CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 7 hours ago•5 views

CVE-2026-56272

Flowise before 3.0.13 uses bcrypt with default salt rounds of 5 (32 iterations), yielding a higher risk of password hash cracking. The vulnerability allows attackers to crack hashes faster on modern GPUs, potentially compromising all user accounts in a database breach. Affected component is the b...

5.6CVSS5.8AI score

RedHat Linux•added 2026/06/16 12:18 p.m.•6 views

postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

6.5CVSS5.5AI score0.00238EPSS

Exploits0References5

OSV•added 2026/06/15 5:24 p.m.•4 views

GHSA-39PV-4J6C-2G6V @angular/common: Weak 32-Bit Cache Key Hashing in `HttpTransferCache` Leading to Cross-Request Data Leakage and State Poisoning

Angular's HttpTransferCache caches HTTP requests made during Server-Side Rendering SSR so that they can be reused during client-side hydration. This avoids repeating the same HTTP requests on the client. The cached responses are stored in TransferState using a cache key generated by hashing reque...

8.8CVSS5.3AI score0.00142EPSS

Exploits0References4

Vulnrichment•added 2026/06/12 2:57 p.m.•8 views

CVE-2026-9641 Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations

Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be used for legacy systems. These versions default to using 1000 iterations. Depending on the chosen algorithm, 220,000 to 1,400,000...

5.3AI score0.00226EPSS

CVE•added 2026/06/10 2:35 p.m.•18 views

CVE-2026-48859

The CVE affects Erlang/OTP’s SSH server (ssh_auth and ssh_options) in OTP prior to 29.0.2 (SSH 6.0.x before 6.0.1). When the daemon uses user_passwords or password options, ssh_auth:check_password/3 performs PBKDF2-SHA256 with 600,000 iterations (~300 ms) for valid usernames, but returns in ~0 ms...

6.3CVSS5.5AI score0.00354EPSS

Exploits0References5Affected Software2

CNNVD•added 2026/06/10 12:0 a.m.•10 views

Erlang/OTP 安全漏洞

Erlang/OTP is an open-source JavaScript library for handling exceptions, developed by Erlang/OTP. This library can catch exceptions caused by Node.js’s built-in APIs. Erlang/OTP ssh versions prior to 6.0.0 had a security vulnerability. This vulnerability stemmed from the sshauth module’s use of...

6.3CVSS5.4AI score0.00354EPSS

RedhatCVE•added 2026/06/09 8:59 p.m.•11 views

CVE-2026-48488

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4, attachment passwords are hashed using SHA-1, a cryptographically broken algorithm. SHA-1 has been vulnerable to collision attacks since 2017 SHAttered. Version 4.1.4 fixes the issue...

6.9CVSS5.3AI score0.00182EPSS

NVD•added 2026/06/09 2:16 p.m.•12 views

CVE-2026-11790

A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce an upper bound on the iteration count extracted from stored password hashes. A privileged attacker who can modify a user's password hash can cause excessive CPU consumption during authentication,...

4.9CVSS0.00345EPSS

Vulnrichment•added 2026/06/09 1:9 p.m.•7 views

CVE-2026-11790 389-ds-base: 389-ds-base: pbkdf2 password storage plugin unbounded iteration count denial of service

4.9CVSS5.4AI score0.00345EPSS

EUVD•added 2026/06/09 1:9 p.m.•9 views

EUVD-2026-35422

4.9CVSS5.4AI score0.00345EPSS

Debian CVE•added 2026/06/09 1:9 p.m.•6 views

CVE-2026-11790

4.9CVSS5.4AI score0.00345EPSS

Exploits0

NVD•added 2026/06/09 10:16 a.m.•15 views

CVE-2026-46749

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The affected application uses a password hashing implementation with a static, hardcoded salt shared across all users and installations, and is configured with an insufficient number of iterations. This could allow a...

9.8CVSS0.00121EPSS

CVE•added 2026/06/09 8:47 a.m.•18 views

CVE-2026-46749

Summary: CVE-2026-46749 affects SINEC INS (versions older than 1.0 SP2 Update 6). The password hashing uses a static, hardcoded salt shared across users/installations and too few iterations, enabling feasible brute-force or precomputed attacks to recover passwords and potentially gain unauthorize...

9.8CVSS5.3AI score0.00121EPSS

Exploits0References1Affected Software1

EUVD•added 2026/06/09 8:47 a.m.•10 views

EUVD-2026-35386

7.5CVSS5.3AI score0.00121EPSS

Vulnrichment•added 2026/06/09 8:47 a.m.•9 views

CVE-2026-46749

7.5CVSS5.3AI score0.00121EPSS

GithubExploit•added 2026/06/09 3:41 a.m.•47 views

secure-banking-app

secure-banking-app...

5.6AI score

Exploits0

CNNVD•added 2026/06/09 12:0 a.m.•7 views

389 Directory Server 数字错误漏洞

389 Directory Server is an open-source implementation of a highly available, fully functional, reliable, and secure LDAP server. 389 Directory Server has a numerical error vulnerability, which stems from the SMD5 password storage plugin executing an unsigned integer underflow when calculating...

6.5CVSS5.5AI score0.00335EPSS

Positive Technologies•added 2026/06/09 12:0 a.m.•10 views

PT-2026-47735

7.5CVSS5.3AI score0.00121EPSS

CNNVD•added 2026/06/09 12:0 a.m.•9 views

Siemens SINEC INS 安全漏洞

Siemens SINEC INS is a software developed by Siemens, a German company, that provides central services for network infrastructure. Versions of Siemens SINEC INS prior to SINEC INS V1.0 SP2 Update 6 contained security vulnerabilities. These vulnerabilities stemmed from the use of static, hard-code...

9.8CVSS5.4AI score0.00121EPSS