CVE-2019-12452

types/types.go in Containous Traefik 1.7.x through 1.7.11, when the --api flag is used and the API is publicly reachable and exposed without sufficient access control which is contrary to the API documentation, allows remote authenticated users to discover password hashes by reading the Basic HTT...

PT-2026-25847

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.2 Description Glances is a system cross-platform monitoring tool. The application exposes sensitive information through unauthenticated API endpoints. Specifically, the /api/v4/args and /api/v4/args/item endpoints...

EUVD-2023-60229

Screen SFT DAB 600/C firmware 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without requiring the current credentials. Attackers can exploit the userManager.cgx API endpoint by sending a crafted POST request with a new MD5-hashed password...

CVE-2023-53894

phpfm 1.7.9 contains an authentication bypass vulnerability that allows attackers to log in by exploiting loose type comparison in password hash validation. Attackers can craft specific password hashes beginning with 0e or 00e to bypass authentication and upload malicious PHP files to the server...

Weak Password Hash Generation

xxl-job is vulnerable to a Weak Password Hash Generation vulnerability. The vulnerability is due to insufficient computational effort in the 'makeToken' function of 'IndexController.java', where an attacker can manipulate the token-generation logic to obtain and resulting remote compromise...

CVE-2025-13532

Insecure defaults in the Server Agent component of Fortra's Core Privileged Access Manager BoKS can result in the selection of weak password hash algorithms. This issue affects BoKS Server Agent 9.0 instances that support yescrypt and are running in a BoKS 8.1 domain...

CVE-2025-13532

This CVE concerns Fortra’s Core Privileged Access Manager (BoKS): BoKS Server Agent 9.0 with yescrypt support running in a BoKS 8.1 domain is affected by insecure defaults that can cause the use of weak password hash algorithms. The issue is described across multiple sources as an insecure defaul...

CVE-2025-14553 Password Hash Leak Could Lead to Unauthorized Access on Tapo App via Local Network

Exposure of password hashes through an unauthenticated API response in TP-Link Tapo app on iOS and Android for Tapo cameras, allowing attackers to brute force the password in the local network. Issue can be mitigated through mobile application updates. Device firmware remains unchanged...

CVE-2025-14553

Summary: CVE-2025-14553 concerns TP-Link Tapo mobile apps (iOS/Android) exposing password hashes via an unauthenticated API response, enabling attackers on the local network to brute-force credentials. Multiple connected sources confirm: affected product scope includes TP-Link Tapo cameras; impac...

CVE-2023-53894

phpfm 1.7.9 contains an authentication bypass vulnerability that allows attackers to log in by exploiting loose type comparison in password hash validation. Attackers can craft specific password hashes beginning with 0e or 00e to bypass authentication and upload malicious PHP files to the server...

PT-2025-51742

Name of the Vulnerable Software and Affected Versions phpfm version 1.7.9 Description phpfm version 1.7.9 contains an authentication bypass. This occurs due to a loose type comparison during password hash validation. Attackers can bypass authentication by crafting specific password hashes startin...

TP-LINK Tapo C210 安全漏洞

TP-LINK Tapo C210 is a webcam device from China P&L TP-LINK. A security vulnerability exists in TP-Link Tapo C210 version V.1.8, which originates from an unauthenticated API response exposing a password hash, which could lead to a brute force cracking attack...

PHP Filesystem Management Tool 安全漏洞

PHP Filesystem Management Tool is a system management tool by the individual developer Fabrício Seger Kolling. A security vulnerability exists in PHP Filesystem Management Tool version 1.7.9, which stems from a loose type comparison in password hash validation that could lead to an authentication...

CVE-2023-53740

Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without providing the current credentials. Attackers can exploit the userManager.cgx endpoint by sending a crafted JSON request with a new MD5-hashed password to directly modify...

CVE-2025-64471

A use of password hash instead of password for authentication vulnerability CWE-836 vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attack...

CVE-2025-65831

The application uses an insecure hashing algorithm MD5 to hash passwords. If an attacker obtained a copy of these hashes, either through exploiting cloud services, performing TLS downgrade attacks on the traffic from a mobile device, or through another means, they may be able to crack the hash in...

CVE-2025-64471

A use of password hash instead of password for authentication vulnerability CWE-836 vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attack...

CVE-2025-64471

A use of password hash instead of password for authentication vulnerability CWE-836 vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attack...

CVE-2025-64471

Fortinet FortiWeb is affected by CVE-2025-64471 due to using a password hash instead of a password for authentication. Affected versions: FortiWeb 8.0.0–8.0.1, 7.6.0–7.6.5, 7.4.0–7.4.10, 7.2.0–7.2.11, 7.0.0–7.0.11. An unauthenticated attacker could authenticate by submitting a password hash in cr...

CVE-2025-64471

A use of password hash instead of password for authentication vulnerability CWE-836 vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attack...