Lucene search
K

97 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 1:49 a.m.13 views

CVE-2023-2900

A vulnerability was found in NFine Rapid Development Platform 20230511. It has been classified as problematic. Affected is an unknown function of the file /Login/CheckLogin. The manipulation leads to use of weak hash. It is possible to launch the attack remotely. The complexity of an attack is...

7.5CVSS6.8AI score0.00654EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:25 a.m.7 views

CVE-2022-25156

Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5UC CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120ENCPU all...

8.1CVSS7.2AI score0.01209EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:15 p.m.5 views

CVE-2022-36072

SilverwareGames.io is a social network for users to play video games online. In version 1.1.8 and prior, due to an unobvious feature of PHP, hashes generated by built-in functions and starting with the 0e symbols were being handled as zero multiplied with the e number. Therefore, the hash value w...

5.9CVSS6.9AI score0.0048EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:47 p.m.6 views

CVE-2022-25157

Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5UC CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC...

9.1CVSS7AI score0.0229EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:12 p.m.7 views

CVE-2021-39579

An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function stringhash located in q.c. It allows an attacker to cause code Execution...

7.8CVSS6.9AI score0.0106EPSS
Exploits1References1
CVE
CVE
added 2025/05/22 12:23 p.m.65 views

CVE-2025-3937

The CVE-2025-3937 issue affects Tridium Niagara Framework and Niagara Enterprise Security. Vulnerable component: password hash with insufficient computational effort, enabling cryptanalysis. Affected software versions: Niagara Framework before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterp...

9.8CVSS7.6AI score0.00316EPSS
Exploits0References2Affected Software2
RedhatCVE
RedhatCVE
added 2025/05/21 8:48 p.m.8 views

CVE-2005-4775

Michael Scholz and Sebastian Stein Contineo 2.0, when the admin account lacks an e-mail address attribute, displays the password hash in a warning upon page reload, which might allow remote attackers to view the hash...

5CVSS7.2AI score0.01184EPSS
Exploits0References1
CVE
CVE
added 2025/04/16 9:45 p.m.83 views

CVE-2025-32789

EspoCRM (open-source CRM) prior to version 9.0.7 is affected by a vulnerability in the user password hashing disclosure feature. The issue allows an attacker to infer other users’ password hashes by sorting the user list by the password hash, potentially enabling password changes if the attacker ...

3.7CVSS3.7AI score0.00366EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/04/16 9:45 p.m.37 views

CVE-2025-32789 EspoCRM Allows Potential Disclosure of Sensitive Information in the User Sorting Function

EspoCRM is an Open Source Customer Relationship Management software. Prior to version 9.0.7, users can be sorted by their password hash. This flaw allows an attacker to make assumptions about the hash values of other users stored in the password column of the user table, based on the results of t...

3.1CVSS0.00366EPSS
Exploits1References3
CVE
CVE
added 2025/03/26 11:8 a.m.63 views

CVE-2025-27552

CVE-2025-27552 affects the Perl DBIx::Class::EncodedColumn component, where the salting of password hashes uses the non-cryptographically secure rand() function in Crypt/Eksblowfish/Bcrypt.pm. The issue impacts DBIx::Class::EncodedColumn up to version 0.00032. According to the connected documents...

4CVSS7.3AI score0.0011EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/03/18 10:22 p.m.23 views

CVE-2025-2349

A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/passwd of the component Password Hash Handler. The manipulation leads to password hash with insufficient computational...

3.1CVSS6.8AI score0.00165EPSS
Exploits0References1
NVD
NVD
added 2025/03/16 10:15 p.m.13 views

CVE-2025-2349

A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/passwd of the component Password Hash Handler. The manipulation leads to password hash with insufficient computational...

4.7CVSS0.00165EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/03/16 9:31 p.m.8 views

CVE-2025-2349 IROAD Dash Cam FX2 Password Hash passwd weak password hash

A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/passwd of the component Password Hash Handler. The manipulation leads to password hash with insufficient computational...

3.1CVSS4AI score0.00165EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/03/05 12:22 p.m.7 views

CVE-2025-1868

Vulnerability of unauthorized exposure of confidential information affecting Advanced IP Scanner and Advanced Port Scanner. It occurs when these applications initiate a network scan, inadvertently sending the NTLM hash of the user performing the scan. This vulnerability can be exploited by...

6.9CVSS6.8AI score0.00237EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 9:39 p.m.9 views

CVE-2022-24798

Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. IRRd did not always filter password hashes in query responses relating to mntner objects and database exports. This may have allowed adversaries to retrieve some of these hashes, perfo...

7.5CVSS6.9AI score0.01366EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/13 5:25 p.m.10 views

CVE-2024-5743 Command Injection Vulnerability

An attacker could exploit the 'Use of Password Hash With Insufficient Computational Effort' vulnerability in EveHome Eve Play to execute arbitrary code. This issue affects Eve Play: through 1.1.42...

9.8CVSS9.7AI score0.0036EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/15 10:56 a.m.13 views

CVE-2024-7701 Misuse of SHA256 to create an encryption key

Use of Password Hash With Insufficient Computational Effort vulnerability in percona percona-toolkit allows Encryption Brute Forcing.This issue affects percona-toolkit: 3.6.0...

5.1CVSS7AI score0.002EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/15 12:0 a.m.5 views

Percona Toolkit 安全漏洞

Percona Toolkit is a series of advanced command line tools from Percona Corporation, USA. A security vulnerability exists in Percona Toolkit version 3.6.0 that stems from a password hash vulnerability that allows cryptographic brute force cracking using insufficient computational effort...

7.5CVSS6.7AI score0.002EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/12/11 12:0 a.m.8 views

The vulnerability of the Attended SysUpgrade function of the sysupgrade.openwrt.org service allows a malicious actor to create a specially crafted malware image signed with a legitimate key.

The vulnerability of the Attended SysUpgrade function of the sysupgrade.openwrt.org service in the embedded operating system OpenWrt is related to the use of a reversible one-way hash function. Exploiting this vulnerability allows a malicious actor to remotely create a specially crafted malware...

10CVSS8.1AI score0.01867EPSS
Exploits0References4Affected Software1
Oracle linux
Oracle linux
added 2024/08/11 12:0 a.m.30 views

389-ds-base security update

2.4.5-9 - Bump version to 2.4.5-9 - Resolves: RHEL-44323 - unauthenticated user can trigger a DoS by sending a specific extended search request - Resolves: RHEL-40945 - Malformed userPassword hash may cause Denial of Service - Resolves: RHEL-49457 - perf search result investigation for many large...

6.5CVSS7.4AI score0.00923EPSS
Exploits0
Rows per page
Query Builder