BIT-MLFLOW-2026-10803 MLflow Dataset Digest Computation digest_utils.py mlflow.data.digest_utils weak hash

A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digestutils of the file mlflow/data/digestutils.py of the component Dataset Digest Computation. This manipulation causes use of weak hash. It is possible to launch the attack on the local host. The attack is...

EUVD-2026-34246

A vulnerability has been found in Streamlit up to 1.53.0. Impacted is an unknown function in the library lib/streamlit/runtime/caching/hashing.py of the component Palette Handler. Such manipulation leads to use of weak hash. Local access is required to approach this attack. The attack requires a...

PT-2026-36951

Name of the Vulnerable Software and Affected Versions Subscribe To Comments Reloaded versions prior to 240120 Description The Subscribe To Comments Reloaded plugin for WordPress allows unauthenticated attackers to modify data without authorization. This is caused by a leaked secret key and the us...

CVE-2025-9317

The vulnerability, if exploited, could allow a miscreant with read access to Edge Project files or Edge Offline Cache files to reverse engineer Edge users' app-native or Active Directory passwords through computational brute-forcing of weak hashes...

CVE-2025-9317

The vulnerability, if exploited, could allow a miscreant with read access to Edge Project files or Edge Offline Cache files to reverse engineer Edge users' app-native or Active Directory passwords through computational brute-forcing of weak hashes...

CVE-2025-9317 AVEVA Edge Use of a Broken or Risky Cryptographic Algorithm

The vulnerability, if exploited, could allow a miscreant with read access to Edge Project files or Edge Offline Cache files to reverse engineer Edge users' app-native or Active Directory passwords through computational brute-forcing of weak hashes...

CVE-2025-9317

Summary: CVE-2025-9317 affects AVEVA Edge components used in AVEVA Edge, Edge Project files, and Edge Offline Cache, with later Red Hat/NVD references corroborating the same vulnerability. The underlying issue is the use of weak cryptographic hashes (MD5) to protect passwords, enabling a local at...

CVE-2025-9317 AVEVA Edge Use of a Broken or Risky Cryptographic Algorithm

The vulnerability, if exploited, could allow a miscreant with read access to Edge Project files or Edge Offline Cache files to reverse engineer Edge users' app-native or Active Directory passwords through computational brute-forcing of weak hashes...

PT-2025-47035

Name of the Vulnerable Software and Affected Versions Microsoft Edge affected versions not specified Description A security flaw exists in Edge Project files or Edge Offline Cache files. If an attacker gains read access to these files, they could reverse engineer user passwords—either app-native ...

EUVD-2025-33915

A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file /etc/shadow of the component Password Handler. Executing manipulation can lead to use of weak hash. The physical device can be targeted for the attack. The attack requires a...

EUVD-2020-2699

Malware in sbrugna...

CVE-2025-59354 Dragonfly has weak integrity checks for downloaded files

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the DragonFly2 uses a variety of hash functions, including the MD5 hash, for downloaded files. This allows attackers to replace files with malicious ones that have a colliding hash. This...

CyberGhostVPN 安全漏洞

CyberGhostVPN is a highly optimized VPN server from CyberGhostVPN Romania. CyberGhostVPN suffers from a security vulnerability that stems from the use of weak cryptographic hash algorithm SHA-1 signatures and the lack of high entropy ASLR, which could lead to a supply chain attack or elevation of...

CVE-2020-10244

JPaseto before 0.3.0 generates weak hashes when using v2.local tokens...

Information disclosure

JPaseto before 0.3.0 generates weak hashes when using v2.local tokens...

OpenJDK: MD5 allowed for jar verification (Security, 8171121)

It was discovered that the Security component of OpenJDK did not allow users to restrict the set of algorithms allowed for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm...

OpenJDK: missing algorithm restrictions for jar verification (Libraries, 8155973)

It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for JAR integrity verification. This flaw could allow an attacker to modify content of the JAR file that used weak signing key or hash algorithm...