CVE-2026-1582

The WP All Export plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.14 via the export download endpoint. This is due to a PHP type juggling vulnerability in the security token comparison which uses loose comparison == instead of strict...

EUVD-2020-25266

Malware in sbrugna...

EUVD-2024-33531

Malicious code in bioql PyPI...

EUVD-2022-43895

Malicious code in bioql PyPI...

EUVD-2025-6437

Malicious code in bioql PyPI...

CVE-2025-7789

A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/xxl/job/admin/controller/IndexController.java of the component Token Generation. The manipulation leads to password hash with...

CVE-2020-4001

The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. SD-WAN Orchestrator ships with default passwords for predefined accounts which may lead to to a Pass-the-Hash attack...

CVE-2025-2920

CVE-2025-2920 affects Netis WF-2404 (firmware 1.1.124EN). The issue involves processing of the file /etc/passwd leading to use of a weak hash. Impact is described as low confidentiality impact with local, physical access required; attack complexity is high and exploitation is difficult. Public di...

CVE-2025-27594

The device uses an unencrypted, proprietary protocol for communication. Through this protocol, configuration data is transmitted and device authentication is performed. An attacker can thereby intercept the authentication hash and use it to log into the device using a pass-the-hash attack...

CVE-2025-27594

The device uses an unencrypted, proprietary protocol for communication. Through this protocol, configuration data is transmitted and device authentication is performed. An attacker can thereby intercept the authentication hash and use it to log into the device using a pass-the-hash attack...

CVE-2025-27594

The CVE-2025-27594 entry concerns the SICK DL100-2xxxxxxx series where a proprietary protocol transmits configuration data and authenticates devices without encryption. The underlying issue is the unencrypted protocol, which can allow an attacker to intercept the authentication hash and perform a...

CVE-2025-27594 Unencrypted transmission of password hash

The device uses an unencrypted, proprietary protocol for communication. Through this protocol, configuration data is transmitted and device authentication is performed. An attacker can thereby intercept the authentication hash and use it to log into the device using a pass-the-hash attack...

PT-2025-7548 · Picoquic · Picoquic

Name of the Vulnerable Software and Affected Versions: picoquic versions before b80fd3f Description: The hash table used to manage connections in picoquic uses a weak hash function, allowing remote attackers to cause a considerable CPU load on the server by initiating connections with colliding...

CVE-2024-12012

A CWE-598 “Use of GET Request Method with Sensitive Query Strings” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. Both the SHA-1 hash of the password as well as the session tokens are included as part of the URL and therefore exposed to information leakage...

CVE-2024-12012

A CWE-598 “Use of GET Request Method with Sensitive Query Strings” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. Both the SHA-1 hash of the password as well as the session tokens are included as part of the URL and therefore exposed to information leakage...

CVE-2024-12012

CVE-2024-12012 affects Nozomi Networks TCP/IP Gateway (firmware 12h). The flaw stems from CWE-598: GET requests carrying sensitive query strings leak the SHA-1 password hash and session tokens via the URL, enabling information leakage and potential bypass of authentication (pass-the-hash). Affect...

‘RockYou2024’: Nearly 10 billion passwords leaked online

On a popular hacking form, a user has leaked a file that contains 9,948,575,739 unique plaintext passwords. The list appears to be a compilation of passwords that were obtained during several old and more recent data breaches. The list is referred to as RockYou2024 because of its filename,...

SUSE-SU-2024:0311-1 Security update for slurm_22_05

This update for slurm2205 fixes the following issues: Update to slurm 22.05.11: Security fixes: - CVE-2023-49933: Prevent message extension attacks that could bypass the message hash. bsc1218046 - CVE-2023-49936: Prevent NULL pointer dereference on sizevalp overflow. bsc1218050 - CVE-2023-49937:...

WAVLINK WN531G3 安全漏洞

The WAVLINK WN531G3 is a wireless router from China-based RuiYin Technology WAVLINK. A security vulnerability exists in the WAVLINK WN531G3 firmware version M31G3.V5030.200325 and earlier versions, which originates from communication over HTTP instead of HTTPS, and because the hashing mechanism...

PT-2022-25422 · Wavlink · Wavlink Quantum D4G

Name of the Vulnerable Software and Affected Versions: WAVLINK Quantum D4G WN531G3 versions M31G3.V5030.200325 and earlier Description: The issue arises because the WAVLINK Quantum D4G WN531G3 communicates over HTTP instead of HTTPS, and its hashing mechanism does not rely on a server-supplied ke...