CVE-2026-45787

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common...

CVE-2026-4377

Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number. This issue was fixed in version 1.00B16CP...

CVE-2026-4377 Use of Weak Credentials in D-Link DWR-X1820 router

Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number. This issue was fixed in version 1.00B16CP...

Electerm 安全漏洞

Electerm is a SSH/SFTP client developed by ZXDong262 of China, based on Electron. Versions of Electerm prior to 3.9.5 contained security vulnerabilities. These vulnerabilities stemmed from the use of a fixed-zero IV, a constant KDF salt, and no MAC generation in the deterministic AES-192-CBC...

Tenable Security Center

This module collects credentials and setup information from Tenable Security Center. root or TNS user permissions are required. We don't utilize SC's builtin backup functionality as that requires SC to be shut down. The module works in 2 phases: Phase 1: gather all passwords which can be decrypte...

GHSA-G29V-Q6H7-76WH electerm's encrypt method not safe enough

Impact Insecure sync encryption: deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common passwords across installs and perform undetected ciphertext bit-flips to alte...

ethical-hacking-portfolio

Ethical Hacking Portfolio - CS4069 | Spring 2026 Course:...

curl: Digest Auth State Leak on Cross-Origin Redirect via Netrc - Username and Password Hash Sent to Wrong Host

Summary When curl follows an HTTP redirect from hostA to hostB using --netrc --digest -L, Digest authentication state nonce, realm from hostA persists and is combined with hostB's netrc credentials to generate an unsolicited Digest Authorization header sent to hostB. This leaks hostB's username i...

CVE-2026-33041

WWBN AVideo is an open source video platform. In versions 25.0 and below, /objects/encryptPass.json.php exposes the application's password hashing algorithm to any unauthenticated user. An attacker can submit arbitrary passwords and receive their hashed equivalents, enabling offline password...

CVE-2026-33041

WWBN AVideo is an open source video platform. In versions 25.0 and below, /objects/encryptPass.json.php exposes the application's password hashing algorithm to any unauthenticated user. An attacker can submit arbitrary passwords and receive their hashed equivalents, enabling offline password...

CVE-2026-33041 AVideo has an Unauthenticated Password Hash Oracle via encryptPass.json.php

WWBN AVideo is an open source video platform. In versions 25.0 and below, /objects/encryptPass.json.php exposes the application's password hashing algorithm to any unauthenticated user. An attacker can submit arbitrary passwords and receive their hashed equivalents, enabling offline password...

GHSA-PX7X-GQ96-RMP5 AVideo has an Unauthenticated Password Hash Oracle via encryptPass.json.php

Summary /objects/encryptPass.json.php exposes the application's password hashing algorithm to any unauthenticated user. An attacker can submit arbitrary passwords and receive their hashed equivalents, enabling offline password cracking against leaked database hashes. Details File:...

PT-2026-25998

Summary /objects/encryptPass.json.php exposes the application's password hashing algorithm to any unauthenticated user. An attacker can submit arbitrary passwords and receive their hashed equivalents, enabling offline password cracking against leaked database hashes. Details File:...

linux-security-tools

Linux Security Tools Linux security tools, scanners, crackers...

OpenText Vertica 安全漏洞

OpenText Vertica is a relational database management system RDBMS from OpenText Canada. It can efficiently store massive amounts of data. There are security vulnerabilities in OpenText Vertica versions 10.X and earlier, as well as versions 11.X and earlier, and 12.X and earlier. These...

PT-2025-49153

Name of the Vulnerable Software and Affected Versions Silicon Labs Simplicity Device Manager affected versions not specified Description The web interface of the Silicon Labs Simplicity Device Manager, when exposed publicly, allows an attacker to extract the NTLMv2 hash. This hash can then be use...

GHSA-GQ3G-666W-7H85 Grav Exposes Password Hashes Leading to privilege escalation

Exposure of Password Hashes Leading to privilege escalation Severity Rating: Medium Vector: Privilege Escalation CVE: XXX CWE: 200 - Exposure of Sensitive Information CVSS Score: 6.2 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L Analysis It was observed that if a users is given read...

When Intelligence Fails: An Empirical Study on Why LLMs Struggle with Password Cracking

The remarkable capabilities of Large Language Models LLMs in natural language understanding and generation have sparked interest in their potential for cybersecurity applications, including password guessing. In this study, we conduct an empirical investigation into the efficacy of pre-trained LL...

EUVD-2018-20632

Malware in sbrugna...

EUVD-2021-10781

Malware in sbrugna...