CVE-2026-7103

A vulnerability was determined in code-projects Chat System 1.0. Affected is an unknown function of the file updateuser.php of the component MD5 Hash Handler. This manipulation of the argument Password causes use of weak hash. The attack is possible to be carried out remotely. The attack's...

CVE-2026-25861

QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm vulnerability that allows attackers to compromise user credentials by exploiting the use of MD5 for password hashing in the Tools::encrypt function within classes/Tools.php, which concatenates a static cookie...

CVE-2026-25861

QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm vulnerability that allows attackers to compromise user credentials by exploiting the use of MD5 for password hashing in the Tools::encrypt function within classes/Tools.php, which concatenates a static cookie...

CVE-2026-33037

The CVE concerns WWBN AVideo. In versions ≤25.0, the official Docker deployment files ship with the admin password set to “password,” which is used to seed the admin account during installation unless SYSTEM_ADMIN_PASSWORD is overridden. This creates immediate administrative takeover risk, with f...

PT-2026-7888

Name of the Vulnerable Software and Affected Versions newbee-mall affected versions not specified Description The software stores and verifies user passwords using an unsalted MD5 hashing algorithm. This implementation lacks per-user salts and computational cost controls. Attackers obtaining...

CVE-2020-10538

An issue was discovered in Epikur before 20.1.1. It stores the secret passwords of the users as MD5 hashes in the database. MD5 can be brute-forced efficiently and should not be used for such purposes. Additionally, since no salt is used, rainbow tables can speed up the attack...

PT-2025-47340

Name of the Vulnerable Software and Affected Versions openml/openml.org web application version v2.0.20241110 Description The web application generates predictable tokens based on MD5 hashing for critical user actions, including signup confirmation, password resets, email confirmation resends, an...

EUVD-2019-7636

Malware in sbrugna...

EUVD-2020-0266

Malware in sbrugna...

EUVD-2019-16525

Malware in sbrugna...

EUVD-2024-21972

Malicious code in bioql PyPI...

EUVD-2025-16211

Malicious code in bioql PyPI...

Hash Collision Attack

llamaindex is vulnerable to Hash Collision Attack. The vulnerability is due to the use of MD5 hashing for generating document chunk IDs, which allows an attacker to exploit hash collisions by creating structurally distinct chunks with identical text...

GHSA-5HQ9-5R78-2GJH LlamaIndex vulnerable to data loss through hash collisions in its DocugamiReader class

A vulnerability in the DocugamiReader class of the run-llama/llamaindex repository, up to but excluding version 0.12.41, involves the use of MD5 hashing to generate IDs for document chunks. This approach leads to hash collisions when structurally distinct chunks contain identical text, resulting ...

CVE-2025-6211 MD5 Hash Collision in run-llama/llama_index

A vulnerability in the DocugamiReader class of the run-llama/llamaindex repository, up to version 0.12.28, involves the use of MD5 hashing to generate IDs for document chunks. This approach leads to hash collisions when structurally distinct chunks contain identical text, resulting in one chunk...

PT-2025-29091 · Unknown · Llama Index

Name of the Vulnerable Software and Affected Versions: llama index versions up to 0.12.28 Description: A vulnerability exists in the DocugamiReader class of the llama index repository. The use of MD5 hashing to generate IDs for document chunks can lead to hash collisions when structurally distinc...

Hash Collision

llamaindexreaderspapers is vulnerable to Hash Collision. The vulnerability is due to the use of MD5 hashing to generate filenames for downloaded papers, which allows an attacker to exploit hash collisions by submitting papers with identical titles but different content...

CVE-2025-48925

The TeleMessage service through 2025-05-05 relies on the client side e.g., the TM SGNL app to do MD5 hashing, and then accepts the hash as the authentication credential...

CVE-2025-48925

The TeleMessage service through 2025-05-05 relies on the client side e.g., the TM SGNL app to do MD5 hashing, and then accepts the hash as the authentication credential...

CVE-2025-48925

The TeleMessage service through 2025-05-05 relies on the client side e.g., the TM SGNL app to do MD5 hashing, and then accepts the hash as the authentication credential...