CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

202 matches found

Cvelist•added 2026/05/27 3:24 p.m.•29 views

CVE-2026-45027 WeGIA: Use of Weak Password Hashing Algorithm (SHA-256, no salt) in html/login.php

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash function with the SHA-256 algorithm and no salt before comparing it to the stored value. The password change flow in...

5.9CVSS0.00017EPSS

Exploits0References1

ATTACKERKB•added 2026/05/12 9:57 a.m.•2 views

CVE-2026-8072

Insecure generation of credentials in the local SAT Technical Support access functionality of the Ingecon Sun EMS Board. The vulnerability arose because the secret access credentials were not based on a secure cryptographic scheme, but rather on a weak hashing algorithm, which could allow an...

9.2CVSS5.8AI score0.00023EPSS

Exploits0References3

EUVD•added 2026/03/31 12:31 p.m.•2 views

EUVD-2025-209143

Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key. Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a single call to the built-in rand function, which is unsuitable for cryptographic use. This key is...

9.1CVSS5.9AI score0.00054EPSS

Exploits0References3

OSV•added 2026/03/20 5:50 a.m.•0 views

CVE-2026-33041 AVideo has an Unauthenticated Password Hash Oracle via encryptPass.json.php

WWBN AVideo is an open source video platform. In versions 25.0 and below, /objects/encryptPass.json.php exposes the application's password hashing algorithm to any unauthenticated user. An attacker can submit arbitrary passwords and receive their hashed equivalents, enabling offline password...

5.3CVSS6AI score0.00028EPSS

Exploits1References4

CNNVD•added 2026/03/20 12:0 a.m.•3 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo 25.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the default administrator password being a weak one, along with the use of MD5 hashing, which...

8.1CVSS5.8AI score0.00192EPSS

Exploits1References2

OSV•added 2026/03/17 7:48 p.m.•1 views

GHSA-PX7X-GQ96-RMP5 AVideo has an Unauthenticated Password Hash Oracle via encryptPass.json.php

Summary /objects/encryptPass.json.php exposes the application's password hashing algorithm to any unauthenticated user. An attacker can submit arbitrary passwords and receive their hashed equivalents, enabling offline password cracking against leaked database hashes. Details File:...

5.3CVSS6AI score0.00028EPSS

Exploits1References4

Github Security Blog•added 2026/03/17 7:48 p.m.•2 views

AVideo has an Unauthenticated Password Hash Oracle via encryptPass.json.php

5.3CVSS5.9AI score0.00028EPSS

Exploits1References4Affected Software1

RedhatCVE•added 2026/01/09 11:37 a.m.•5 views

CVE-2003-1480

MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods...

4.3CVSS7AI score0.27021EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 11:27 a.m.•6 views

CVE-2021-33003

Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm...

5.5CVSS6.8AI score0.00028EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:37 a.m.•4 views

CVE-2024-34914

php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a weak hashing algorithm for its rememberkey value. This allows attackers to bruteforce to bruteforce the rememberkey value to gain access to accounts that have checked "remember me" when logging in...

5.3CVSS7.2AI score0.00076EPSS

Exploits0References1

Cvelist•added 2026/01/09 12:0 a.m.•18 views

CVE-2025-67279

An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via the application stores password hashes in MD5 format...

0.0002EPSS

Exploits0References2

Veeam•added 2026/01/08 12:0 a.m.•11 views

Content-MD5 HTTP header is required for Put Object requests with Object Lock parameters

Challenge Jobs targeting an S3-Compatible repository fail with either of the following errors: Error: S3 error: Content-MD5 HTTP header is required for Put Object requests with Object Lock parameters Code: InvalidRequest Agent failed to process method S3 error: Checksum Type mismatch occurred,...

6.6AI score

Exploits0Affected Software1

RedhatCVE•added 2025/12/11 5:3 a.m.•1 views

CVE-2025-65831

The application uses an insecure hashing algorithm MD5 to hash passwords. If an attacker obtained a copy of these hashes, either through exploiting cloud services, performing TLS downgrade attacks on the traffic from a mobile device, or through another means, they may be able to crack the hash in...

7.5CVSS6.9AI score0.00025EPSS

Exploits0References1

OSV•added 2025/12/10 9:16 p.m.•1 views

CVE-2025-65831

7.5CVSS5.8AI score0.00025EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-3049

Malware in sbrugna...

7.8CVSS7.6AI score0.00015EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•2 views