PT-2026-49575

Name of the Vulnerable Software and Affected Versions launch-editor versions prior to 2.14.1 Description The launch-editor NPM package allows the access of arbitrary paths, including Windows UNC Universal Naming Convention paths. On Windows systems, accessing a UNC path triggers an automatic NTLM...

SUSE CVE-2026-46033

In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject short ahash digests during instance creation authencesn requires either a zero authsize or an authsize of at least 4 bytes because the ESN encrypt/decrypt paths always move 4 bytes of high-order sequen...

CVE-2026-46033

In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject short ahash digests during instance creation authencesn requires either a zero authsize or an authsize of at least 4 bytes because the ESN encrypt/decrypt paths always move 4 bytes of high-order sequen...

📄 Windows Shell LNK Spoofing / NTLMv2 Hash Capture

A spoofing vulnerability in Windows Shell File Explorer allows an attacker to capture NTLMv2 hashes without user interaction. By crafting a malicious .lnk shortcut file with a UNC path pointing to an attacker-controlled SMB server, the target's Windows system automatically sends an NTLMv2...

EUVD-2026-21148

SiYuan Affected by Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Diagram Rendering...

CVE-2023-40235

An NTLM Hash Disclosure was discovered in ArchiMate Archi before 5.1.0. When parsing the XMLNS value of an ArchiMate project file, if the namespace does not match the expected ArchiMate URL, the parser will access the provided resource. If the provided resource is a UNC path pointing to a share...

CVE-2025-66625 Umbraco Vulnerable to Improper File Access and Credential Exposure through Dictionary Import Functionality

Umbraco is an ASP.NET CMS. Due to unsafe handling and deletion of temporary files in versions 10.0.0 through 13.12.0, during the dictionary upload process an attacker with access to the backoffice can trigger predictable requests to temporary file paths. The application’s error responses HTTP 500...

Umbraco Vulnerable to Improper File Access and Credential Exposure in Dictionary Import Functionality

Impact Due to unsafe handling and deletion of temporary files during the dictionary upload process, an attacker with access to the backoffice can trigger predictable requests to temporary file paths. The application’s error responses HTTP 500 when a file exists, 404 when it does not allow the...

PT-2025-41473

Name of the Vulnerable Software and Affected Versions Newforma Info Exchange NIX affected versions not specified Description Newforma Info Exchange NIX contains a flaw in the '/RemoteWeb/IntegrationServices.ashx' endpoint. An unauthenticated, remote attacker can exploit this to force NIX to...

PT-2025-41474

Name of the Vulnerable Software and Affected Versions Newforma Info Exchange NIX affected versions not specified Description Newforma Info Exchange NIX contains a flaw in the '/UserWeb/Common/MarkupServices.ashx' endpoint that allows a remote, unauthenticated attacker to force NIX to establish a...

EUVD-2020-7902

Malware in sbrugna...

Microsoft Windows 10.0.19045 - NTLMv2 Hash Disclosure

Exploit Title: Microsoft Windows 10.0.19045 - NTLMv2 Hash Disclosure Date: 13/08/2025 Exploit Author: Ruben Enkaoua Author link: https://x.com/RubenLabs, https://github.com/rubenformation Original Blog: https://cymulate.com/blog/zero-click-one-ntlm-microsoft-security-patch-bypass-cve-2025-50154/...

The vulnerability of the SCF file processing mechanism in Windows operating systems allows attackers to exploit the NTLM hash.

The vulnerability of the SCF-file processing mechanism in Windows operating systems is related to the lack of authentication for the critical function. Exploiting this vulnerability allows a remote attacker to reveal the NTLM hash when a user opens a folder containing a specially crafted SCF-file...

CVE-2025-27594

The device uses an unencrypted, proprietary protocol for communication. Through this protocol, configuration data is transmitted and device authentication is performed. An attacker can thereby intercept the authentication hash and use it to log into the device using a pass-the-hash attack...

CVE-2025-27594

The device uses an unencrypted, proprietary protocol for communication. Through this protocol, configuration data is transmitted and device authentication is performed. An attacker can thereby intercept the authentication hash and use it to log into the device using a pass-the-hash attack...

CVE-2025-27594

The CVE-2025-27594 entry concerns the SICK DL100-2xxxxxxx series where a proprietary protocol transmits configuration data and authenticates devices without encryption. The underlying issue is the unencrypted protocol, which can allow an attacker to intercept the authentication hash and perform a...

SICK DL100-2xxxxxxx 安全漏洞

The SICK DL100-2xxxxxxxxx is a series of sensors from SICK, Germany. A security vulnerability exists in the SICK DL100-2xxxxxxxxx that stems from communication using an unencrypted proprietary protocol that could result in an authentication hash being intercepted and used to log in to the device...

ALPINE-CVE-2024-38472

SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing configurations that access UNC paths will have to configure new...

Honeywell Alerton 安全漏洞

Honeywell Alerton is a solution from Honeywell USA. A security vulnerability exists in Honeywell Alerton BCM-WEB version 3.3.X. The vulnerability can be exploited by an attacker to capture an authentication hash and use it to create a new session. An attacker could exploit the vulnerability to...

PT-2023-23789 · Alerton · Alerton Acm

Name of the Vulnerable Software and Affected Versions: BCM-WEB version 3.3.X Description: An attacker can capture an authenticating hash and utilize it to create new sessions. The hash is also a poorly salted MD5 hash, which could result in a successful brute force password attack. Recommendation...