111 matches found
CVE-2026-54780
CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, the CoreWCF WS-Security 1.0 receive pipeline validates ds:SignedInfo SignatureMethod against the configured SecurityAlgorithmSuite but does not validate each ds:Reference...
CVE-2026-54780
CoreWCF WS-Security 1.0 receive pipeline does not validate ds:Reference DigestMethod while validating ds:SignedInfo SignatureMethod, allowing a rejection of digest algorithms (e.g., SHA-1) to be bypassed in affected versions. Affected components include CoreWCF and CoreWCF.Primitives; fixed in Co...
Linux Distros Unpatched Vulnerability : CVE-2026-6412
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing. CVE-2026-6412 Note that Nessus...
CVE-2026-39031
Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key array to encrypt credentials. An 8-character prefix is stored in cleartext alongside the ciphertext. This allows an attacker with local access to recover any encrypted password to plaintext using a...
DEBIAN-CVE-2026-6412
Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing...
CVE-2026-6412
Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing...
CVE-2026-6412
Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing...
CVE-2026-6412 Continued acceptance of SHA-1/MD5 digests in certificate processing
Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing...
CVE-2026-6412
Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing...
PT-2026-52584
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description There are certificate policy and RFC 8446 compliance concerns due to the continued acceptance of SHA-1 and MD5 hashing algorithms during certificate processing...
PT-2026-51481
Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter. When no state generator is specified in the constructor, the module defaults to using a SHA-1 hash of predictable and low-entropy sources, including the epoch time which is leaked via t...
SUSE-SU-2026:22192-1 Security update for python-paramiko
This update for python-paramiko fixes the following issue - CVE-2026-44405: data integrity compromise due to allowed SHA-1 algorithm use bsc1264225...
PT-2026-50778
Name of the Vulnerable Software and Affected Versions Mojolicious::Sessions::Storable versions prior to 0.06 Description The software generates session IDs insecurely. The default session ID generator utilizes a SHA-1 hash seeded with the built-in rand function, the epoch time, the heap address o...
CVE-2026-48488
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4, attachment passwords are hashed using SHA-1, a cryptographically broken algorithm. SHA-1 has been vulnerable to collision attacks since 2017 SHAttered. Version 4.1.4 fixes the issue...
CVE-2026-48488
CVE-2026-48488 affects phpMyFAQ prior to version 4.1.4, where attachment passwords are hashed using SHA-1, a broken algorithm. The issue is resolved in 4.1.4. The CVSS base score is 6.9 (Medium); attack vector NETWORK, no user interaction needed, and impact is limited to confidentiality. If explo...
CVE-2026-48488 phpMyFAQ has Weak Cryptography - SHA1 for Password Hashing
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4, attachment passwords are hashed using SHA-1, a cryptographically broken algorithm. SHA-1 has been vulnerable to collision attacks since 2017 SHAttered. Version 4.1.4 fixes the issue...
CVE-2026-48488
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4, attachment passwords are hashed using SHA-1, a cryptographically broken algorithm. SHA-1 has been vulnerable to collision attacks since 2017 SHAttered. Version 4.1.4 fixes the issue...
CVE-2026-48488 phpMyFAQ has Weak Cryptography - SHA1 for Password Hashing
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4, attachment passwords are hashed using SHA-1, a cryptographically broken algorithm. SHA-1 has been vulnerable to collision attacks since 2017 SHAttered. Version 4.1.4 fixes the issue...
CVE-2026-34527
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, SbieIniServer::HashPassword converts a SHA-1 digest to hexadecimal incorrectly. The high nibble of each byte is shifted right by 8 instead of 4, which always produces zero for an 8-bit...
CVE-2026-8889 CVE-2026-8889
Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matching 25,020 hashes and CIPA blocklist matching 12,352 hashes...