Lucene search
K

52 matches found

Positive Technologies
Positive Technologies
added 5 days ago11 views

PT-2026-55794

Name of the Vulnerable Software and Affected Versions cve-search affected versions not specified Description An unauthenticated improper input validation issue exists in the 'POST /fetch cve data' endpoint. A remote attacker can manipulate request parameters that control the MongoDB collection,...

9.2CVSS6.1AI score0.00349EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/29 5:2 a.m.9 views

CVE-2026-53632

A flaw was found in launch-editor. This component, used in Node.js to open files, can be tricked into accessing arbitrary paths, including Windows Universal Naming Convention UNC paths. When a malicious UNC path is opened, Windows automatically attempts NTLM authentication to a remote server...

5.5CVSS6AI score0.00322EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/08 4:47 p.m.7 views

CVE-2026-39908

OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the NTLMv2 hash of the process user by configuring a job proxy source with a UNC path pointing to an attacker-controlled server. When the job starts, the application...

7.1CVSS5.5AI score0.00314EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/20 5:50 a.m.2 views

CVE-2026-33041 AVideo has an Unauthenticated Password Hash Oracle via encryptPass.json.php

WWBN AVideo is an open source video platform. In versions 25.0 and below, /objects/encryptPass.json.php exposes the application's password hashing algorithm to any unauthenticated user. An attacker can submit arbitrary passwords and receive their hashed equivalents, enabling offline password...

5.3CVSS6AI score0.00327EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/20 5:50 a.m.24 views

CVE-2026-33041 AVideo has an Unauthenticated Password Hash Oracle via encryptPass.json.php

WWBN AVideo is an open source video platform. In versions 25.0 and below, /objects/encryptPass.json.php exposes the application's password hashing algorithm to any unauthenticated user. An attacker can submit arbitrary passwords and receive their hashed equivalents, enabling offline password...

5.3CVSS0.00327EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.6 views

WWBN AVideo 信息泄露漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo 25.0 and earlier contained a vulnerability related to information leakage. This vulnerability stemmed from the password hashing algorithm exposed in the /objects/encryptPass.json.ph...

5.3CVSS5.8AI score0.00327EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/17 7:48 p.m.3 views

Information Exposure

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Information Exposure via the encryptPass.json.php process. An attacker can obtain hashed equivalents of arbitrary passwords by submitting them to the exposed...

6.9CVSS5.9AI score0.00327EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/17 7:48 p.m.10 views

AVideo has an Unauthenticated Password Hash Oracle via encryptPass.json.php

Summary /objects/encryptPass.json.php exposes the application's password hashing algorithm to any unauthenticated user. An attacker can submit arbitrary passwords and receive their hashed equivalents, enabling offline password cracking against leaked database hashes. Details File:...

5.3CVSS5.9AI score0.00327EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/02/12 7:15 p.m.5 views

CVE-2026-26219

newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure, backup leakage, or other compromise vectors to...

9.1CVSS5.8AI score0.00191EPSS
Exploits1References2
CVE
CVE
added 2026/02/12 6:39 p.m.17 views

CVE-2026-26219

CVE-2026-26219 affects newbee-mall stores that hash passwords using unsalted MD5 without per-user salts or computational cost controls. Root cause: MD5 hashing without salt enables offline credential cracking if password hashes are exposed. Impact: high confidentiality and integrity risk; plainte...

9.3CVSS5.5AI score0.00191EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/02/12 6:39 p.m.31 views

CVE-2026-26219 newbee-mall Unsalted MD5 Password Hashing Enables Offline Credential Cracking

newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure, backup leakage, or other compromise vectors to...

9.3CVSS0.00191EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 10:7 a.m.9 views

CVE-2019-20457

An issue was discovered on Brother MFC-J491DW C1806180757 devices. The printer's web-interface password hash can be retrieved without authentication, because the response header of any failed login attempt returns an incomplete authorization cookie. The value of the authorization cookie is the MD...

9.1CVSS7.1AI score0.00734EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/31 6:31 p.m.8 views

CVE-2025-62618 ELOG file upload stored XSS

ELOG allows an authenticated user to upload arbitrary HTML files. The HTML content is executed in the context of other users when they open the file. Because ELOG includes usernames and password hashes in certain HTTP requests, an attacker can obtain the target's credentials and replay them or...

8.6CVSS0.00291EPSS
Exploits0References5
OSV
OSV
added 2025/10/31 6:31 p.m.4 views

CVE-2025-62618 ELOG file upload stored XSS

ELOG allows an authenticated user to upload arbitrary HTML files. The HTML content is executed in the context of other users when they open the file. Because ELOG includes usernames and password hashes in certain HTTP requests, an attacker can obtain the target's credentials and replay them or...

8.6CVSS6.1AI score0.00291EPSS
Exploits0References7
Trellix
Trellix
added 2025/10/15 12:0 a.m.4 views

The Silent Threat in Active Directory: How AS-REP Roasting Steals Passwords Without a Trace and Trellix NDR’s Rapid Detection

The Silent Threat in Active Directory: How AS-REP Roasting Steals Passwords Without a Trace and Trellix NDR’s Rapid Detection By Maulik Maheta · October 15, 2025 Executive summary Adversaries use AS-REP Roasting to extract and crack password hashes from Active Directory AD accounts with Kerberos...

5.5AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-27849

Malicious code in bioql PyPI...

8.7CVSS6.6AI score0.00314EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/08/26 10:18 p.m.4 views

CVE-2025-35114 Agiloft local privilege escalation via default credentials

Agiloft Release 28 contains several accounts with default credentials that could allow local privilege escalation. The password hash is known for at least one of the accounts and the credentials could be cracked offline. Users should upgrade to Agiloft Release 30...

8.7CVSS6.3AI score0.00314EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 5:31 a.m.6 views

CVE-2023-29446

An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline...

4.7CVSS6.8AI score0.00214EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:20 p.m.5 views

CVE-2022-38788

An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00.0281. Bluetooth on the Nokia ODU uses outdated pairing mechanisms, allowing an attacker to passively intercept a paring handshake and after offline cracking retrieve the PIN and LTK long-term key...

4.3CVSS5.1AI score0.00537EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:5 p.m.7 views

CVE-2020-11916

An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. The password for the root user is hashed using an old and deprecated hashing technique. Because of this deprecated hashing, the success probability of an attacker in an offline cracking attack is greatly increased...

6.3CVSS7.2AI score0.00474EPSS
Exploits1References1
Rows per page
Query Builder