84 matches found
CVE-2026-6478
A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...
ALPINE-CVE-2026-6478
Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...
CVE-2026-24933 An improper certificate validation vulnerability was found in ADM while sending HTTPS requests to the server.
The API communication component fails to validate the SSL/TLS certificate when sending HTTPS requests to the server. An improper certificates validation vulnerability allows an unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to intercept the cleartext communication,...
PT-2026-4531
Name of the Vulnerable Software and Affected Versions Aptsys gemscms backend platform versions prior to 2025-05-29 Description An information disclosure issue exists in the /srvs/membersrv/getCashiers API endpoint of the Aptsys gemscms backend platform. This unauthenticated endpoint reveals a lis...
php_loose_comparison.txt
Initial Access — Foothold as www-data Vulnerability S...
EUVD-2018-8506
Malware in sbrugna...
EUVD-2018-7587
Malware in sbrugna...
EUVD-2023-12505
Malicious code in bioql PyPI...
EUVD-2025-9909
Malicious code in bioql PyPI...
CVE-2023-0451
Econolite EOS versions prior to 3.2.23 lack a password requirement for gaining “READONLY” access to log files and certain database and configuration files. One such file contains tables with MD5 hashes and usernames for all defined users in the control software, including administrators and...
CVE-2023-0452
Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for encrypting privileged user credentials. A configuration file that is accessible without authentication uses MD5 hashes for encrypting credentials, including those of administrators and technicians...
CVE-2023-35168
DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. Affected versions of DataEase has a privilege bypass vulnerability where ordinary users can gain access to the user database. Exposed information includes md5 hashes of passwords,...
CVE-2025-32352
A type confusion vulnerability in lib/NSSAuthenticator.php in ZendTo before v5.04-7 allows remote attackers to bypass authentication for users with passwords stored as MD5 hashes that can be interpreted as numbers. A solution requires moving from MD5 to bcrypt...
Privilege escalation
DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. Affected versions of DataEase has a privilege bypass vulnerability where ordinary users can gain access to the user database. Exposed information includes md5 hashes of passwords,...
CVE-2023-35168 DataEase has a privilege bypass vulnerability
DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. Affected versions of DataEase has a privilege bypass vulnerability where ordinary users can gain access to the user database. Exposed information includes md5 hashes of passwords,...
CVE-2023-35168 DataEase has a privilege bypass vulnerability
DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. Affected versions of DataEase has a privilege bypass vulnerability where ordinary users can gain access to the user database. Exposed information includes md5 hashes of passwords,...
CVE-2023-0452
Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for encrypting privileged user credentials. A configuration file that is accessible without authentication uses MD5 hashes for encrypting credentials, including those of administrators and technicians...
CVE-2023-0451
Econolite EOS versions prior to 3.2.23 lack a password requirement for gaining “READONLY” access to log files and certain database and configuration files. One such file contains tables with MD5 hashes and usernames for all defined users in the control software, including administrators and...
Design/Logic Flaw
Econolite EOS versions prior to 3.2.23 lack a password requirement for gaining “READONLY” access to log files and certain database and configuration files. One such file contains tables with MD5 hashes and usernames for all defined users in the control software, including administrators and...
CVE-2023-0451
CVE-2023-0451 affects Econolite EOS; EOS versions prior to 3.2.23 lack a password requirement for READONLY access to log files and certain databases/configuration files. Affected files reportedly contain MD5-hashed credentials and usernames for all defined users (including admins/techs), reflecti...