Lucene search
K

106 matches found

CVE
CVE
added 2025/12/10 12:0 a.m.20 views

CVE-2025-65831

CVE-2025-65831 is documented across multiple sources as involving insecure MD5-based password hashing that could enable credential cracking and unauthorized account access if hashes are obtained. A concrete product reference appears in CNNVD: Meatmeet Pro App v1.1.2.0 uses MD5 for password hashin...

7.5CVSS6.5AI score0.00179EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.7 views

OpenML Frontend 安全漏洞

OpenML Frontend is an OpenML Frontend page from OpenML Open Source. A security vulnerability exists in OpenML Frontend version v2.0.20241110, which stems from the use of predictable MD5-based tokens that could lead to account takeover...

7.5CVSS6.7AI score0.00517EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2025/11/10 12:0 a.m.155 views

📄 Ilevia EVE X1/X5 Server 4.7.18.0.eden Insecure Hashing Algorithm

Ilevia EVE X1/X5 Server version 4.7.18.0.eden stores user passwords in the database using the MD5 hashing algorithm, which is considered cryptographically insecure due to its vulnerability to collision and brute-force attacks. MD5 lacks modern protections such as salting and computational hardnes...

8.2CVSS7.1AI score0.0028EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2025/10/06 12:0 a.m.5 views

CVE-2025-59452

The YoSmart YoLink API through 2025-10-02 uses an endpoint URL that is derived from a device's MAC address along with an MD5 hash of non-secret information, such as a key that begins with cf50...

5.8CVSS6.5AI score0.00423EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/06 12:0 a.m.6 views

PT-2025-40949

Name of the Vulnerable Software and Affected Versions YoSmart YoLink versions through 2025-10-02 Description The YoSmart YoLink API constructs an endpoint URL using a device's MAC address and an MD5 hash of non-secret information, including a key starting with cf50. The API endpoint is derived fr...

5.8CVSS6.4AI score0.00423EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/10/02 2:18 p.m.15 views

CVE-2025-59745 Multiple vulnerabilities in AndSoft's e-TMS

Vulnerability in the cryptographic algorithm of AndSoft's e-TMS v25.03, which uses MD5 to encrypt passwords. MD5 is a cryptographically vulnerable hash algorithm and is no longer considered secure for storing or transmitting passwords. It is vulnerable to collision attacks and can be easily crack...

6.9CVSS0.00233EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/02 12:0 a.m.4 views

AndSoft e-TMS 加密问题漏洞

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from an encryption issue vulnerability that stems from the use of MD5 encrypted passwords, which can be exploited by an attacker to cause the disclosure of user credentials...

7.5CVSS6.7AI score0.00233EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/02 12:0 a.m.5 views

PT-2025-40366

Name of the Vulnerable Software and Affected Versions AndSoft e-TMS version 25.03 Description The software uses the MD5 hash algorithm to encrypt passwords. MD5 is considered a cryptographically weak hash algorithm and is susceptible to collision attacks, potentially exposing user credentials...

7.5CVSS6.4AI score0.00233EPSS
Exploits0References4
Snyk
Snyk
added 2025/09/17 8:11 p.m.2 views

Use of Weak Hash

Overview Affected versions of this package are vulnerable to Use of Weak Hash like the Md5 hash. An attacker can bypass file integrity verification by generating files with colliding MD5 hashes and distributing malicious content that passes integrity checks. Remediation Upgrade...

6.9CVSS6.6AI score0.00152EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/17 8:11 p.m.3 views

Use of Weak Hash

Overview Affected versions of this package are vulnerable to Use of Weak Hash like the Md5 hash. An attacker can bypass file integrity verification by generating files with colliding MD5 hashes and distributing malicious content that passes integrity checks. Remediation Upgrade...

6.9CVSS6.6AI score0.00152EPSS
Exploits0References2
CVE
CVE
added 2025/09/17 7:57 p.m.21 views

CVE-2025-59354

Summary: CVE-2025-59354 affects Dragonfly before version 2.1.0, where downloaded files may be replaced due to use of MD5 for hashing, enabling attackers to supply malicious files with colliding hashes. The vulnerability is fixed in 2.1.0. The initial description provides the root cause and remedi...

6.9CVSS6.4AI score0.00152EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/09/17 7:57 p.m.9 views

CVE-2025-59354 Dragonfly has weak integrity checks for downloaded files

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the DragonFly2 uses a variety of hash functions, including the MD5 hash, for downloaded files. This allows attackers to replace files with malicious ones that have a colliding hash. This...

6.9CVSS0.00152EPSS
Exploits0References2
NVD
NVD
added 2025/09/17 3:15 p.m.4 views

CVE-2025-40933

Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely. Session ids are generated using an MD5 hash of the epoch time and a call to the built-in rand function. The epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is...

7.5CVSS0.00383EPSS
Exploits0References1
OSV
OSV
added 2025/09/05 12:42 p.m.5 views

OESA-2025-2125 krb5 security update

Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Security Fixes: A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due ...

5.9CVSS7AI score0.00293EPSS
Exploits0References2
OSV
OSV
added 2025/09/05 12:42 p.m.8 views

OESA-2025-2124 krb5 security update

Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Security Fixes: A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due ...

5.9CVSS7AI score0.00293EPSS
Exploits0References2
NVD
NVD
added 2025/09/03 3:15 p.m.14 views

CVE-2025-56608

The SourceCodester Android application "Corona Virus Tracker App India" 1.0 uses MD5 for digest authentication in OkHttpClientWrapper.java. The handleDigest function employs MessageDigest.getInstance"MD5" to hash credentials. MD5 is a broken cryptographic algorithm known to allow hash collisions...

4.2CVSS0.00296EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/09/02 3:1 a.m.5 views

krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions

A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This ma...

5.9CVSS7.1AI score0.00293EPSS
Exploits0References5
NVD
NVD
added 2025/08/21 5:15 p.m.8 views

CVE-2025-9309

A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etcro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is needed for the...

7CVSS0.00193EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/08/21 4:32 p.m.14 views

CVE-2025-9309 Tenda AC10 MD5 Hash shadow hard-coded credentials

A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etcro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is needed for the...

2.5CVSS0.00193EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2025/08/13 5:3 a.m.8 views

krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions

A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This ma...

5.9CVSS7.1AI score0.00293EPSS
Exploits0References5
Rows per page
Query Builder