284 matches found
CVE-2026-48488
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4, attachment passwords are hashed using SHA-1, a cryptographically broken algorithm. SHA-1 has been vulnerable to collision attacks since 2017 SHAttered. Version 4.1.4 fixes the issue...
CVE-2026-48488
CVE-2026-48488 affects phpMyFAQ prior to version 4.1.4, where attachment passwords are hashed using SHA-1, a broken algorithm. The issue is resolved in 4.1.4. The CVSS base score is 6.9 (Medium); attack vector NETWORK, no user interaction needed, and impact is limited to confidentiality. If explo...
PT-2026-46255
GNCC GP5 v7.1.76 was discovered to utilize a weak hashing algorithm to protect the root password, possibly allowing attackers to obtain root credentials and privileges via a bruteforce attack...
CVE-2026-8889
Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matching 25,020 hashes and CIPA blocklist matching 12,352 hashes...
Securly Chrome Extension 安全漏洞
Securly Chrome Extension is a web filtering and student online security management browser extension developed by the American company Securly, designed for educational scenarios. Version 3.0.7 of Securly Chrome Extension contains a security vulnerability. This vulnerability stems from the use of...
Securly Chrome Extension 安全漏洞
Securly Chrome Extension is a web filtering and student online security management browser extension developed by the American company Securly, designed for educational scenarios. Version 3.0.7 of Securly Chrome Extension contains a security vulnerability. This vulnerability stems from the use of...
SUSE CVE-2026-45937
In the Linux kernel, the following vulnerability has been resolved: crypto: inside-secure/eip93 - fix kernel panic in driver detach During driver detach, the same hash algorithm is unregistered multiple times due to a wrong iterator...
CVE-2026-45937
In the Linux kernel, the following vulnerability has been resolved: crypto: inside-secure/eip93 - fix kernel panic in driver detach During driver detach, the same hash algorithm is unregistered multiple times due to a wrong iterator...
CVE-2026-45937 crypto: inside-secure/eip93 - fix kernel panic in driver detach
In the Linux kernel, the following vulnerability has been resolved: crypto: inside-secure/eip93 - fix kernel panic in driver detach During driver detach, the same hash algorithm is unregistered multiple times due to a wrong iterator...
CVE-2026-9150 Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums
A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption a...
PT-2026-41793
Name of the Vulnerable Software and Affected Versions Sulu versions prior to 2.6.23 Sulu versions prior to 3.0.6 Description Sulu is an open-source PHP content management system based on the Symfony framework. The generation of API keys and password reset tokens utilizes a weak cryptographical ha...
CVE-2026-5081
A flaw was found in Apache::Session::Generate::ModUniqueId, a Perl module designed to generate session identifiers. This module uses the Apache moduniqueid plugin's UNIQUEID environment variable directly as a session ID. The UNIQUEID is constructed from easily guessable information, such as the...
SUSE CVE-2026-44405
In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm...
EUVD-2026-27514
In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm...
CVE-2026-44405
In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm...
CVE-2026-44405
In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm...
CVE-2026-44405
In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm...
CVE-2026-4409 Subscribe To Comments Reloaded <= 240119 - Improper Authorization to Unauthenticated Arbitrary Subscription Management
The Subscribe To Comments Reloaded plugin for WordPress is vulnerable to unauthorized modification of data due to a leaked secret key and usage of a weak hash generation algorithm in all versions up to, and including, 240119. This makes it possible for unauthenticated attackers to extract the...
CVE-2026-4409 Subscribe To Comments Reloaded <= 240119 - Improper Authorization to Unauthenticated Arbitrary Subscription Management
The Subscribe To Comments Reloaded plugin for WordPress is vulnerable to unauthorized modification of data due to a leaked secret key and usage of a weak hash generation algorithm in all versions up to, and including, 240119. This makes it possible for unauthenticated attackers to extract the...
PT-2026-37243
Name of the Vulnerable Software and Affected Versions Paramiko versions prior to 4.0.0 a448945 Description The rsakey.py file allows the use of the SHA-1 algorithm, which is a cryptographic hash function that is no longer considered secure against well-funded attackers. Recommendations Update to...