Lucene search
K

264 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2010-2980

Malware in sbrugna...

10CVSS6.4AI score0.01795EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2006-2711

Malware in sbrugna...

5CVSS6.4AI score0.02628EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2017-0227

Malware in sbrugna...

5CVSS6AI score0.02232EPSS
Exploits1References16
Vulnrichment
Vulnrichment
added 2025/10/06 12:0 a.m.5 views

CVE-2025-59452

The YoSmart YoLink API through 2025-10-02 uses an endpoint URL that is derived from a device's MAC address along with an MD5 hash of non-secret information, such as a key that begins with cf50...

5.8CVSS6.5AI score0.00423EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/06 12:0 a.m.7 views

PT-2025-40949

Name of the Vulnerable Software and Affected Versions YoSmart YoLink versions through 2025-10-02 Description The YoSmart YoLink API constructs an endpoint URL using a device's MAC address and an MD5 hash of non-secret information, including a key starting with cf50. The API endpoint is derived fr...

5.8CVSS6.4AI score0.00423EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-59117

Malicious code in bioql PyPI...

5.3CVSS6.2AI score0.01421EPSS
Exploits0References10
Cvelist
Cvelist
added 2025/10/02 2:18 p.m.17 views

CVE-2025-59745 Multiple vulnerabilities in AndSoft's e-TMS

Vulnerability in the cryptographic algorithm of AndSoft's e-TMS v25.03, which uses MD5 to encrypt passwords. MD5 is a cryptographically vulnerable hash algorithm and is no longer considered secure for storing or transmitting passwords. It is vulnerable to collision attacks and can be easily crack...

6.9CVSS0.00233EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/02 12:0 a.m.12 views

PT-2025-40366

Name of the Vulnerable Software and Affected Versions AndSoft e-TMS version 25.03 Description The software uses the MD5 hash algorithm to encrypt passwords. MD5 is considered a cryptographically weak hash algorithm and is susceptible to collision attacks, potentially exposing user credentials...

7.5CVSS6.4AI score0.00233EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/02 12:0 a.m.6 views

AndSoft e-TMS 加密问题漏洞

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from an encryption issue vulnerability that stems from the use of MD5 encrypted passwords, which can be exploited by an attacker to cause the disclosure of user credentials...

7.5CVSS6.7AI score0.00233EPSS
Exploits0References1
OSV
OSV
added 2025/10/01 1:9 p.m.3 views

SUSE-SU-2025:03445-1 Security update for snpguest

This update for snpguest fixes the following issues: - CVE-2024-12224: idna: acceptance of Punycode labels that do not produce any non-ASCII output may lead to incorrect hostname comparisons and incorrect URL parsing bsc1243869. - CVE-2025-3416: openssl: use-after-free in Md::fetch and...

8.8CVSS5.8AI score0.00486EPSS
Exploits1References5
OSV
OSV
added 2025/09/22 7:22 p.m.5 views

CVE-2025-59432 Timing Attack Vulnerability in SCRAM Authentication

SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. Prior to version 3.2, a timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals...

8.7CVSS6.7AI score0.00835EPSS
Exploits0References5
Snyk
Snyk
added 2025/09/17 8:11 p.m.2 views

Use of Weak Hash

Overview Affected versions of this package are vulnerable to Use of Weak Hash like the Md5 hash. An attacker can bypass file integrity verification by generating files with colliding MD5 hashes and distributing malicious content that passes integrity checks. Remediation Upgrade...

6.9CVSS6.6AI score0.00152EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/17 8:11 p.m.2 views

Use of Weak Hash

Overview Affected versions of this package are vulnerable to Use of Weak Hash like the Md5 hash. An attacker can bypass file integrity verification by generating files with colliding MD5 hashes and distributing malicious content that passes integrity checks. Remediation Upgrade...

6.9CVSS6.6AI score0.00152EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/17 8:11 p.m.3 views

Use of Weak Hash

Overview Affected versions of this package are vulnerable to Use of Weak Hash like the Md5 hash. An attacker can bypass file integrity verification by generating files with colliding MD5 hashes and distributing malicious content that passes integrity checks. Remediation Upgrade...

6.9CVSS6.6AI score0.00152EPSS
Exploits0References2
CVE
CVE
added 2025/09/17 7:57 p.m.21 views

CVE-2025-59354

Summary: CVE-2025-59354 affects Dragonfly before version 2.1.0, where downloaded files may be replaced due to use of MD5 for hashing, enabling attackers to supply malicious files with colliding hashes. The vulnerability is fixed in 2.1.0. The initial description provides the root cause and remedi...

6.9CVSS6.4AI score0.00152EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/09/17 7:57 p.m.11 views

CVE-2025-59354 Dragonfly has weak integrity checks for downloaded files

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the DragonFly2 uses a variety of hash functions, including the MD5 hash, for downloaded files. This allows attackers to replace files with malicious ones that have a colliding hash. This...

6.9CVSS0.00152EPSS
Exploits0References2
NVD
NVD
added 2025/09/17 3:15 p.m.4 views

CVE-2025-40933

Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely. Session ids are generated using an MD5 hash of the epoch time and a call to the built-in rand function. The epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is...

7.5CVSS0.00383EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2025/09/17 11:34 a.m.6 views

Security update for sevctl

This update for sevctl fixes the following issues: CVE-2025-3416: openssl: Fixed Use-After-Free in Md::fetch and Cipher::fetch bsc1242618 CVE-2024-12224: idna: Fixed Punycode improper validation bsc1243860 Patch Instructions: To install this SUSE update use the SUSE recommended installation metho...

6.3CVSS7.1AI score0.00486EPSS
Exploits1References8
CNNVD
CNNVD
added 2025/09/17 12:0 a.m.5 views

MetaCPAN Apache::AuthAny::Cookie 安全漏洞

MetaCPAN Apache::AuthAny::Cookie is a Perl authentication module from the MetaCPAN Foundation. A security vulnerability exists in MetaCPAN Apache::AuthAny::Cookie version 0.201 and earlier, which stems from the use of MD5 hash and rand functions to generate insecure session IDs, which could lead ...

7.5CVSS6.8AI score0.00383EPSS
Exploits0References1
OSV
OSV
added 2025/09/16 10:20 p.m.2 views

GHSA-3WFH-36RX-9537 Timing Attack Vulnerability in SCRAM Authentication

Impact A timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals was used to compare secret values such as client proofs and server signatures. Since Arrays.equals performs a short-circuit comparison, the execution time varies depending on how...

8.7CVSS6AI score0.00835EPSS
Exploits0References5
Rows per page
Query Builder