CVE-2026-44611 MacGregor Voyage Data Recorder (VDR) G4e Use of Password Hash With Insufficient Computational Effort

Danelec MacGregor Voyage Data Recorder passwords are stored with a hashing method which limits password length and is susceptible to brute force attacks...

CVE-2026-30790 RustDesk Server Controls All Handshake Entropy (Salt/Challenge), Enabling Offline Brute-Force

Improper Restriction of Excessive Authentication Attempts, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux Peer authentication, API login modules, rustdesk-server RustDesk Server OSS...

PT-2026-23455

Authentication Bypass by Capture-replay, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Client login, peer authentication modules allows Reusing Session IDs aka Session Replay. Thi...

CVE-2025-46413

Use of password hash with insufficient computational effort issue exists in BUFFALO Wi-Fi router 'WSR-1800AX4 series'. When WPS is enabled, PIN code and/or Wi-Fi password may be obtained by an attacker...

BUFFALO WSR-1800AX4 Series 安全漏洞

BUFFALO WSR-1800AX4 Series is a series of WiFi routers from BUFFALO Japan. A security vulnerability exists in the BUFFALO WSR-1800AX4 Series that stems from an insufficient password hash calculation, which could lead to the PIN and Wi-Fi password being obtained by an attacker...

EUVD-2017-18566

Malware in sbrugna...

EUVD-2012-4824

Malware in sbrugna...

EUVD-2025-27547

Malicious code in bioql PyPI...

CVE-2025-51540

EzGED3 3.5.0 stores user passwords using an insecure hashing scheme: md5md5password. This hashing method is cryptographically weak and allows attackers to perform efficient offline brute-force attacks if password hashes are disclosed. The lack of salting and use of a fast, outdated algorithm make...

XXL-JOB 安全漏洞

XXL-JOB is a distributed task scheduling platform by the individual developer Xu Xueli xuxueli. A security vulnerability exists in XXL-JOB 3.1.1 and earlier versions, which stems from an insufficient password hash calculation in the Token generation component...

CVE-2025-46722 vLLM has a Weakness in MultiModalHasher Image Hashing Implementation

vLLM is an inference and serving engine for large language models LLMs. In versions starting from 0.7.0 to before 0.9.0, in the file vllm/multimodal/hasher.py, the MultiModalHasher class has a security and data integrity issue in its image hashing method. Currently, it serializes PIL.Image.Image...

CVE-2021-23020

The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictable keys...

freeradius: forgery attack

A vulnerability in the RADIUS Remote Authentication Dial-In User Service protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof...

DEBIAN-CVE-2024-23091

Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to obtain plaintext passwords from hash values...

EnroCrypt 加密问题漏洞

EnroCrypt is This is a Python module for encryption, hashing, and other essentials you need to hash via secure encryption and imposed salt. A security vulnerability exists in versions prior to EnroCrypt 1.1.4 that stems from EnroCrypt's use of the MD5 hashing algorithm in hash files, which is...

CVE-2020-17494

Untangle Firewall NG before 16.0 uses MD5 for passwords...

CVE-2020-4778

IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram application. IBM X-Force ID: 189156...

WordPress Information Disclosure Vulnerability (CNVD-2017-35575)

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress 4.8.2 and earlier versions that stems from the program's use of ...

cumin: weak password hashing

Cumin aka MRG Management Console, as used in Red Hat Enterprise MRG 2.5, uses the DES-based crypt function to hash passwords, which makes it easier for attackers to obtain sensitive information via a brute-force attack...

Cracking 16 Character Strong passwords in less than an hour

The Password serves to protect your financial transactions, your social networking sites, and a host of other nominally secure websites online. People often say, "don't use dictionary words as passwords. They are horribly unsecure", but what if hackers also managed to crack any 16 character...