CWE-323: CWE-323

Total CVEs

Critical

High

7.3

Avg CVSS

Yearly Trend

2026

2025

2024

Top Affected Vendors

1 Hcltech 1

2 Qualcomm 1

3 W1.fi 1

All CWE-323 CVEs (6)

CVE-2025-64767

9.1

A race condition in hpke-js's SenderContext Seal() API allows re-use of AEAD nonces across multiple encryption calls, breaking cryptographic guarantee...

Nov 21, 2025

CVE-2025-47345

8.4

A cryptographic vulnerability in license data encryption could allow attackers to decrypt or manipulate license information. This affects systems usin...

Jan 7, 2026

CVE-2025-59870

7.4

HCL MyXalytics uses a static JWT signing secret that never rotates, allowing attackers who obtain the secret to forge authentication tokens. This affe...

Jan 16, 2026

CVE-2022-37660

6.5

CVE-2022-37660 is a cryptographic vulnerability in hostapd's PKEX implementation where the PKEX code remains active after successful association. This...

Feb 11, 2025

CVE-2024-36289

5.3

This vulnerability in FreeFrom - the nostr client allows man-in-the-middle attackers to manipulate direct message content when users reuse nonces and ...

Jun 17, 2024

CVE-2025-61739

N/A

This vulnerability involves nonce reuse in Johnson Controls Metasys products, allowing attackers to perform replay attacks or decrypt captured network...

Dec 22, 2025

About CWE-323 (CWE-323)

Our database tracks 6 CVEs classified as CWE-323, with 1 rated critical and 2 rated high severity. The average CVSS score for CWE-323 vulnerabilities is 7.3.

External reference: View CWE-323 on MITRE CWE →

Monitor CWE-323 Vulnerabilities

Get alerted when new CWE-323 CVEs affect your infrastructure.

Start Monitoring Free