CVE-2025-7204 Exposure of password hashes via API responses in ConnectWise PSA

In ConnectWise PSA versions older than 2025.9, a vulnerability exists where authenticated users could gain access to sensitive user information. Specific API requests were found to return an overly verbose user object, which included encrypted password hashes for other users. Authenticated users...

CVE-2025-7204 Exposure of password hashes via API responses in ConnectWise PSA

In ConnectWise PSA versions older than 2025.9, a vulnerability exists where authenticated users could gain access to sensitive user information. Specific API requests were found to return an overly verbose user object, which included encrypted password hashes for other users. Authenticated users...

The vulnerability of the Device Admin App operating system ctrlX OS allows a hacker to recover passwords of other users.

The vulnerability of the Device Admin App on the ctrlX OS operating system is related to insufficient calculation of the password hash. Exploiting this vulnerability allows a malicious actor to retrieve passwords of other users by sending specially crafted HTTP requests...

ConnectWise PSA 安全漏洞

ConnectWise PSA is a specialized service automation software from ConnectWise USA. A security vulnerability exists in ConnectWise PSA versions prior to 2025.9 that stems from the API returning too much user information, which could lead to an authenticated user obtaining an encrypted password has...

File Browser: Command Execution not Limited to Scope

!NOTE This feature has been disabled by default for all installations from v2.33.8 onwards, including for existent installations. To exploit this vulnerability, the instance administrator must turn on a feature and ignore all the warnings about known vulnerabilities. We're publishing this new...

Astra Linux – Vulnerability in the 389-DS-base

A denial-of-service vulnerability was discovered in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service when attempting to log in using a user with a malformed hash in their password...

CVE-2025-49197

The application uses a weak password hash function, allowing an attacker to crack the weak password hash to gain access to an FTP user account...

CVE-2025-49197

The application uses a weak password hash function, allowing an attacker to crack the weak password hash to gain access to an FTP user account...

CVE-2025-49197

The application uses a weak password hash function, allowing an attacker to crack the weak password hash to gain access to an FTP user account...

CVE-2025-49197 Deprecated TLS version supported

The application uses a weak password hash function, allowing an attacker to crack the weak password hash to gain access to an FTP user account...

CVE-2025-49197

CVE-2025-49197 describes use of a weak password hash function that could allow an attacker to crack the hash and gain access to an FTP user account. Multiple sources (NVD, Red Hat, risk assessments) reiterate the same weakness and associated risk; no explicit vulnerability-fixed version or patch ...

CVE-2025-49197 Deprecated TLS version supported

The application uses a weak password hash function, allowing an attacker to crack the weak password hash to gain access to an FTP user account...

SICK Field Analytics和SICK Media Server 安全漏洞

SICK Field Analytics and SICK Media Server are both products of the German company SICK.SICK Field Analytics is software for evaluating manufacturing data.SICK Media Server is a media server. A security vulnerability exists in SICK Field Analytics and SICK Media Server that stems from the use of ...

PT-2025-25323 · Sick Ag · Sick Media Server

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The application uses a weak password hash function, allowing an attacker to crack the weak password hash to gain access to an FTP user account. Recommendations: At the moment, there is no...

New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora

Two information disclosure flaws have been identified in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, according to the Qualys Threat Research Unit TRU. Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs...

CVE-2024-22893

OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing attack...

CVE-2024-28065

In Unify CP IP Phone firmware 1.10.4.3, files are not encrypted and contain sensitive information such as the root password hash...

CVE-2024-29886

Serverpod is an app and web server, built for the Flutter and Dart ecosystem. An issue was identified with the old password hash algorithm that made it susceptible to rainbow attacks if the database was compromised. This vulnerability is fixed by 1.2.6...

CVE-2024-5213

In mintplex-labs/anything-llm versions up to and including 1.5.3, an issue was discovered where the password hash of a user is returned in the response after login POST /api/request-token and after account creations POST /api/admin/users/new. This exposure occurs because the entire User object,...

CVE-2024-21754

A use of password hash with insufficient computational effort vulnerability CWE-916 affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged...