Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Cvelist
Cvelistadded 6 hours ago6 views

CVE-2026-56272 Flowise - Insufficient Password Salt Rounds in Bcrypt Hashing

Flowise before 3.0.13 uses bcrypt with default salt rounds of 5, providing only 32 iterations instead of the OWASP-recommended minimum of 10 rounds. Attackers can crack password hashes approximately 30 times faster with modern GPU hardware, potentially compromising all user accounts in a database...

5.6CVSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2026/01/30 7:35 p.m.7 views

Vendure vulnerable to timing attack that enables user enumeration in NativeAuthenticationStrategy

Summary The NativeAuthenticationStrategy.authenticate method is vulnerable to a timing attack that allows attackers to enumerate valid usernames email addresses. Details In packages/core/src/config/auth/native-authentication-strategy.ts, the authenticate method returns immediately if a user is no...

6.9CVSS5.9AI score0.00364EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blogadded 2026/01/21 1:2 a.m.11 views

File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login

Summary The JSONAuth.Auth function contains a logic flaw that allows unauthenticated attackers to enumerate valid usernames by measuring the response time of the /api/login endpoint. Details The vulnerability exists due to a "short-circuit" evaluation in the authentication logic. When a username ...

5.3CVSS6AI score0.00417EPSS
Exploits1References4Affected Software2
Redos
Redosadded 2024/08/06 12:0 a.m.20 views

ROS-20240806-13

Vulnerability in the implementation of the bcrypt hashing algorithm of the Prometheus system file export library Exporter Toolkit is related to authentication bypass during web.yml file processing. Exploitation of the vulnerability could allow an attacker to bypass security restrictions and gain...

8.8CVSS7.1AI score0.01166EPSS
Exploits1
UbuntuCve
UbuntuCveadded 2023/11/03 1:15 a.m.42 views

CVE-2017-7252

bcrypt password hashing in Botan before 2.1.0 does not correctly handle passwords with a length between 57 and 72 characters, which makes it easier for attackers to determine the cleartext password...

7.5CVSS7.1AI score0.00317EPSS
Exploits0References2
The Hacker News
The Hacker Newsadded 2019/09/03 3:31 p.m.107 views

XKCD Forum Hacked – Over 562,000 Users' Account Details Leaked

XKCD—one of the most popular webcomic platforms known for its geeky tech humor and other science-laden comic strips on romance, sarcasm, math, and language—has suffered a data breach exposing data of its forum users. The security breach occurred two months ago, according to security researcher Tr...

0.6AI score
Exploits0
ThreatPost
ThreatPostadded 2016/12/06 1:45 p.m.14 views

DailyMotion Hack Leaks Emails, Passwords of 87M Users

DailyMotion, a popular video sharing website, said Tuesday it recently suffered an “external security problem” resulting in the compromise of an unspecified number of its users’ data. LeakedSource.com, a repository of breached data, added DailyMotion to its list of “Hacked Sites” on Monday. The...

7.4AI score
Exploits0References9
Rows per page
Query Builder