701 matches found
CVE-2025-14261 Lack of entropy allows registered low-privileged users of Litmus to crack valid JWT tokens and gain admin privileges
The Litmus platform uses JWT for authentication and authorization, but the secret being used for signing the JWT is only 6 bytes long at its core, which makes it extremely easy to crack...
CVE-2025-14261
CVE-2025-14261 affects the Litmus platform where JWT signing uses a 6-byte secret. The root cause is extremely low entropy in the signing key, enabling brute-force access to valid tokens and potential elevation of privileges (e.g., registered users gaining admin capabilities) as described across ...
PT-2025-49153
Name of the Vulnerable Software and Affected Versions Silicon Labs Simplicity Device Manager affected versions not specified Description The web interface of the Silicon Labs Simplicity Device Manager, when exposed publicly, allows an attacker to extract the NTLMv2 hash. This hash can then be use...
’Tis the Season to Be Cyber-Wary: How Thales Protects Against Account Takeover During Peak Shopping Season
The holiday shopping season is the busiest time of year for online retailers, and increasingly the most dangerous. As traffic surges and customers rush to place orders, cybercriminals use the distraction and volume to blend in. Account Takeover ATO attacks spike sharply in November and December,...
GHSA-GQ3G-666W-7H85 Grav Exposes Password Hashes Leading to privilege escalation
Exposure of Password Hashes Leading to privilege escalation Severity Rating: Medium Vector: Privilege Escalation CVE: XXX CWE: 200 - Exposure of Sensitive Information CVSS Score: 6.2 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L Analysis It was observed that if a users is given read...
Nagios XI 安全漏洞
Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 2024R1.1.3 that stems from the disclosure o...
CVE-2025-62618
ELOG allows an authenticated user to upload arbitrary HTML files. The HTML content is executed in the context of other users when they open the file. Because ELOG includes usernames and password hashes in certain HTTP requests, an attacker can obtain the target's credentials and replay them or...
CVE-2025-62618 ELOG file upload stored XSS
ELOG allows an authenticated user to upload arbitrary HTML files. The HTML content is executed in the context of other users when they open the file. Because ELOG includes usernames and password hashes in certain HTTP requests, an attacker can obtain the target's credentials and replay them or...
WordPressCVEExploitProject
CVE Session 1 How to Run exploit 1. Build the docker...
Microweber CMS 安全漏洞
Microweber CMS is a drag-and-drop website builder from Microweber Open Source. A security vulnerability exists in version 2.0 of Microweber CMS, which stems from lax password requirements and could lead to account cracking...
Exploit for SQL Injection in Cmsmadesimple Cms_Made_Simple
CMS Made Simple ⚠️ Disclaimer: This script is for edu...
When Intelligence Fails: An Empirical Study on Why LLMs Struggle with Password Cracking
The remarkable capabilities of Large Language Models LLMs in natural language understanding and generation have sparked interest in their potential for cybersecurity applications, including password guessing. In this study, we conduct an empirical investigation into the efficacy of pre-trained LL...
The Silent Threat in Active Directory: How AS-REP Roasting Steals Passwords Without a Trace and Trellix NDR’s Rapid Detection
The Silent Threat in Active Directory: How AS-REP Roasting Steals Passwords Without a Trace and Trellix NDR’s Rapid Detection By Maulik Maheta · October 15, 2025 Executive summary Adversaries use AS-REP Roasting to extract and crack password hashes from Active Directory AD accounts with Kerberos...
EUVD-2019-11480
Malware in sbrugna...
EUVD-2020-6625
Malware in sbrugna...
EUVD-2017-14645
Malware in sbrugna...
EUVD-2002-0697
Malware in sbrugna...
EUVD-2014-9498
Malware in sbrugna...
EUVD-2018-20632
Malware in sbrugna...
EUVD-2020-20730
Malware in sbrugna...