Lucene search
K

15 matches found

ATTACKERKB
ATTACKERKB
added 5 days ago3 views

CVE-2026-39031

Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key array to encrypt credentials. An 8-character prefix is stored in cleartext alongside the ciphertext. This allows an attacker with local access to recover any encrypted password to plaintext using a...

5.5CVSS5.8AI score0.00089EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/02 10:9 p.m.6 views

CVE-2026-25861 QloApps 1.7.0 Weak Password Hashing via MD5 in Tools.php

QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm vulnerability that allows attackers to compromise user credentials by exploiting the use of MD5 for password hashing in the Tools::encrypt function within classes/Tools.php, which concatenates a static cookie...

8.2CVSS5.8AI score0.00178EPSS
Exploits0References3
CVE
CVE
added 2026/06/02 10:9 p.m.26 views

CVE-2026-25861

CVE-2026-25861 affects QloApps 1.7.0. The vulnerability is in the password hashing path: Tools::encrypt() in classes/Tools.php uses MD5 with a static cookie key, allowing offline brute-forcing of credentials. The risk is heightened by auto-generated 8-character guest-to-customer passwords in clas...

8.2CVSS5.8AI score0.00178EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.6 views

QloApps 安全漏洞

QloApps is an open-source hotel management and reservation system developed by QloApps. Versions of QloApps 1.7.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the use of MD5 for password hashing in the Tools.php file. Weak encryption algorithms allowed...

8.2CVSS5.4AI score0.00178EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/14 12:8 a.m.2 views

CVE-2026-34256 Missing Authorization check in SAP ERP and SAP S/4 HANA (Private Cloud and On-Premise)

Due to a missing authorization check in SAP ERP and SAP S/4HANA Private Cloud and On-Premise, an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is subsequently executed...

7.1CVSS5.8AI score0.00221EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/14 12:8 a.m.7 views

EUVD-2026-22166

Due to a missing authorization check in SAP ERP and SAP S/4HANA Private Cloud and On-Premise, an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is subsequently executed...

7.1CVSS5.8AI score0.00221EPSS
Exploits0References2
CVE
CVE
added 2026/04/14 12:8 a.m.17 views

CVE-2026-34256

CVE-2026-34256 affects SAP ERP and SAP S/4HANA (Private Cloud and On-Premise). The issue arises from a missing authorization check that allows an authenticated actor with low privileges to run a specific ABAP report and overwrite an existing eight-character executable ABAP report without authoriz...

7.1CVSS5.8AI score0.00221EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.4 views

SAP ERP和SAP S/4HANA 安全漏洞

SAP ERP and SAP S/4HANA are both products of the German company SAP. SAP ERP is a suite of software used for ERP management. SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system. There are security vulnerabilities in SAP ERP and SAP S/4HANA...

7.1CVSS5.9AI score0.00221EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/06 12:31 a.m.18 views

CVE-2025-32898

The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore allows brute-force attacks. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 5...

4.7CVSS6.9AI score0.0013EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/05 12:0 a.m.5 views

EUVD-2025-201337

The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore allows brute-force attacks. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 5...

4.7CVSS6.4AI score0.0013EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/05 12:0 a.m.22 views

CVE-2025-32898

The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore allows brute-force attacks. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 5...

4.7CVSS0.0013EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/05 12:0 a.m.3 views

KDE Connect 安全特征问题漏洞

KDE Connect is a software from the KDE community that connects cell phones and computers. A Security Feature Issue vulnerability exists in versions of KDE Connect prior to 2025-04-18, which stems from a captcha protocol that uses only 8 characters, which could lead to brute-force breaking attacks...

4.7CVSS6.3AI score0.0013EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/10/29 12:0 a.m.4 views

PT-2022-24019 · Phpmyfaq · Phpmyfaq

Name of the Vulnerable Software and Affected Versions: phpMyFAQ versions prior to 3.1.8 Description: The issue concerns weak password requirements in the phpMyFAQ repository. Specifically, versions prior to 3.1.8 are affected due to inadequate password length requirements. Version 3.1.8 introduce...

9.8CVSS7.5AI score0.01139EPSS
Exploits1References8
OSV
OSV
added 2020/03/13 6:15 p.m.6 views

CVE-2019-13393

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase...

7.5CVSS7.1AI score0.01238EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2016/07/07 12:0 a.m.4 views

The vulnerability of the microprogramming software of the D–Link DSR–500 router allows a malicious individual to obtain the user password.

To store passwords, the DES encryption algorithm with a salt is used. This results in a password length limitation of 8 characters the remaining characters are discarded...

7.1CVSS5.5AI score
Exploits0References1Affected Software1
Rows per page
Query Builder