps/emqx/src/emqx_persistent_session_ds.erl of the component QoS 2 PUBLISH Packet Handler. Such manip… | |||
| CVE-2026-8579 | low | 3.1 | 3.1 | 20d ago | Insufficient validation of untrusted input in Skia in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write… | |||
| CVE-2026-8578 | low | 3.1 | 3.1 | 20d ago | Out of bounds read in GPU in Google Chrome on Linux prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chro… | |||
| CVE-2026-8572 | low | 3.1 | 3.1 | 20d ago | Insufficient policy enforcement in Network in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a craft… | |||
| CVE-2026-8568 | low | 3.1 | 3.1 | 20d ago | Insufficient policy enforcement in AI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass Site Isolation via a crafted HTML page. (Ch… | |||
| CVE-2026-8556 | low | 3.1 | 3.1 | 20d ago | Inappropriate implementation in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HT… | |||
| CVE-2026-8554 | low | 3.1 | 3.1 | 20d ago | Type Confusion in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted H… | |||
| CVE-2026-8553 | low | 3.1 | 3.1 | 20d ago | Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Ch… | |||
| CVE-2026-8545 | low | 3.1 | 3.1 | 20d ago | Object corruption in Compositing in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromi… | |||
| CVE-2026-8536 | low | 3.1 | 3.1 | 20d ago | Insufficient validation of untrusted input in ReadingMode in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass site Isolation v… | |||
| CVE-2026-27680 | low | 3.1 | 3.1 | 20d ago | Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets (CSS) data into a web page served by the appl… | |||
| CVE-2026-8022 | low | 3.1 | 3.1 | 28d ago | Inappropriate implementation in MHTML in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted … | |||
| CVE-2026-8017 | low | 3.1 | 3.1 | 28d ago | Side-channel information leakage in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2026-7968 | low | 3.1 | 3.1 | 28d ago | Insufficient validation of untrusted input in CORS in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafte… | |||
| CVE-2026-7966 | low | 3.1 | 3.1 | 28d ago | Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a c… | |||
| CVE-2026-7965 | low | 3.1 | 3.1 | 28d ago | Insufficient validation of untrusted input in DevTools in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a craft… | |||
| CVE-2026-7959 | low | 3.1 | 3.1 | 28d ago | Inappropriate implementation in Navigation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.… | |||
| CVE-2026-7954 | low | 3.1 | 3.1 | 28d ago | Race in Shared Storage in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security… | |||
| CVE-2026-7949 | low | 3.1 | 3.1 | 28d ago | Out of bounds read in Skia in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted Chrome Extension. (Chromi… | |||
| CVE-2026-7945 | low | 3.1 | 3.1 | 28d ago | Insufficient validation of untrusted input in COOP in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HT… | |||
| CVE-2026-7944 | low | 3.1 | 3.1 | 28d ago | Insufficient validation of untrusted input in Persistent Cache in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via … | |||
| CVE-2026-7937 | low | 3.1 | 3.1 | 28d ago | Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a c… | |||
| CVE-2026-7909 | low | 3.1 | 3.1 | 28d ago | Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML pa… | |||
| CVE-2026-22741 | low | 3.1 | 3.1 | 1mo ago | Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. | |||
| CVE-2026-7360 | low | 3.1 | 3.1 | 1mo ago | Insufficient validation of untrusted input. in Compositing in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a c… | |||
| CVE-2026-7351 | low | 3.1 | 3.1 | 1mo ago | Race in MHTML in Google Chrome prior to 147.0.7727.138 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium se… | |||
| CVE-2026-41488 | low | 3.1 | 3.1 | 1mo ago | LangChain is a framework for building agents and LLM-powered applications. Prior to 1.1.14, langchain-openai's _url_to_size() helper (used by get_num_tokens_from_messages for image token counting) va… | |||
| CVE-2026-6611 | low | 3.1 | 3.1 | 1mo ago | A vulnerability was found in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component File Upload Endpoint. Performing a manipulatio… | |||
| CVE-2026-6312 | low | 3.1 | 3.1 | 2mo ago | Insufficient policy enforcement in Passwords in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML p… | |||
| CVE-2026-4590 | low | 3.1 | 3.1 | 2mo ago | A security flaw has been discovered in kalcaddle kodbox 1.64. The impacted element is an unknown function of the file /workspace/source-code/plugins/oauth/controller/bind/index.class.php of the compo… | |||
| CVE-2026-4584 | low | 3.1 | 3.1 | 2mo ago | A flaw has been found in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. This affects an unknown part of the component Cardholder Data Handler. Executing a manipulation can lead to cleartext transmissi… | |||
| CVE-2026-4477 | low | 3.1 | 3.1 | 3mo ago | A vulnerability was determined in Yi Technology YI Home Camera 2 2.1.1_20171024151200. This affects an unknown function of the component WPA/WPS. Executing a manipulation can lead to use of hard-code… | |||
| CVE-2026-3668 | low | 3.1 | 3.1 | 3mo ago | A weakness has been identified in Freedom Factory dGEN1 up to 20260221. This affects the function AndroidEthereum of the component org.ethosmobile.webpwaemul. This manipulation causes improper access… | |||
| CVE-2026-3465 | low | 3.1 | 3.1 | 3mo ago | A vulnerability was determined in Tuya App and SDK 24.07.11 on Android. Affected by this vulnerability is an unknown functionality of the component JSON Data Point Handler. This manipulation of the a… | |||
| CVE-2026-3193 | low | 3.1 | 3.1 | 3mo ago | A vulnerability was detected in Chia Blockchain 2.1.0. Impacted is an unknown function of the file /send_transaction. The manipulation results in cross-site request forgery. The attack may be perform… | |||
| CVE-2026-2702 | low | 3.1 | 3.1 | 3mo ago | A security flaw has been discovered in Beetel 777VR1 up to 01.00.09. This issue affects some unknown processing of the component WPA2 PSK. Performing a manipulation results in hard-coded credentials.… | |||
| CVE-2026-1743 | low | 3.1 | 3.1 | 4mo ago | A vulnerability has been found in DJI Mavic Mini, Air, Spark and Mini SE up to 01.00.0500. Affected by this vulnerability is an unknown functionality of the component Enhanced Wi-Fi Pairing. The mani… | |||
| CVE-2026-21947 | low | 3.1 | 3.1 | 4mo ago | Vulnerability in Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u471-b50. Difficult to exploit vulnerability allows unauthenticated attacker with netwo… | |||
| CVE-2026-1197 | low | 3.1 | 3.1 | 4mo ago | A vulnerability was detected in MineAdmin 1.x/2.x. Affected by this vulnerability is an unknown functionality of the file /system/downloadById. Performing a manipulation of the argument ID results in… | |||
| CVE-2026-44072 | low | 3.0 | 3.0 | 13d ago | Netatalk 2.2.1 through 4.4.2 calls system() after a failed chdir() without properly handling the error condition, which allows a local privileged user to execute unintended commands or cause a minor … | |||
| CVE-2026-44218 | low | 3.0 | 3.0 | 22d ago | ciguard: Container image runs as root (no USER directive) | |||
| CVE-2026-44916 | low | 3.0 | 3.0 | 26d ago | In OpenStack Ironic before 35.0.2 (in a certain non-default configuration), instance_info['ks_template'] is rendered without sandboxing. | |||
| CVE-2026-32684 | low | 2.9 | 2.9 | 22d ago | The application does not impose strict enough restrictions on directory access permissions, posing a risk that other malicious applications could obtain sensitive information. | |||
| CVE-2026-24515 | low | 2.9 | 2.9 | 4mo ago | In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data. | |||
| CVE-2026-41963 | low | 2.8 | 2.8 | 19d ago | Stack overflow vulnerability in the media platform. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-44367 | low | 2.7 | 2.7 | 16h ago | Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to inconsistent handling… | |||
| CVE-2026-10078 | low | 2.7 | 2.7 | 5d ago | A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically client_id and client_secret, to be transmitted as plaintext in URL que… | |||
| CVE-2026-8477 | low | 2.7 | 2.7 | 12d ago | Improper enforcement of the sealed-entry workflow in the entry sensitive-data retrieval feature in Devolutions Server allows an authenticated user with access to a sealed entry to retrieve its sensit… | |||
| CVE-2026-8492 | low | 2.7 | 2.7 | 14d ago | The GTranslate module provides a language switcher widget for Drupal sites. The module’s widget JavaScript did not sufficiently validate that document.currentScript referred to the executing script … | |||
| CVE-2026-5511 | low | 2.7 | 2.7 | 15d ago | In the web management interface of Archer AX72 (SG) v1, the network diagnostic feature improperly handles invalid user input, resulting in limited exposure of diagnostic command usage information. … | |||
| CVE-2026-2900 | low | 2.7 | 2.7 | 20d ago | GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that when instance-level approval rule editing prevention w… | |||
| CVE-2026-41659 | low | 2.7 | 2.7 | 1mo ago | Admidio Leaks Hidden Profile Field Values via Blind Search Oracle in Member Assignment | |||
| CVE-2026-6408 | low | 2.7 | 2.7 | 1mo ago | Tanium addressed an information disclosure vulnerability in Tanium Server. | |||
| CVE-2026-6392 | low | 2.7 | 2.7 | 1mo ago | Tanium addressed an information disclosure vulnerability in Threat Response. | |||
| CVE-2026-3307 | low | 2.7 | 2.7 | 1mo ago | An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated b… | |||
| CVE-2026-6597 | low | 2.7 | 2.7 | 1mo ago | A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function remove_api_keys/has_api_terms of the file src/backend/base/langflow/api/utils/core.py of the component Flo… | |||
| CVE-2026-6570 | low | 2.7 | 2.7 | 2mo ago | A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function initInstall of the file /app/controller/systemMember.class.php. Performing a manipulation of the argum… | |||
| CVE-2026-36942 | low | 2.7 | 2.7 | 2mo ago | Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in the file /orms/admin/activities/manage_activity.php. | |||
| CVE-2026-36946 | low | 2.7 | 2.7 | 2mo ago | Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/inquiries/view_details.php. | |||
| CVE-2026-36874 | low | 2.7 | 2.7 | 2mo ago | Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_student.php. | |||
| CVE-2026-39510 | low | 2.7 | 2.7 | 2mo ago | Authorization Bypass Through User-Controlled Key vulnerability in WP Chill Image Photo Gallery Final Tiles Grid final-tiles-grid-gallery-lite allows Exploiting Incorrectly Configured Access Control S… | |||
| CVE-2026-4957 | low | 2.7 | 2.7 | 2mo ago | A flaw has been found in OpenBMB XAgent 1.0.0. The impacted element is the function FunctionHandler.handle_tool_call of the file XAgent/function_handler.py of the component API Key Handler. This mani… | |||
| CVE-2026-4285 | low | 2.7 | 2.7 | 3mo ago | A vulnerability was identified in taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76433. Impacted is the function recognizeMarkdown of the file yudao-module-digitalcourse/yudao-module… | |||
| CVE-2026-3911 | low | 2.7 | 2.7 | 3mo ago | Keycloak: Information disclosure of disabled user attributes via administrative endpoint | |||
| CVE-2026-1588 | low | 2.7 | 2.7 | 4mo ago | A vulnerability was found in jishenghua jshERP up to 3.6. The impacted element is the function install of the file /jshERP-boot/plugin/installByPath of the component com.gitee.starblues.integration.o… | |||
| CVE-2026-22597 | low | 2.7 | 2.7 | 5mo ago | Ghost has SSRF via External Media Inliner | |||
| CVE-2026-45155 | low | 2.6 | 2.6 | 2d ago | Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.7 and 33.0.0 to before 33.0.1, a missing access check on API level allowed to add u… | |||
| CVE-2026-45154 | low | 2.6 | 2.6 | 2d ago | Nextcloud is an open source content collaboration platform. From version 2.6.0 to before version 4.3.0, when a previous collective pages was deleted and the collective was shared view-only, guests wi… | |||
| CVE-2026-9248 | low | 2.6 | 2.6 | 12d ago | Authorization bypass in the entry duplication feature in Devolutions Server allows an authenticated user with write access to any vault to copy documentation and attachments from an entry in a vault … | |||
| CVE-2026-7847 | low | 2.6 | 2.6 | 29d ago | Langchain-Chatchat Uses Insufficiently Random Values | |||
| CVE-2026-7846 | low | 2.6 | 2.6 | 29d ago | Langchain-Chatchat has a Race Condition in its OpenAI-Compatible File Upload API | |||
| CVE-2026-7845 | low | 2.6 | 2.6 | 29d ago | Langchain-Chatchat Uses a Broken or Risky Cryptographic Algorithm |