EUVD-2026-34042

QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm vulnerability that allows attackers to compromise user credentials by exploiting the use of MD5 for password hashing in the Tools::encrypt function within classes/Tools.php, which concatenates a static cookie...

CVE-2026-25861

CVE-2026-25861 affects QloApps 1.7.0. The vulnerability is in the password hashing path: Tools::encrypt() in classes/Tools.php uses MD5 with a static cookie key, allowing offline brute-forcing of credentials. The risk is heightened by auto-generated 8-character guest-to-customer passwords in clas...

CVE-2026-25861

QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm vulnerability that allows attackers to compromise user credentials by exploiting the use of MD5 for password hashing in the Tools::encrypt function within classes/Tools.php, which concatenates a static cookie...

Microchip IStaX 安全漏洞

Microchip IStaX is a Ethernet switch software development platform developed by Microchip Corporation in the United States. Versions of Microchip IStaX prior to version 2026.03 contained security vulnerabilities. These vulnerabilities were caused by the exposure of the cookie key for shared...

EUVD-2022-4423

Malicious code in bioql PyPI...

IBM Cognos Controller和IBM Controller 安全漏洞

IBM Cognos Controller is an enterprise financial consolidation and reporting software from IBM. A security vulnerability exists in IBM Cognos Controller versions 11.0.0 through 11.0.1 and IBM Controller versions 11.1.0 through 11.1.1, which stems from the use of a hard-coded encryption key to sig...

October CMS 安全漏洞

October CMS is an open source content management system CMS based on PHP and the Laravel web application framework. October CMS has a security vulnerability that can be exploited by an attacker to bypass authentication and user account takeover on the server via a crafted request. An attacker mus...

Learnsite Remote Elevation of Privilege Vulnerability

Learnsite is an information technology classroom learning platform. A remote elevation of privilege vulnerability exists in the JudgIsAdmin function in /Manager/index.aspx in Learnsite version 1.2.5.0. An attacker can exploit this vulnerability by modifying the first letter of the user cookie key...

CVE-2021-27522

Learnsite 1.2.5.0 contains a remote privilege escalation vulnerability in /Manager/index.aspx through the JudgIsAdmin function. By modifying the initial letter of the key of a user cookie, the key of the administrator cookie can be obtained...

web2py Information Disclosure Vulnerability

web2py is a set of open source Web framework written in Python , it supports the rapid development of database-driven Web-based applications . A security vulnerability exists in web2py versions prior to 2.14.2. A remote attacker can exploit this vulnerability by sending a direct request to...

CVE-2016-0883

Pivotal Cloud Foundry PCF Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key from another installation...