QloApps 安全漏洞

QloApps is an open-source hotel management and reservation system developed by QloApps. Versions of QloApps 1.7.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the use of MD5 for password hashing in the Tools.php file. Weak encryption algorithms allowed...

CVE-2026-44611 MacGregor Voyage Data Recorder (VDR) G4e Use of Password Hash With Insufficient Computational Effort

Danelec MacGregor Voyage Data Recorder passwords are stored with a hashing method which limits password length and is susceptible to brute force attacks...

CVE-2026-30790

...

PT-2026-23455

Name of the Vulnerable Software and Affected Versions RustDesk Client versions through 1.4.5 Description A flaw exists in RustDesk Client that allows for authentication bypass through capture-replay attacks and the use of a password hash with insufficient computational effort. This impacts the...

CVE-2025-46413

Use of password hash with insufficient computational effort issue exists in BUFFALO Wi-Fi router 'WSR-1800AX4 series'. When WPS is enabled, PIN code and/or Wi-Fi password may be obtained by an attacker...

BUFFALO WSR-1800AX4 Series 安全漏洞

BUFFALO WSR-1800AX4 Series is a series of WiFi routers from BUFFALO Japan. A security vulnerability exists in the BUFFALO WSR-1800AX4 Series that stems from an insufficient password hash calculation, which could lead to the PIN and Wi-Fi password being obtained by an attacker...

EUVD-2012-4824

Malware in sbrugna...

EUVD-2017-18566

Malware in sbrugna...

EUVD-2025-27547

Malicious code in bioql PyPI...

CVE-2025-51540

EzGED3 3.5.0 stores user passwords using an insecure hashing scheme: md5md5password. This hashing method is cryptographically weak and allows attackers to perform efficient offline brute-force attacks if password hashes are disclosed. The lack of salting and use of a fast, outdated algorithm make...

XXL-JOB 安全漏洞

XXL-JOB is a distributed task scheduling platform by the individual developer Xu Xueli xuxueli. A security vulnerability exists in XXL-JOB 3.1.1 and earlier versions, which stems from an insufficient password hash calculation in the Token generation component...

CVE-2025-46722 vLLM has a Weakness in MultiModalHasher Image Hashing Implementation

vLLM is an inference and serving engine for large language models LLMs. In versions starting from 0.7.0 to before 0.9.0, in the file vllm/multimodal/hasher.py, the MultiModalHasher class has a security and data integrity issue in its image hashing method. Currently, it serializes PIL.Image.Image...

CVE-2021-23020

The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictable keys...

freeradius: forgery attack

A vulnerability in the RADIUS Remote Authentication Dial-In User Service protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof...

DEBIAN-CVE-2024-23091

Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to obtain plaintext passwords from hash values...

The vulnerability of the FileTransfer component in the SAN management software Brocade SANnav allows a attacker to execute a “man-in-the-middle” attack.

The vulnerability of the FileTransfer component in the SAN management software Brocade SANnav is related to the insufficient encryption reliability during the generation of SSH keys, due to the use of the SHA-1 algorithm. Exploiting this vulnerability allows a remote attacker to execute a...

EnroCrypt 加密问题漏洞

EnroCrypt is This is a Python module for encryption, hashing, and other essentials you need to hash via secure encryption and imposed salt. A security vulnerability exists in versions prior to EnroCrypt 1.1.4 that stems from EnroCrypt's use of the MD5 hashing algorithm in hash files, which is...

CVE-2020-17494

Untangle Firewall NG before 16.0 uses MD5 for passwords...

CVE-2020-4778

IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram application. IBM X-Force ID: 189156...

WordPress Information Disclosure Vulnerability (CNVD-2017-35575)

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress 4.8.2 and earlier versions that stems from the program's use of ...