Lucene search
K

15 matches found

RedHat Linux
RedHat Linux
added 3 days ago7 views

postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

8.2CVSS5.8AI score0.00558EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/25 12:30 p.m.4 views

postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

8.2CVSS5.8AI score0.00558EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/24 6:49 a.m.30 views

CVE-2026-7761 Ultimate Member <= 2.11.4 - Authenticated (Contributor+) Account Takeover via Password Reset Link Disclosure

The Ultimate Member plugin for WordPress is vulnerable to Account Takeover via Password Reset Link Disclosure in all versions up to and including 2.11.4. This is due to a chain of three logic bugs: 1 an MD5 hash fallback in getdirectorybyhash that allows any post to be used as a member directory ...

8.8CVSS0.00499EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2026/06/16 12:18 p.m.9 views

postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

8.2CVSS5.5AI score0.00558EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/05 1:41 a.m.5 views

CVE-2025-40931

Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come fro...

9.1CVSS5.8AI score0.00583EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2026/03/05 12:0 a.m.6 views

CVE-2025-40931

Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come fro...

9.1CVSS5.8AI score0.00583EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.7 views

DataEase security vulnerabilities

DataEase is an open-source data visualization and analysis tool developed by DataEase. It helps users quickly analyze data and gain insights into business trends, thereby enabling improvements and optimizations in operations. Versions of DataEase prior to 2.10.19 contained a security vulnerabilit...

9.8CVSS5.8AI score0.00475EPSS
Exploits1References1
OSV
OSV
added 2026/01/09 4:16 p.m.5 views

CVE-2025-67279

An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via the application stores password hashes in MD5 format...

5.3CVSS5.9AI score0.00311EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/10 9:31 p.m.5 views

EUVD-2025-202614

Due to a lack of certificate validation, all traffic from the mobile application can be intercepted. As a result, an adversary located "upstream" can decrypt the TLS traffic, inspect its contents, and modify the requests in transit. This may result in a total compromise of the user's account if t...

6.5AI score0.00243EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-32127

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.00233EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/03 12:0 a.m.11 views

PT-2025-35777

Name of the Vulnerable Software and Affected Versions: Corona Virus Tracker App India version 1.0 Description: The Android application uses MD5 for digest authentication. The handleDigest function utilizes MessageDigest.getInstance"MD5" to hash credentials. MD5 is a cryptographic algorithm...

4.2CVSS6.4AI score0.00296EPSS
Exploits0References6
OSV
OSV
added 2019/07/01 7:15 p.m.4 views

CVE-2019-7666

Prima Systems FlexAir, Versions 2.3.38 and prior. The application allows improper authentication using the MD5 hash value of the password, which may allow an attacker with access to the database to login as admin without decrypting the password...

8.8CVSS7.3AI score0.1482EPSS
Exploits5References4
OSV
OSV
added 2018/10/23 12:29 p.m.4 views

CVE-2018-18587

BigProf AppGini 5.70 stores the passwords in the database using the MD5 hash...

5.3CVSS5.8AI score0.00527EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2016/01/20 7:14 p.m.20 views

TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)

A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to...

5.9CVSS7.1AI score0.0288EPSS
Exploits0References7
OSV
OSV
added 2014/11/25 11:59 p.m.3 views

DEBIAN-CVE-2014-9037

WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash...

6.8CVSS7AI score0.02571EPSS
Exploits0References1
Rows per page
Query Builder