SiYuan Affected by Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Diagram Rendering

SiYuan configures Mermaid.js with securityLevel: "loose" and htmlLabels: true. In this mode, tags with src attributes survive Mermaid's internal DOMPurify and land in SVG blocks. The SVG is injected via innerHTML with no secondary sanitization. When a victim opens a note containing a malicious...

CVE-2026-40107 SiYuan Affected by Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Diagram Rendering

SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configures Mermaid.js with securityLevel: "loose" and htmlLabels: true. In this mode, tags with src attributes survive Mermaid's internal DOMPurify and land in SVG blocks. The SVG is injected via innerHTML with no secondary...

CVE-2025-66413

Git for Windows is the Windows port of Git. Prior to 2.53.02, it is possible to obtain a user's NTLM hash by tricking them into cloning from a malicious server. Since NTLM hashing is weak, it is possible for the attacker to brute-force the user's account name and password. This vulnerability is...

EUVD-2021-21877

Malware in sbrugna...

EUVD-2019-7851

Malware in sbrugna...

EUVD-2006-3831

Malware in sbrugna...

EUVD-2023-55519

Malicious code in bioql PyPI...

CVE-2023-50786

Dradis through 4.16.0 allows referencing external images resources over HTTPS, instead of forcing the use of embedded uploaded images. This can be leveraged by an authorized author to attempt to steal the Net-NTLM hashes of other authors on a Windows domain network...

Replay Attack

Overview dradis-nessus is an add-on that allows you to upload and parse output produced from Tenable's Nessus Scanner into Dradis. Affected versions of this package are vulnerable to Replay Attack via the handling of external image resources over HTTPS. An attacker can obtain Net-NTLM hashes of...

PT-2025-28033 · Dradis · Dradis

Name of the Vulnerable Software and Affected Versions: Dradis versions through 4.16.0 Description: Dradis allows referencing external images over HTTPS instead of requiring the use of embedded images. This can be exploited by an authorized author to attempt to steal the Net-NTLM hashes of other...

CVE-2023-50786

Dradis through 4.16.0 allows referencing external images resources over HTTPS, instead of forcing the use of embedded uploaded images. This can be leveraged by an authorized author to attempt to steal the Net-NTLM hashes of other authors on a Windows domain network...

CVE-2023-50786

CVE-2023-50786 affects Dradis 4.16.0 and earlier, where references to external HTTPS images are allowed instead of forcing embedded images. This can enable an authorized author to attempt theft of Net-NTLM hashes from other authors on a Windows domain network. Remediation: upgrade to a version th...

CVE-2024-1244 Remote code execution and local privilege escalation due to UNC access and NetNTLMv2 hash theft

Improper input validation in the OSSEC HIDS agent for Windows prior to version 3.8.0 allows an attacker in with control over the OSSEC server or in possession of the agent's key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2...

CVE-2024-1243 Remote code execution and local privilege escalation in Wazuh Windows agent via NetNTLMv2 hash theft

Improper input validation in the Wazuh agent for Windows prior to version 4.8.0 allows an attacker with control over the Wazuh server or agent key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for...

SAP GuiXT Scripting Issues

Multiple vulnerabilities have been discovered in SAP GuiXT scripting, which could allow an attacker to perform remote code execution, steal NTLM hashes, conduct client-side request forgery attacks, and launch denial of service DoS attacks. These vulnerabilities arise from insecure design principl...

New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora

Two information disclosure flaws have been identified in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, according to the Qualys Threat Research Unit TRU. Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs...

CVE-2019-9565

Druide Antidote RX, HD, 8 before 8.05.2287, 9 before 9.5.3937 and 10 before 10.1.2147 allows remote attackers to steal NTLM hashes or perform SMB relay attacks upon a direct launch of the product, or upon an indirect launch via an integration such as Chrome, Firefox, Word, Outlook, etc. This occu...

CVE-2019-17497

Tracker PDF-XChange Editor before 8.0.330.0 has an NTLM SSO hash theft vulnerability using crafted FDF or XFDF files a related issue to CVE-2018-4993. For example, an NTLM hash is sent for a link to \\192.168.0.2\C$\file.pdf without user interaction...

CVE-2024-29851

Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service account...

PT-2024-7974

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the November 2024 security updates Description This is a spoofing issue in the New Technology LAN Manager NTLM protocol that allows attackers to steal NTLMv2 hashes with minimal user interaction. The...