1903 matches found
Information Exposure
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Information Exposure via the encryptPass.json.php process. An attacker can obtain hashed equivalents of arbitrary passwords by submitting them to the exposed...
AVideo has an Unauthenticated Password Hash Oracle via encryptPass.json.php
Summary /objects/encryptPass.json.php exposes the application's password hashing algorithm to any unauthenticated user. An attacker can submit arbitrary passwords and receive their hashed equivalents, enabling offline password cracking against leaked database hashes. Details File:...
PT-2026-25998
Summary /objects/encryptPass.json.php exposes the application's password hashing algorithm to any unauthenticated user. An attacker can submit arbitrary passwords and receive their hashed equivalents, enabling offline password cracking against leaked database hashes. Details File:...
CVE-2026-27897
Vociferous provides cross-platform, offline speech-to-text with local AI refinement. Prior to 4.4.2, the vulnerability exists in src/api/system.py within the exportfile route. The application accepts a JSON payload containing a filename and content. While the developer intended for a native UI...
PT-2026-24699
Vociferous provides cross-platform, offline speech-to-text with local AI refinement. Prior to 4.4.2, the vulnerability exists in src/api/system.py within the export file route. The application accepts a JSON payload containing a filename and content. While the developer intended for a native UI...
Microsoft Windows App Installer 数据伪造问题漏洞
The Microsoft Windows App Installer is a tool provided by Microsoft Corporation for use with the Windows 10 and Windows 11 operating systems. It allows users to easily install applications by double-clicking .msix or .msixbundle files. This tool supports installation from websites, optional...
CVE-2026-30790 RustDesk Server Controls All Handshake Entropy (Salt/Challenge), Enabling Offline Brute-Force
Improper Restriction of Excessive Authentication Attempts, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux Peer authentication, API login modules, rustdesk-server RustDesk Server OSS...
EUVD-2026-9375
The /root/anaconda-ks.cfg installation configuration file in International Datacasting Corporation IDC SFX SeriesSFX2100 SuperFlex Satellite Receiver insecurely stores the hardcoded root password hash. The password itself is highly insecure and susceptible to offline dictionary attacks using the...
CVE-2026-29120
The /root/anaconda-ks.cfg installation configuration file in International Datacasting Corporation IDC SFX SeriesSFX2100 SuperFlex Satellite Receiver insecurely stores the hardcoded root password hash. The password itself is highly insecure and susceptible to offline dictionary attacks using the...
CVE-2026-29120 Insecure, Hardcoded Root Password Stored in Anaconda Configuration File On IDC SFX2100 Satellite Receiver
The /root/anaconda-ks.cfg installation configuration file in International Datacasting Corporation IDC SFX SeriesSFX2100 SuperFlex Satellite Receiver insecurely stores the hardcoded root password hash. The password itself is highly insecure and susceptible to offline dictionary attacks using the...
CVE-2026-29120 Insecure, Hardcoded Root Password Stored in Anaconda Configuration File On IDC SFX2100 Satellite Receiver
The /root/anaconda-ks.cfg installation configuration file in International Datacasting Corporation IDC SFX SeriesSFX2100 SuperFlex Satellite Receiver insecurely stores the hardcoded root password hash. The password itself is highly insecure and susceptible to offline dictionary attacks using the...
CVE-2026-29120
Technical details beyond what’s in the Initial Description are not publicly provided in the connected documents. Monitor for updates to the CVE-2026-29120 entry as new disclosures may clarify affected components, impact, or remediation.
CVE-2026-29120
The /root/anaconda-ks.cfg installation configuration file in International Datacasting Corporation IDC SFX SeriesSFX2100 SuperFlex Satellite Receiver insecurely stores the hardcoded root password hash. The password itself is highly insecure and susceptible to offline dictionary attacks using the...
curl: LM Challenge-Response Hash Always Sent in SMB Authentication
LM Challenge-Response Hash Always Sent in SMB Authentication Summary The curl SMB client unconditionally computes and sends both the legacy LAN Manager LM and NT challenge-response hashes during SMB session setup. The LM hash is cryptographically broken — it splits the password into two 7-charact...
International Datacasting SFX2100 SuperFlex Satellite Receiver 安全漏洞
The International Datacasting SFX2100 SuperFlex Satellite Receiver is a professional broadcast-grade satellite signal receiving device developed by the International Datacasting company. The SFX2100 SuperFlex Satellite Receiver has a security vulnerability. This vulnerability stems from the...
PT-2026-22883
Name of the Vulnerable Software and Affected Versions IDC SFX SeriesSFX2100 SuperFlex Satellite Receiver affected versions not specified Description The /root/anaconda-ks.cfg installation configuration file insecurely stores a hardcoded root password hash. This password is highly susceptible to...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005687)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005687 advisory. In the Linux kernel, the following vulnerability has been resolved: thermal: intelpowerclamp: Use getcpu instead of smpprocessorid to avoid crash When CPU 0 is offli...
EUVD-2026-9045
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability that allows attackers to forge authenticated sessions by computing predictable MD5-based cookies. Attackers who know or guess valid credentials can calculate the session identifie...
CVE-2026-27755
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability that allows attackers to forge authenticated sessions by computing predictable MD5-based cookies. Attackers who know or guess valid credentials can calculate the session identifie...
CVE-2026-27755
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability that allows attackers to forge authenticated sessions by computing predictable MD5-based cookies. Attackers who know or guess valid credentials can calculate the session identifie...