EUVD-2026-9044

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 use the cryptographically broken MD5 hash function for session cookie generation, weakening session security. Attackers can exploit predictable session tokens combined with MD5's collision vulnerabilities to forge valid session cookies an...

CVE-2026-27754

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 use the cryptographically broken MD5 hash function for session cookie generation, weakening session security. Attackers can exploit predictable session tokens combined with MD5's collision vulnerabilities to forge valid session cookies an...

CVE-2026-27754 SODOLA SL902-SWTGW124AS <= 200.1.20 MD5 Session Token Generation

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 use the cryptographically broken MD5 hash function for session cookie generation, weakening session security. Attackers can exploit predictable session tokens combined with MD5's collision vulnerabilities to forge valid session cookies an...

CVE-2026-27754

CVE-2026-27754 affects SODOLA SL902-SWTGW124AS firmware up to version 200.1.20, where a cryptographically broken MD5 hash is used to generate session cookies. This can enable predictable tokens and potential unauthorized access to the device due to MD5 weaknesses and token forgery. The descriptio...

CVE-2026-27754 SODOLA SL902-SWTGW124AS <= 200.1.20 MD5 Session Token Generation

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 use the cryptographically broken MD5 hash function for session cookie generation, weakening session security. Attackers can exploit predictable session tokens combined with MD5's collision vulnerabilities to forge valid session cookies an...

DEBIAN-CVE-2025-40932

Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...

SODOLA SL902-SWTGW124AS 安全漏洞

SODOLA SL902-SWTGW124AS is an industrial switch produced by the Spanish company SODOLA. Versions of SODOLA SL902-SWTGW124AS prior to version 200.1.20 contain security vulnerabilities. These vulnerabilities stem from the use of the MD5 hash function, which has weak encryption strength. This can...

CLSA-2026-1771519663 libsoup: Fix of 2 CVEs

CVE-2026-1761: fix stack-based buffer overflow in multipart HTTP response parsing caused by incorrect length calculation in soupfilterinputstreamreaduntil - CVE-2026-0719: fix stack-based buffer overflow in NTLM authentication caused by integer overflow in md4sum with excessively long passwords...

CVE-2025-11723 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.9.5 - Unauthenticated Sensitive Information Exposure

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.9.5 via the hash function due to use of a hardcoded fall-back salt. This makes it possible for...

CVE-2025-11723

CVE-2025-11723 : Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin for WordPress is affected up to version 1.6.9.5. The vulnerability arises from a hardcoded fallback salt used in the hash() function, enabling unauthenticated attackers to generate a valid token across sit...

PT-2026-1398

Name of the Vulnerable Software and Affected Versions Simply Schedule Appointments Booking Plugin versions prior to 1.6.9.6 Description The Appointment Booking Calendar – Simply Schedule Appointments Booking Plugin for WordPress is susceptible to sensitive information exposure due to the use of a...

UBUNTU-CVE-2023-54101

In the Linux kernel, the following vulnerability has been resolved: driver: soc: xilinx: use safe loop iterator to avoid a use after free The hashforeachpossible loop dereferences "evedata" to get the next item on the list. However the loop frees evedata so it leads to a use after free. Use...

CVE-2025-66511 Nextcloud Calendar app used predictable proposal participant tokens

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting proposals using a hash function, allowing an attacker to compute valid participant tokens, which allowed them to request details and submit dates in meeting proposals. The...

TencentOS Server 3: freeradius:3.0 (TSSA-2024:0764)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0764 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

OESA-2025-2522 poppler security update

is a PDF rendering library. Security Fixes: NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.CVE-2025-43903...

CVE-2025-34519

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords using the MD5 hash function without applying a per‑password salt. Because MD5 is a fast, unsalted hash, an attacker who obtains the password database can...

CVE-2025-59452

The YoSmart YoLink API through 2025-10-02 uses an endpoint URL that is derived from a device's MAC address along with an MD5 hash of non-secret information, such as a key that begins with cf50...

EUVD-2021-1539

Malware in sbrugna...

EUVD-2019-11480

Malware in sbrugna...

EUVD-2002-1006

Malware in sbrugna...