Cross-Site Request Forgery (CSRF)

PAC4J is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to weak CSRF token validation relying on hash collisions in String.hashCode, which allows an attacker to forge requests with colliding tokens and perform unauthorized actions without the victim’s consent...

EUVD-2026-23421

PAC4J is vulnerable to Cross-Site Request Forgery CSRF. A malicious attacker can craft a specially designed website which, when visited by a user, will automatically submit a forged cross-site request with a token whose hash collides with the victim's legitimate CSRF token. Importantly, the...

CVE-2026-40458 Cross-Site Request Forgery in PAC4J

PAC4J is vulnerable to Cross-Site Request Forgery CSRF. A malicious attacker can craft a specially designed website which, when visited by a user, will automatically submit a forged cross-site request with a token whose hash collides with the victim's legitimate CSRF token. Importantly, the...

MAL-2025-185448 Malicious code in analyze-abstract-hash-code-iota (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94747fbea6244359c0e5f32c8af9461dfd765fc51d10bca1d94dd3e3f0cef6b8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in analyze-abstract-hash-code-iota (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94747fbea6244359c0e5f32c8af9461dfd765fc51d10bca1d94dd3e3f0cef6b8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-180440

Malicious code in analyze-abstract-hash-code-iota npm...

Malicious code in Be.Vlaaոderen.Bаsisregisters.Utilities.HashCodeCalculator (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Bе.Vlaaոderen.Bаsisregisters.Utilіties.HashCodeCalculator (NuGet)

--- -= Per source details. Do not edit below this line.=-...

GHSA-VR64-R9QJ-H27F Reading specially crafted serializable objects from an untrusted source may cause an infinite loop and denial of service

Any program on the JVM may read serialized objects via java.io.ObjectInputStream.readObject. Reading serialized objects from an untrusted source is inherently unsafe this affects any program running on any version of the JVM and is a prerequisite for this vulnerability. Clojure classes that...

Amazon Linux 2 : xstream (ALAS-2023-2007)

The version of xstream installed on the remote host is prior to 1.3.1-16. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2007 advisory. XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the...

Debian DSA-5315-1 : libxstream-java - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dsa-5315 advisory. XStream serializes Java objects to XML and back again. Versions prior to 1.4.15-3+deb11u2 may allow a remote attacker to terminate the application with a stack overflow...

[SECURITY] [DLA 3267-1] libxstream-java security update

Debian LTS Advisory DLA-3267-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany January 11, 2023 https://wiki.debian.org/LTS Package : libxstream-java Version : 1.4.11.1-1+deb10u4 CVE ID : CVE-2022-41966 Debian Bug : 1027754 XStream serializes Java objects to XML a...

XStream can cause Denial of Service via stack overflow

Impact The vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream. Patches XStream 1.4.20 handles the stack overflow and raises an InputManipulationException instead...

Improper access control

Access control vulnerability in Evoh NFT EvohClaimable contract with sha256 hash code fa2084d5abca91a62ed1d2f1cad3ec318e6a9a2d7f1510a00d898737b05f48ae allows remote attackers to execute fraudulent NFT transfers...

On the Insecurity of ES&S Voting Machines’ Hash Code

Andrew Appel and Susan Greenhalgh have a blog post on the insecurity of ES&Ss software authentication system: It turns out that ES&S has bugs in their hash-code checker: if the "reference hashcode" is completely missing, then itll say "yes, boss, everything is fine" instead of reporting an error...

Denial Of Service (DoS)

spray-json is vulnerable to denial of service. An attacker is able to create an object with colliding keys to cause high resource consumption when HashMap creates a map, resulting in a denial of service condition when parsing multiple JSON object fields with the same hash code...

CVE-2018-18854

Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service resource consumption because of Algorithmic Complexity during the parsing of many JSON object fields with keys that have the same hash code...

Leaked? - A Checking Tool For Hash Codes And Passwords Leaked

Leaked? is A Checking tool for Hash codes and Passwords leaked, use API from @webtobesocial. Leaked? can work in any OS if they have support Python 3 Features Check passwords leaked Check hash code leaked Exit About Author Install and Run in Linux sudo apt update && apt install python3 python3-pi...

CVE-2017-5378

CVE-2017-5378 involves hashed codes of JavaScript objects enabling pointer leaks and potential data leakage. The vulnerability affects Mozilla products as noted in connected sources: Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox

HashCodeCracker v1.2 Video Tutorials Available

HashCodeCracker v1.2 Video Tutorials Available Hash Code Cracker V 1.2 was Released last week by BreakTheSecurity. This software will crack the MD5, SHA1,NTLMWindows Password hash codes. No need to install. Supports All platformswindows XP/7,Linux,... How to Run Hash Code Cracker Jar using Comman...