Exploit for Embedded Malicious Code in Aquasec Setup-Trivy

CVE-2026-33634-Scanner !License: MIThttps://img.shields.i...

EUVD-2011-0069

Malware in sbrugna...

EUVD-2025-22919

Malicious code in bioql PyPI...

security-guide-for-developers

This is a security guide for web developers, covering various security topics such as authentication, authorization, data validation, and encryption. The guide is divided into several sections, including a security checklist, authentication and authorization, data validation and sanitation, and...

CVE-2025-54535

In JetBrains TeamCity before 2025.07 password reset and email verification tokens were using weak hashing algorithms...

CVE-2025-54535

CVE-2025-54535 affects JetBrains TeamCity versions prior to 2025.07, where password reset and email verification tokens were secured with weak hashing algorithms. The available documents describe the affected component and the root cause (weak hash usage for tokens) but do not provide explicit ex...

CVE-2025-54535

In JetBrains TeamCity before 2025.07 password reset and email verification tokens were using weak hashing algorithms...

CVE-2023-50475

An issue was discovered in bcoin-org bcoin version 2.2.0, allows remote attackers to obtain sensitive information via weak hashing algorithms in the component \vendor\faye-websocket.js...

CVE-2019-25030

In Versa Director, Versa Analytics and VOS, Passwords are not hashed using an adaptive cryptographic hash function or key derivation function prior to storage. Popular hashing algorithms based on the Merkle-Damgardconstruction such as MD5 and SHA-1 alone are insufficient in thwarting password...

Botan C++ Crypto Algorithms Library 3.8.0

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS 10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to...

Information Disclosure

gvisor.dev/gvisor is vulnerable to Information Disclosure. The vulnerability is due to weak hashing algorithms and small seed/secret sizes, allowing remote attackers to calculate a local IP address and per-boot identifier that could aid in tracking a device in specific situations...

How Long Does It Take Hackers to Crack Modern Hashing Algorithms?

While passwords remain the first line of defense for protecting user accounts against unauthorized access, the methods for creating strong passwords and protecting them are continually evolving. For example, NIST password recommendations are now prioritizing password length over complexity...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to improper handling of attacker-controlled checksum lengths s2length in the code. An anonymous client can leverage this overflow, together with the stack memory exposure described in CVE-2024-12085 to...

Best Practices for Cisco Device Configuration

In recent incidents, CISA has seen malicious cyber actors acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature. CISA recommends organizations disable Smart Install and review NSA’s Smart Install Protoco...

bsock uses weak hashing algorithms

An issue was discovered in the bsock component of bcoin-org bcoin that allows remote attackers to obtain sensitive information via weak hashing algorithms in the component \vendor\faye-websocket.js...

Information disclosure

An issue was discovered in bcoin-org bcoin version 2.2.0, allows remote attackers to obtain sensitive information via weak hashing algorithms in the component \vendor\faye-websocket.js...

CVE-2023-50475

CVE-2023-50475 affects bcoin-org/bcoin v2.2.0 in the bsock component, via the vendor\faye-websocket.js allowing remote attackers to disclose sensitive information by using weak hashing algorithms (e.g., MD5/SHA1). The Red Hat/Veracode/OSV reports corroborate a weakness in the websocket hashing us...

OpenSSL RSA Component Remote Code Execution Vulnerability

OpenSSL is an open source Openssl team's general-purpose cryptographic library capable of implementing Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. The product supports multiple encryption algorithms, including symmetric ciphers, hashing algorithms, secure hashing...

OpenSSL Denial of Service Vulnerability (CNVD-2022-37792)

OpenSSL is an open source general-purpose cryptographic library from the Openssl team that implements the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. The product supports multiple cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure hashi...

OpenSSL Trust Management Issue Vulnerability

OpenSSL is an open source Openssl team's general-purpose cryptographic library capable of implementing Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. The product supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...