Lucene search
K

107 matches found

ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-41879

R-SOFT DMS stores superadmin credentials using a non-salted nested MD5 hash. This allows an attacker who obtain password hash to decode superadmin credentials. Critically, this password cannot be changed except by modifying the configuration file. This issue was fixed in version v3.17-2000...

8.7CVSS6.1AI score0.01228EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/30 11:20 a.m.6 views

EUVD-2026-40294

Redeight CMS version 1.0 uses the MD5 algorithm without a salt to store user passwords. Because MD5 is a cryptographically broken algorithm and lacks salting, attackers who obtain the password hashes can trivially reverse them using rainbow tables, leading to the exposure of plaintext credentials...

9.3CVSS5.8AI score0.00399EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/30 11:20 a.m.8 views

CVE-2026-53692 Weak hashing algorithm in Redeight CMS

Redeight CMS version 1.0 uses the MD5 algorithm without a salt to store user passwords. Because MD5 is a cryptographically broken algorithm and lacks salting, attackers who obtain the password hashes can trivially reverse them using rainbow tables, leading to the exposure of plaintext credentials...

5.9CVSS5.8AI score0.00399EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 8:38 p.m.9 views

EUVD-2026-39560

Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing...

2.3CVSS5.8AI score0.00074EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.13 views

PT-2026-52584

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description There are certificate policy and RFC 8446 compliance concerns due to the continued acceptance of SHA-1 and MD5 hashing algorithms during certificate processing...

4.3CVSS5.7AI score0.00074EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/23 10:39 a.m.7 views

postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

8.2CVSS5.9AI score0.00558EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/06/09 1:2 p.m.11 views

CVE-2026-11789

A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP server during authentication...

6.5CVSS5.7AI score0.00282EPSS
Exploits0
OSV
OSV
added 2026/06/08 1:54 p.m.11 views

JLSEC-2026-605

Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...

8.2CVSS5.5AI score0.00558EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.11 views

CVE-2026-45413

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwords are stored using unsalted MD5 hashes, making them trivially crackable via rainbow tables or GPU-accelerated brute force hashcat. This vulnerability is fixed in 2.9.1...

6.9CVSS5.5AI score0.00083EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 6:13 p.m.14 views

EUVD-2026-34166

Version 3.0.7 of the Securly Chrome Extension uses EVPBytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no key stretching...

5.7AI score0.00163EPSS
Exploits0References1
Fedora
Fedora
added 2026/06/01 12:49 a.m.18 views

[SECURITY] Fedora 44 Update: perl-Crypt-PasswdMD5-1.4.3-1.fc44

This package provides MD5-based crypt functions...

7.5CVSS5.8AI score0.00447EPSS
Exploits0
NVD
NVD
added 2026/05/24 4:16 a.m.15 views

CVE-2026-48829

In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c...

7.5CVSS0.00455EPSS
Exploits0References5
OSV
OSV
added 2026/05/22 1:21 p.m.8 views

OESA-2026-2422 perl-Authen-SASL security update

Authen::SASL::Perl is the pure Perl implementation of SASL mechanisms in the Authen::SASL framework, At the time of this writing it provides the client part implementation for the following SASL mechanisms. Security Fixes: Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl...

6.5CVSS5.8AI score0.00394EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.13 views

magento-lts 安全特征问题漏洞

Magento LTS is an open-source alternative to OpenMage, designed as a reliable substitute for the official Magento CE version. Versions of Magento LTS prior to 20.18.0 had security vulnerabilities. These vulnerabilities stemmed from the XML-RPC/SOAP API session IDs using time-based, outdated...

9.3CVSS5.8AI score0.00267EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/14 2:16 p.m.16 views

CVE-2026-6478

Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...

6.5CVSS5.8AI score0.00558EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/14 1:0 p.m.12 views

CVE-2026-6478

Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...

6.5CVSS5.8AI score0.00558EPSS
Exploits0References2
CVE
CVE
added 2026/05/14 1:0 p.m.40 views

CVE-2026-6478

CVE-2026-6478 enables a covert timing channel during MD5 password comparison in PostgreSQL authentication, allowing credential recovery sufficient to authenticate. The issue does not affect scram-sha-256 passwords. It can affect databases with MD5-hashed passwords originating from upgrades from P...

8.2CVSS5.8AI score0.00558EPSS
Exploits0References33Affected Software1
PostrgeSql
PostrgeSql
added 2026/05/14 12:0 a.m.28 views

Vulnerability in core server (CVE-2026-6478)

PostgreSQL discloses MD5-hashed passwords via covert timing channel Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all...

8.2CVSS5.9AI score0.00558EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/11 5:54 a.m.15 views

CVE-2026-5081

A flaw was found in Apache::Session::Generate::ModUniqueId, a Perl module designed to generate session identifiers. This module uses the Apache moduniqueid plugin's UNIQUEID environment variable directly as a session ID. The UNIQUEID is constructed from easily guessable information, such as the...

9.1CVSS5.8AI score0.00302EPSS
Exploits0References5
NVD
NVD
added 2026/05/08 3:16 p.m.9 views

CVE-2026-43383

In the Linux kernel, the following vulnerability has been resolved: net/tcp-md5: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

9.4CVSS0.00443EPSS
Exploits0References8
Rows per page
Query Builder