CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

57 matches found

RedhatCVE•added 2026/03/06 7:45 p.m.•4 views

CVE-2026-30789

Authentication Bypass by Capture-replay, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Client login, peer authentication modules allows Reusing Session IDs aka Session Replay. Thi...

9.8CVSS5.8AI score0.00377EPSS

Exploits1References1

EUVD•added 2026/03/05 6:31 p.m.•5 views

EUVD-2026-9833

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution', Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk, hbbcommon on Windows, MacOS, Linux Password security module, config encryption, machine U...

8.2CVSS6AI score0.00083EPSS

Exploits1References3

NVD•added 2026/03/05 4:16 p.m.•8 views

CVE-2026-30790

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

0.00225EPSS

Exploits0

ATTACKERKB•added 2026/03/05 3:49 p.m.•5 views

CVE-2026-30790

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

9.8CVSS5.7AI score0.00225EPSS

Exploits0References4

CVE•added 2026/03/05 3:41 p.m.•23 views

CVE-2026-30789

CVE-2026-30789 concerns the RustDesk Client (rustdesk-client) across Windows, macOS, Linux, iOS, and Android. It enables an authentication bypass via capture-replay and the use of a password hash with insufficient computational effort, by reusing Session IDs (session replay) in login and peer aut...

9.8CVSS5.9AI score0.00377EPSS

Exploits1References3Affected Software1

Positive Technologies•added 2026/03/05 12:0 a.m.•3 views

PT-2026-23466

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution', Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk, hbb common on Windows, MacOS, Linux Password security module, config encryption, machine...

8.2CVSS6AI score0.00083EPSS

Exploits1References3

CNNVD•added 2026/01/29 12:0 a.m.•4 views

N3uron Web User Interface security vulnerabilities

N3uron Web User Interface is a browser-based graphical management interface developed by the Spanish company N3uron. Version 1.21.7-240207.1047 of N3uron Web User Interface contains a security vulnerability. This vulnerability stems from the use of the MD5 algorithm for client password hashing,...

9.8CVSS5.8AI score0.00406EPSS

Exploits1References3

Veracode•added 2025/12/17 10:46 a.m.•6 views

Weak Password Hash Generation

xxl-job is vulnerable to a Weak Password Hash Generation vulnerability. The vulnerability is due to insufficient computational effort in the 'makeToken' function of 'IndexController.java', where an attacker can manipulate the token-generation logic to obtain and resulting remote compromise...

6.3CVSS7AI score0.0028EPSS

Exploits1References6Affected Software1

NVD•added 2025/12/16 8:15 p.m.•3 views

CVE-2025-13532

Insecure defaults in the Server Agent component of Fortra's Core Privileged Access Manager BoKS can result in the selection of weak password hash algorithms. This issue affects BoKS Server Agent 9.0 instances that support yescrypt and are running in a BoKS 8.1 domain...

6.2CVSS0.00085EPSS

Exploits0References1

CVE•added 2025/12/16 8:1 p.m.•10 views

CVE-2025-13532

This CVE concerns Fortra’s Core Privileged Access Manager (BoKS): BoKS Server Agent 9.0 with yescrypt support running in a BoKS 8.1 domain is affected by insecure defaults that can cause the use of weak password hash algorithms. The issue is described across multiple sources as an insecure defaul...

6.2CVSS6.7AI score0.00085EPSS

Exploits0References1

NVD•added 2025/11/07 9:15 a.m.•11 views

CVE-2025-46413

Use of password hash with insufficient computational effort issue exists in BUFFALO Wi-Fi router 'WSR-1800AX4 series'. When WPS is enabled, PIN code and/or Wi-Fi password may be obtained by an attacker...

5.3CVSS0.0011EPSS

Exploits0References2

Cvelist•added 2025/11/07 8:51 a.m.•10 views

CVE-2025-46413

5.3CVSS0.0011EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•7 views

EUVD-2015-1494

Malware in sbrugna...

2.1CVSS6.4AI score0.0037EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-18179

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00247EPSS

Exploits0References7

Vulnrichment•added 2025/07/18 3:14 p.m.•4 views

CVE-2025-7789 Xuxueli xxl-job Token Generation IndexController.java makeToken weak password hash

A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/xxl/job/admin/controller/IndexController.java of the component Token Generation. The manipulation leads to password hash with...

6.3CVSS7.2AI score0.0028EPSS

Exploits1References4

Cvelist•added 2025/07/18 3:14 p.m.•21 views

CVE-2025-7789 Xuxueli xxl-job Token Generation IndexController.java makeToken weak password hash

6.3CVSS0.0028EPSS

Exploits1References4

CVE•added 2025/07/18 3:14 p.m.•22 views

CVE-2025-7789

Summary of CVE-2025-7789 : The issue affects the xxl-job framework (versions up to 3.1.1). The vulnerable component is the makeToken function in IndexController.java (Token Generation). The root cause is password hashing with insufficient computational effort, enabling a remote attack; exploitati...

6.3CVSS4.4AI score0.0028EPSS

Exploits1References4Affected Software1

RedhatCVE•added 2025/06/14 2:24 p.m.•6 views

CVE-2025-49197

The application uses a weak password hash function, allowing an attacker to crack the weak password hash to gain access to an FTP user account...

6.5CVSS6.6AI score0.00247EPSS

Exploits0References1