PT-2025-46661

Name of the Vulnerable Software and Affected Versions Tenda AC15 version 15.03.05.18 multi Description The authentication cookie used by the device exposes the account password hash to the client and utilizes a short, low-entropy suffix as the session identifier. An attacker with network access o...

CVE-2025-63666

Tenda AC15 v15.03.05.18multi issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to acce...

Tenda AC15 安全漏洞

Tenda AC15 is a wireless router from Tenda China. A security vulnerability exists in Tenda AC15 version v15.03.05.18multi, which stems from an authentication cookie that exposes a password hash and uses a low entropy session identifier, which could lead to session hijacking...

CVE-2025-63666

Tenda AC15 v15.03.05.18multi issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to acce...

CVE-2025-63666

CVE-2025-63666 affects Tenda AC15 v15.03.05.18_multi. The flaw is that an authentication cookie exposes the account password hash to the client and uses a short, low-entropy session identifier. An attacker with network access or the ability to run JavaScript in a victim’s browser can steal the co...

CVE-2025-46413

Use of password hash with insufficient computational effort issue exists in BUFFALO Wi-Fi router 'WSR-1800AX4 series'. When WPS is enabled, PIN code and/or Wi-Fi password may be obtained by an attacker...

EUVD-2025-38245

Use of password hash with insufficient computational effort issue exists in BUFFALO Wi-Fi router 'WSR-1800AX4 series'. When WPS is enabled, PIN code and/or Wi-Fi password may be obtained by an attacker...

CVE-2025-46413

Use of password hash with insufficient computational effort issue exists in BUFFALO Wi-Fi router 'WSR-1800AX4 series'. When WPS is enabled, PIN code and/or Wi-Fi password may be obtained by an attacker...

Use of password hash with insufficient computational effort vulnerability in BUFFALO Wi-Fi router "WSR-1800AX4 series"

Overview Wi-Fi router "WSR-1800AX4 series" provided by BUFFALO INC. contains the following vulnerability. Use of password hash with insufficient computational effort CWE-916 - CVE-2025-46413 Kazuaki Chikamori and Takayuki Tatekawa of National Institute of Technology, Kochi College reported this...

MantisBT vulnerable to authentication bypass for some passwords due to PHP type juggling

Due to an incorrect use of loose == instead of strict === comparison in the authentication code1, PHP type juggling will cause interpretation of certain MD5 hashes as numbers, specifically those matching scientific notation. 1:...

SUSE SLED15: libfreebl3 / libfreebl3-32bit / libsoftokn3 / libsoftokn3-32bit / etc (SUSE-SU-2025:3804-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:3804-1 advisory. - Move NSS DB password hash away from SHA-1 Update to NSS 3.112.2: Prevent leaks during pkcs12 decoding...

SUSE-SU-2025:3804-1 Security update for mozilla-nss

This update for mozilla-nss fixes the following issues: - Move NSS DB password hash away from SHA-1 Update to NSS 3.112.2: Prevent leaks during pkcs12 decoding. SECASN1Decode should ensure it has read as many bytes as each length field indicates Update to NSS 3.112.1: restore support for finding...

SUSE SLES12: libfreebl3 / libfreebl3-32bit / libsoftokn3 / libsoftokn3-32bit / etc (SUSE-SU-2025:3759-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:3759-1 advisory. - Move NSS DB password hash away from SHA-1 Update to NSS 3.112.2: Prevent leaks during pkcs12 decoding. SECASN1Decode should ensure it has read as man...

SUSE SLES15: libfreebl3 / libfreebl3-32bit / libsoftokn3 / libsoftokn3-32bit / etc (SUSE-SU-2025:3760-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:3760-1 advisory. - Move NSS DB password hash away from SHA-1. Update to NSS 3.112.2: Prevent leaks during pkcs12 decoding. SECASN1Decode should ensure it has...

SUSE-SU-2025:3760-1 Security update for mozilla-nss

This update for mozilla-nss fixes the following issues: - Move NSS DB password hash away from SHA-1. Update to NSS 3.112.2: Prevent leaks during pkcs12 decoding. SECASN1Decode should ensure it has read as many bytes as each length field indicates Update to NSS 3.112.1: restore support for finding...

Security update for mozilla-nss

This update for mozilla-nss fixes the following issues: Move NSS DB password hash away from SHA-1 Update to NSS 3.112.2: Prevent leaks during pkcs12 decoding. SECASN1Decode should ensure it has read as many bytes as each length field indicates Update to NSS 3.112.1: restore support for finding...

SUSE-SU-2025:3759-1 Security update for mozilla-nss

This update for mozilla-nss fixes the following issues: - Move NSS DB password hash away from SHA-1 Update to NSS 3.112.2: Prevent leaks during pkcs12 decoding. SECASN1Decode should ensure it has read as many bytes as each length field indicates Update to NSS 3.112.1: restore support for finding...

Exploit for SQL Injection in Cmsmadesimple Cms_Made_Simple

CMS Made Simple ⚠️ Disclaimer: This script is for edu...

Exploit for SQL Injection in Getperfectsurvey Perfect_Survey

exploitcve-2021-24762 This repo shows an exploit to CVE-2021-...

EUVD-2018-14354

Malware in sbrugna...