Lucene search
K

115 matches found

RedhatCVE
RedhatCVE
added 2026/06/30 8:15 p.m.7 views

CVE-2026-13455

A flaw was found in PostgreSQL Anonymizer. Unprivileged masked users can repeatedly call the anon.hash function to collect seed and hash output pairs. This allows an attacker to perform an offline brute-force attack to deduce the salt, potentially leading to information disclosure. Mitigation...

4.3CVSS5.6AI score0.00118EPSS
Exploits0References4
NVD
NVD
added 2026/06/30 4:16 p.m.8 views

CVE-2026-13455

PostgreSQL Anonymizer contains a vulnerability that allows unprivileged masked users to repeatedly call the anon.hash function and collects seed, hashoutput pairs to perform an offline brute-force attack and deduce the salt. The problem is resolved in PostgreSQL Anonymizer 3.1.2 and later version...

4.3CVSS0.00118EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 8:50 p.m.15 views

CVE-2026-55069

Kestra OSS (BasicAuth) stores administrator password with SHA-512; if an attacker gains read access to PostgreSQL, offline brute-force can recover the password. In Kubernetes, cracked credentials may enable reading ServiceAccount Tokens and all K8s Secrets, enabling vertical privilege escalation....

8.7CVSS5.8AI score0.00158EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/06/26 8:50 p.m.28 views

CVE-2026-55069 Kestra BasicAuth Password Stored as SHA-512 Enables Offline Brute-Force Attack

Kestra is an open-source, event-driven orchestration platform. Prior to 1.3.24, this vulnerability exists in the BasicAuth authentication component of the Kestra OSS workflow orchestration platform. An attacker who gains read access to the PostgreSQL database can exploit SHA-512's high computatio...

8.7CVSS0.00158EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.10 views

CVE-2026-6805

Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the server allowing an offline brute-force attack of the access code associated to this sharing link...

7.5CVSS5.5AI score0.00232EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.10 views

CVE-2026-1114

In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper access control due to the use of a weak secret key for signing JSON Web Tokens JWT. This vulnerability allows an attacker to perform an offline brute-force attack to recover the secret key. Once the...

9.8CVSS7.7AI score0.0054EPSS
Exploits1References1
NVD
NVD
added 2026/06/02 11:16 p.m.25 views

CVE-2026-25861

QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm vulnerability that allows attackers to compromise user credentials by exploiting the use of MD5 for password hashing in the Tools::encrypt function within classes/Tools.php, which concatenates a static cookie...

8.2CVSS0.00178EPSS
Exploits0References3
CVE
CVE
added 2026/06/02 10:9 p.m.28 views

CVE-2026-25861

CVE-2026-25861 affects QloApps 1.7.0. The vulnerability is in the password hashing path: Tools::encrypt() in classes/Tools.php uses MD5 with a static cookie key, allowing offline brute-forcing of credentials. The risk is heightened by auto-generated 8-character guest-to-customer passwords in clas...

8.2CVSS5.8AI score0.00178EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/02 10:9 p.m.7 views

CVE-2026-25861 QloApps 1.7.0 Weak Password Hashing via MD5 in Tools.php

QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm vulnerability that allows attackers to compromise user credentials by exploiting the use of MD5 for password hashing in the Tools::encrypt function within classes/Tools.php, which concatenates a static cookie...

8.2CVSS5.8AI score0.00178EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.7 views

QloApps 安全漏洞

QloApps is an open-source hotel management and reservation system developed by QloApps. Versions of QloApps 1.7.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the use of MD5 for password hashing in the Tools.php file. Weak encryption algorithms allowed...

8.2CVSS5.4AI score0.00178EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/07 9:8 p.m.14 views

Note Mark has a JWT Secret Weakness that allows Full Account Takeover via Token Forgery

Summary No minimum length or entropy is enforced on the JWTSECRET configuration value. The application accepts any base64-decodable secret regardless of size, including secrets as short as 1 byte. HS256 secrets below 32 bytes are brute-forceable offline, allowing attackers to recover the signing...

10CVSS5.9AI score0.00124EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/05/07 12:31 p.m.30 views

EUVD-2026-28342

Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the server allowing an offline brute-force attack of the access code associated to this sharing link...

6.9CVSS5.9AI score0.00232EPSS
Exploits0References2
NVD
NVD
added 2026/05/07 10:16 a.m.11 views

CVE-2026-6805

Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the server allowing an offline brute-force attack of the access code associated to this sharing link...

7.5CVSS0.00232EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/07 9:45 a.m.9 views

CVE-2026-6805 Vulnerability on Cryptobox external sharing feature

Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the server allowing an offline brute-force attack of the access code associated to this sharing link...

6.9CVSS5.9AI score0.00232EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/07 9:45 a.m.93 views

CVE-2026-6805 Vulnerability on Cryptobox external sharing feature

Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the server allowing an offline brute-force attack of the access code associated to this sharing link...

6.9CVSS0.00232EPSS
Exploits0References1
CVE
CVE
added 2026/05/07 9:45 a.m.19 views

CVE-2026-6805

CVE-2026-6805 affects Cryptobox’s external sharing feature. An attacker who knows a sharing link URL can retrieve information from the server, enabling an offline brute-force attack against the access code associated with that link. The provided documents do not specify affected versions, mitigat...

7.5CVSS5.9AI score0.00232EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/07 9:45 a.m.5 views

CVE-2026-6805

Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the server allowing an offline brute-force attack of the access code associated to this sharing link...

6.9CVSS5.9AI score0.00232EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.18 views

PT-2026-38415

Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the server allowing an offline brute-force attack of the access code associated to this sharing link...

6.9CVSS5.9AI score0.00232EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.8 views

ERCOM Cryptobox 安全漏洞

ERCOM Cryptobox is a file encryption and secure storage tool developed by the French company ERCOM. There is a security vulnerability in ERCOM Cryptobox, which stems from the external sharing feature. This vulnerability allows attackers who know the URL of the shared link to retrieve information...

7.5CVSS5.8AI score0.00232EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.17 views

PT-2026-38622

Name of the Vulnerable Software and Affected Versions note-mark affected versions not specified Description The application does not enforce a minimum length or entropy for the JWT SECRET configuration value, accepting any base64-decodable secret regardless of size. In backend/config/utils.go, th...

10CVSS5.8AI score0.00124EPSS
Exploits0References9
Rows per page
Query Builder