CVE-2023-40173

Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Prior to version 1.0.5 Social media skeleton did not properly salt passwords leaving user passwords susceptible to cracking should an attacker gain access to hashed passwords...

EUVD-2023-33038

Malicious code in bioql PyPI...

EUVD-2022-0580

Malicious code in bioql PyPI...

EUVD-2025-16188

Malicious code in bioql PyPI...

CVE-2025-46660

An issue was discovered in 4C Strategies Exonaut 21.6. Passwords, stored in the database, are hashed without a salt...

GHSA-5HQ9-5R78-2GJH LlamaIndex vulnerable to data loss through hash collisions in its DocugamiReader class

A vulnerability in the DocugamiReader class of the run-llama/llamaindex repository, up to but excluding version 0.12.41, involves the use of MD5 hashing to generate IDs for document chunks. This approach leads to hash collisions when structurally distinct chunks contain identical text, resulting ...

PT-2025-29091 · Unknown · Llama Index

Name of the Vulnerable Software and Affected Versions: llama index versions up to 0.12.28 Description: A vulnerability exists in the DocugamiReader class of the llama index repository. The use of MD5 hashing to generate IDs for document chunks can lead to hash collisions when structurally distinc...

CVE-2025-46722 vLLM has a Weakness in MultiModalHasher Image Hashing Implementation

vLLM is an inference and serving engine for large language models LLMs. In versions starting from 0.7.0 to before 0.9.0, in the file vllm/multimodal/hasher.py, the MultiModalHasher class has a security and data integrity issue in its image hashing method. Currently, it serializes PIL.Image.Image...

CVE-2025-21604

LangChain4j-AIDeepin is a Retrieval enhancement generation RAG project. Prior to 3.5.0, LangChain4j-AIDeepin uses MD5 to hash files, which may cause file upload conflicts. This issue is fixed in 3.5.0...

CVE-2024-49370

Pimcore is an open source data and experience management platform. When a PortalUserObject is connected to a PimcoreUser and "Use Pimcore Backend Password" is set to true, the change password function in Portal Profile sets the new password. Prior to Pimcore portal engine versions 4.1.7 and 3.1.1...

CVE-2023-33263

In WFTPD 3.25, usernames and password hashes are stored in an openly viewable wftpd.ini configuration file within the WFTPD directory. NOTE: this is a product from 2006...

CVE-2025-30344

An issue was discovered in OpenSlides before 4.2.5. During login at the /system/auth/login/ endpoint, the system's response times differ depending on whether a user exists in the system. The timing discrepancy stems from the omitted hashing of the password e.g., more than 100 milliseconds...

CVE-2025-27408 Manifest Uses a One-Way Hash without a Salt

Manifest offers users a one-file micro back end. Prior to version 4.9.2, Manifest employs a weak password hashing implementation that uses SHA3 without a salt. This exposes user passwords to a higher risk of being cracked if an attacker gains access to the database. Without the use of a salt,...

Information Disclosure

typo3/cms-install is vulnerable to Information Disclosure. The vulnerability is due to an incorrect password hashing mechanism, which causes the install tool password to be logged in plaintext, allowing an attacker to potentially gain access to the password if they can access the logs or system...

CVE-2025-21604 LangChain4j-AIDeepin Using MD5 to Hash files may cause file upload conflicts

LangChain4j-AIDeepin is a Retrieval enhancement generation RAG project. Prior to 3.5.0, LangChain4j-AIDeepin uses MD5 to hash files, which may cause file upload conflicts. This issue is fixed in 3.5.0...

CVE-2025-21604 LangChain4j-AIDeepin Using MD5 to Hash files may cause file upload conflicts

LangChain4j-AIDeepin is a Retrieval enhancement generation RAG project. Prior to 3.5.0, LangChain4j-AIDeepin uses MD5 to hash files, which may cause file upload conflicts. This issue is fixed in 3.5.0...

PT-2024-29336 · Navidrome · Navidrome

Name of the Vulnerable Software and Affected Versions: Navidrome version 0.52.3 Description: The issue concerns the use of an insecure hashing algorithm, specifically MD5, in the Gravatar service of Navidrome. This allows attackers to manipulate a user's account information. Recommendations: For...

CVE-2024-39702

In ljstrhash.c in OpenResty 1.19.3.1 through 1.25.3.1, the string hashing function used during string interning allows HashDoS Hash Denial of Service attacks. An attacker could cause excessive resource usage during proxy operations via crafted requests, potentially leading to a denial of service...

Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: NULL dereference in xmlSchemaFixupComplexType CVE-2023-28484 libxml2: Hashing of empty dict strings isn't deterministic CVE-2023-29469 For more details about the security...

Medium: libxml2

Issue Overview: A NULL pointer dereference exists when parsing invalid XML schemas in libxml2 xmlSchemaCheckCOSSTDerivedOK CVE-2023-28484 libxml2 Hashing of empty dict strings isn't deterministic. When hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce...