282 matches found
CVE-2025-68402 FreshRSS has an authentication bypass due to truncated bcrypt hash [edge branch]
FreshRSS is a free, self-hostable RSS aggregator. From 57e1a37 - 00f2f04, the lengths of the nonce was changed from 40 chars to 64. passwordverify is currently being called with a constructed string SHA-256 nonce + part of a bcrypt hash instead of the raw user password. Due to bcrypt’s 72-byte...
PT-2026-24102
Name of the Vulnerable Software and Affected Versions FreshRSS versions prior to 1.27.2-dev Description FreshRSS, a self-hostable RSS aggregator, contains a flaw related to password verification. A change in the length of the nonce, from 40 to 64 characters between commits 57e1a37 and 00f2f04,...
CVE-2026-30847
Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the notificationUsers publication in Wekan publishes user documents with no field filtering, causing the ReactiveCache.getUsers call to return all fields including highly sensitive data such as bcrypt password...
Use of Password Hash With Insufficient Computational Effort
Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Use of Password Hash With Insufficient Computational Effort due to the use of insufficient bcrypt salt rounds in the getHash function. An attacker can significantly reduce the time required to crack passwor...
GHSA-X2G5-FVC2-GQVP Flowise has Insufficient Password Salt Rounds
Description The default bcrypt salt rounds is set to 5, which is below the recommended minimum for security. Affected Code export function getHashvalue: string const salt = bcrypt.genSaltSyncparseIntprocess.env.PASSWORDSALTHASHROUNDS || '5' return bcrypt.hashSyncvalue, salt Evidence Using 5 salt...
Vendure vulnerable to timing attack that enables user enumeration in NativeAuthenticationStrategy
Summary The NativeAuthenticationStrategy.authenticate method is vulnerable to a timing attack that allows attackers to enumerate valid usernames email addresses. Details In packages/core/src/config/auth/native-authentication-strategy.ts, the authenticate method returns immediately if a user is no...
GHSA-6F65-4FV2-WWCH Vendure vulnerable to timing attack that enables user enumeration in NativeAuthenticationStrategy
Summary The NativeAuthenticationStrategy.authenticate method is vulnerable to a timing attack that allows attackers to enumerate valid usernames email addresses. Details In packages/core/src/config/auth/native-authentication-strategy.ts, the authenticate method returns immediately if a user is no...
CVE-2026-25050 Vendure vulnerable to timing attack that enables user enumeration in NativeAuthenticationStrategy
Vendure is an open-source headless commerce platform. Prior to version 3.5.3, the NativeAuthenticationStrategy.authenticate method is vulnerable to a timing attack that allows attackers to enumerate valid usernames email addresses. In packages/core/src/config/auth/native-authentication-strategy.t...
CVE-2025-22234 Spring Security - BCrypt Password Encoder maximum password length breaks timing attack mitigation
The fix applied in CVE-2025-22228 inadvertently broke the timing attack mitigation implemented in DaoAuthenticationProvider. This can allow attackers to infer valid usernames or other authentication behavior via response-time differences under certain configurations...
CVE-2025-22234 Spring Security - BCrypt Password Encoder maximum password length breaks timing attack mitigation
The fix applied in CVE-2025-22228 inadvertently broke the timing attack mitigation implemented in DaoAuthenticationProvider. This can allow attackers to infer valid usernames or other authentication behavior via response-time differences under certain configurations...
File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login
Summary The JSONAuth.Auth function contains a logic flaw that allows unauthenticated attackers to enumerate valid usernames by measuring the response time of the /api/login endpoint. Details The vulnerability exists due to a "short-circuit" evaluation in the authentication logic. When a username ...
CVE-2026-23849
File Browser provides a file managing interface within a specified directory and can be used to upload, delete, preview, rename, and edit files. Prior to version 2.55.0, the JSONAuth. Auth function contains a logic flaw that allows unauthenticated attackers to enumerate valid usernames by measuri...
PT-2026-26246
Name of the Vulnerable Software and Affected Versions bcrypt-ruby versions prior to 3.1.22 Description The bcrypt-ruby gem, a Ruby binding for the OpenBSD bcrypt password hashing algorithm, contains a flaw in its Java BCrypt implementation for JRuby. Specifically, an integer overflow in the...
CVE-2025-66910
Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in the administrator authentication system. The BaseAdminService class caches administrator passwords in plaintext within AdminInfo objects to optimize authentication performance. Upon successful login,...
CVE-2025-66910
Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in the administrator authentication system. The BaseAdminService class caches administrator passwords in plaintext within AdminInfo objects to optimize authentication performance. Upon successful login,...
Grav Exposes Password Hashes Leading to privilege escalation
Exposure of Password Hashes Leading to privilege escalation Severity Rating: Medium Vector: Privilege Escalation CVE: XXX CWE: 200 - Exposure of Sensitive Information CVSS Score: 6.2 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L Analysis It was observed that if a users is given read...
PT-2025-48486
Incorrect Authorization vulnerability in Data Illusion Zumbrunn NGSurvey allows any logged-in user to obtain the private information of any other user. Critical information retrieved: APIKEY 1 year user Session RefreshToken 10 minutes user Session Password hashed with bcrypt User IP Email Full Na...
Malicious code in bcrypt-js-edge (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bca5605febed4ebf8f03746e572ca1fb05186ff2714f0f1c34842fc4858f9fa7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview bcrypt-js-edge is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
EUVD-2025-35142
Malicious code in bcrypt-js-edge npm...