CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

37 matches found

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в krb5

The RADIUS protocol, as described in RFC 2865, is vulnerable to forgery attacks by local attackers who can modify any valid response—whether an Access-Accept, Access-Reject, or Access-Challenge response—into any other response, using a chosen-prefix collision attack against the MD5 Response...

9CVSS7.3AI score0.22162EPSS

Exploits2References2

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2009-4268

Malware in sbrugna...

5CVSS6.1AI score0.0059EPSS

Exploits0References11

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2011-0036

Malware in sbrugna...

4.3CVSS6AI score0.00834EPSS

Exploits0References14

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2021-0070

Malware in sbrugna...

7.5CVSS7.4AI score0.00079EPSS

Exploits1References5

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-53177

Malicious code in bioql PyPI...

6.9CVSS6.6AI score0.00081EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-3454

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.00235EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2021-30850

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00096EPSS

Exploits0References1

OSV•added 2025/09/18 11:18 a.m.•1 views

SUSE-SU-2025:03270-1 Security update for krb5

This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 bsc1241219. Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current...

5.9CVSS6.8AI score0.00252EPSS

Exploits0References3

IBM Security Bulletins•added 2025/09/17 1:40 p.m.•23 views

Security Bulletin: IBM Observability with Instana (OnPrem) has addressed multiple vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.303 Vulnerability Details CVEID:CVE-2025-0395 DESCRIPTION: When the assert function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure...

9.1CVSS7.9AI score0.07539EPSS

Exploits4Affected Software1

NVD•added 2025/05/28 5:15 p.m.•10 views

CVE-2025-48931

The TeleMessage service through 2025-05-05 relies on MD5 for password hashing, which opens up various attack possibilities including rainbow tables with low computational effort...

5.5CVSS0.00032EPSS

Exploits0References1

Positive Technologies•added 2025/05/28 12:0 a.m.•2 views

PT-2025-23114 · Unknown · Telemessage

Name of the Vulnerable Software and Affected Versions: TeleMessage service through 2025-05-05 Description: The issue concerns the use of MD5 for password hashing, which allows for various attack possibilities, including the use of rainbow tables, with low computational effort. Recommendations: Fo...

3.2CVSS6.4AI score0.00032EPSS

Exploits0References4

RedhatCVE•added 2025/05/23 9:30 a.m.•3 views

CVE-2024-36496

The configuration file is encrypted with a static key derived from a static five-character password which allows an attacker to decrypt this file. The application hashes this five-character password with the outdated and broken MD5 algorithm no salt and uses the first five bytes as the key for RC...

7.5CVSS7AI score0.00271EPSS

Exploits1

RedhatCVE•added 2025/05/23 7:41 a.m.•5 views

CVE-2024-55885

beego is an open-source web framework for the Go programming language. Versions of beego prior to 2.3.4 use MD5 as a hashing algorithm. MD5 is no longer considered secure against well-funded opponents due to its vulnerability to collision attacks. Version 2.3.4 replaces MD5 with SHA256...

7.5CVSS6.8AI score0.00235EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 5:24 a.m.•4 views

CVE-2019-15653

Comba AP2600-I devices through A02,0202N00PD2 are prone to password disclosure via an insecure authentication mechanism. The HTML source code of the login page contains values that allow obtaining the username and password. The username are password values are a double md5 of the plaintext real...

7.5CVSS7.4AI score0.00805EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 4:33 a.m.•5 views

CVE-2012-6707

WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a...

7.5CVSS6.9AI score0.00182EPSS

Exploits0References1

Zero Science Lab•added 2025/05/19 12:0 a.m.•235 views

ABB Cylon FLXeon 9.3.5 (uukl.js) Predictable Salt and Weak Hashing Algorithm

Summary BACnet® Smart Building Controllers. ABB's BACnet portfolio features a series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™ building management solutions. ABB BACnet controllers are designed for intelligent control of HVAC equipment such as central plant, boiler...

5.8AI score

Exploits0

RedhatCVE•added 2025/02/06 3:54 a.m.•8 views

CVE-2021-39182

EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of t...

7.5CVSS6.7AI score0.00079EPSS

Exploits1References1

NVD•added 2024/12/30 5:15 p.m.•15 views

CVE-2024-56516

free-one-api allows users to access large language model reverse engineering libraries through the standard OpenAI API format. In versions up to and including 1.0.1, MD5 is used to hash passwords before sending them to the backend. MD5 is a cryptographically broken hashing algorithm and is no...

6.9CVSS0.00081EPSS

Exploits0References2