EUVD-2026-34042

QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm vulnerability that allows attackers to compromise user credentials by exploiting the use of MD5 for password hashing in the Tools::encrypt function within classes/Tools.php, which concatenates a static cookie...

SUSE SLES15 Security Update : nodejs22 (SUSE-SU-2026:1509-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1509-1 advisory. Update to version 22.22.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism...

SUSE SLES15 Security Update : nodejs20 (SUSE-SU-2026:1371-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1371-1 advisory. Update to version 20.20.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism...

EUVD-2025-8117

Malicious code in bioql PyPI...

CVE-2025-48931

The CVE-2025-48931 entry concerns TeleMessage service passwords hashed with MD5 (through 2025-05-05). Root cause: MD5-based password hashing enabling rainbow-table and related attacks with low computational effort. Impact is implied as password-cryptography weakness; no explicit exploited vector ...

CVE-2023-33838

IBM Security Verify Governance 10.0.2 Identity Manager uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input...

CVE-2021-36460

VeryFitPro com.veryfit2hr.second 3.2.8 hashes the account's password locally on the device and uses the hash to authenticate in all communication with the backend API, including login, registration and changing of passwords. This allows an attacker in possession of a hash to takeover a user's...

CVE-2025-3937 Use of Password Hash with Insufficient Computational Effort

Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niaga...

CVE-2023-33838

CVE-2023-33838 affects IBM Security Verify Governance 10.0.2 Identity Manager. The issue is that the product uses a one-way cryptographic hash on inputs that should not be reversible (e.g., passwords) without applying a salt, increasing exposure of hashed values. The connected IBM bulletin confir...

IBM Security Verify Governance 安全漏洞

IBM Security Verify Governance is an intelligent identity access platform from International Business Machines IBM, Inc. provides organizations with a platform to analyze, define and control user access and access risk. IBM Security Verify Governance suffers from a security vulnerability that ste...

RLSA-2024:10379 Important: pam security update

Pluggable Authentication Modules PAM provide a system to set up authentication policies without the need to recompile programs to handle authentication. Security Fixes: pam: libpam: Libpam vulnerable to read hashed password CVE-2024-10041 pam: Improper Hostname Interpretation in pamaccess Leads t...

PT-2024-36600 · Beego · Beego

Name of the Vulnerable Software and Affected Versions: beego versions prior to 2.3.4 Description: The issue concerns the use of MD5 as a hashing algorithm in beego, which is no longer considered secure due to its vulnerability to collision attacks. This vulnerability can lead to data integrity...

CVE-2024-22892

OpenSlides 4.0.15 was discovered to be using a weak hashing algorithm to store passwords...

Design/Logic Flaw

Bminusl IHateToBudget v1.5.7 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes...

CVE-2022-36072 SilverwareGames.io used == for hashing instead of ===

SilverwareGames.io is a social network for users to play video games online. In version 1.1.8 and prior, due to an unobvious feature of PHP, hashes generated by built-in functions and starting with the 0e symbols were being handled as zero multiplied with the e number. Therefore, the hash value w...

IBM Tivoli Key Lifecycle Manager 加密问题漏洞

IBM Tivoli Key Lifecycle Manager TKLM is a set of key lifecycle management software from IBM in the United States. The software provides key storage, key maintenance and key lifecycle management for storage devices. A security vulnerability exists in IBM Tivoli Key Lifecycle Manager that stems fr...

RLSA-2021:3492 Important: cyrus-imapd security update

The Cyrus IMAP server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contacts through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. Security Fixes: cyrus-imapd: Denial of service via string hashing algorithm collisions CVE-2021-33582 For more details...

Epikur Encryption Issues Vulnerabilities

Epikur is a healthcare mobile application from German company Epikur that provides users with psychotherapy, patient management, and other features. A security vulnerability exists in Epikur before 20.1.1 that stems from storing user passwords as MD5 hashes in the database...

PhpList Authentication Bypass Vulnerability (CNVD-2021-48845)

PhpList is a suite of open source newsletter and email marketing software from PhpList UK. A security vulnerability exists in phpList 3.5.3 that stems from the use of == instead of === for password hashing. No details of the vulnerability are provided at this time...

python: DoS via inefficiency in IPv{4,6}Interface classes

A vulnerability was found in the way the ipaddress python module computes hash values in the IPv4Interface and IPv6Interface classes. This flaw allows an attacker to create many dictionary entries, due to the performance of a dictionary containing the IPv4Interface or IPv6Interface objects,...