WordPress Redux Framework <=4.2.11 - Information Disclosure

WordPress Redux Framework plugin through 4.2.11 is susceptible to information disclosure. The plugin registers several unique AJAX actions available to unauthenticated users in the includes function in redux-core/class-redux-core.php. These are predictable, given that they are based on an md5 has...

CVE-2026-42155 Magento LTS: Weak API Session ID — Predictable MD5 of Time-Derived Inputs

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, the XML-RPC / SOAP API session ID is generated using an outdated, time-based...

GHSA-2CWR-GCF9-PVXR Magento LTS has Weak API Session ID — Predictable MD5 of Time-Derived Inputs

Affected Version: OpenMage LTS ≤ 20.16.0 confirmed on 20.16.0 Affected File: https://github.com/OpenMage/magento-lts/blob/main/app/code/core/Mage/Api/Model/Session.php – start method Summary The XML-RPC / SOAP API session ID is generated using an outdated, time-based construction rather than a...

CVE-2026-7103

A vulnerability was determined in code-projects Chat System 1.0. Affected is an unknown function of the file updateuser.php of the component MD5 Hash Handler. This manipulation of the argument Password causes use of weak hash. The attack is possible to be carried out remotely. The attack's...

EUVD-2026-24137

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can access diagnostic and system tools that should be restricted to administrators. The /system/cron endpoint relies on a static MD5 hash derived from the APPKEY, which is exposed i...

PT-2026-33992

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can access diagnostic and system tools that should be restricted to administrators. The /system/cron endpoint relies on a static MD5 hash derived from the APP KEY, which is exposed ...

CVE-2026-23958

Dataease is an open source data visualization analysis tool. Prior to version 2.10.19, DataEase uses the MD5 hash of the user’s password as the JWT signing secret. This deterministic secret derivation allows an attacker to brute-force the admin’s password by exploiting unmonitored API endpoints...

CVE-2020-10539

An issue was discovered in Epikur before 20.1.1. The Epikur server contains the checkPasswort function that, upon user login, checks the submitted password against the user password's MD5 hash stored in the database. It is also compared to a second MD5 hash, which is the same for every user aka a...

CVE-1999-0900

Buffer overflow in rpc.yppasswdd allows a local user to gain privileges via MD5 hash generation...

CVE-2019-7666

Prima Systems FlexAir, Versions 2.3.38 and prior. The application allows improper authentication using the MD5 hash value of the password, which may allow an attacker with access to the database to login as admin without decrypting the password...

EUVD-2011-3154

Malware in sbrugna...

EUVD-2007-4402

Malware in sbrugna...

EUVD-2011-3390

Malware in sbrugna...

EUVD-2014-3525

Malware in sbrugna...

EUVD-2004-2434

Malware in sbrugna...

EUVD-2019-4115

Malware in sbrugna...

EUVD-2013-7151

Malware in sbrugna...

EUVD-1999-0881

Malware in sbrugna...

EUVD-2016-1492

Malware in sbrugna...

EUVD-2020-2992

Malware in sbrugna...