Lucene search
K

9 matches found

CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

Cerebrate 信息泄露漏洞

Cerebrate is an open-source platform developed by Cerebrate. It aims to act as an interconnected coordinator for trusted contact information providers and other security tools. Prior to version 1.37 of Cerebrate, there was a vulnerability involving information leakage, which stemmed from exposing...

5.1CVSS5.3AI score0.00242EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.8 views

PT-2026-7888

Name of the Vulnerable Software and Affected Versions newbee-mall affected versions not specified Description The software stores and verifies user passwords using an unsalted MD5 hashing algorithm. This implementation lacks per-user salts and computational cost controls. Attackers obtaining...

9.3CVSS5.4AI score0.00191EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/11/26 12:42 a.m.16 views

CVE-2025-64061

Primakon Pi Portal 1.0.18 /api/v2/users endpoint is vulnerable to unauthorized data exposure due to deficient access control mechanisms. Any authenticated user, regardless of their privilege level including standard or low-privileged users, can make a GET request to this endpoint and retrieve a...

4.3CVSS7AI score0.00195EPSS
Exploits0References1
CVE
CVE
added 2025/09/22 12:0 a.m.19 views

CVE-2025-57433

The CVE-2025-57433 entry concerns the 2wcom IP-4c device (version 2.15.5). A vulnerability in the web interface allows information disclosure via a crafted POST to /cwi/ajax_request/get_data.php. An authenticated user, even with low privileges (e.g., guest), can retrieve hashed passwords for admi...

6.5CVSS5.8AI score0.00337EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2023/10/03 12:0 a.m.6 views

Ibermática RPS 2019 Log Information Disclosure Vulnerability

Ibermática RPS 2019 is an ERP software from Ibermática. Ibermática RPS 2019 suffers from a log message disclosure vulnerability that originates from an attacker being able to download a log file that contains a password hash encoded using the AES-CBC-128 bit algorithm, which can be decrypted usin...

8.2CVSS6.7AI score0.00243EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:17 a.m.4 views

SUSE CVE-2019-3700

yast2-security didn't use secure defaults to protect passwords. This became a problem on 2019-10-07 when configuration files that set secure settings were moved to a different location. As of the 20191022 snapshot the insecure default settings were used until yast2-security switched to stronger...

5.1CVSS7AI score0.00107EPSS
Exploits0References4
OSV
OSV
added 2022/03/22 12:15 a.m.6 views

CVE-2022-0652

Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710...

7.8CVSS5.8AI score0.00185EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2017/11/03 12:0 a.m.8 views

The vulnerability of the Windows operating system’s network authentication protocol, NT LAN Manager (NTLM), allows a hacker to access user password hashes.

The vulnerability of the Windows operating system’s Network Authentication Protocol NTLM exists due to the incorrect implementation of the NTLM authentication algorithm. Exploiting this vulnerability allows a malicious actor to obtain access to user password hashes through a specially crafted SCF...

8.5CVSS5.5AI score
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2009/01/22 4:30 p.m.1 views

CVE-2009-0250

Ryneezy phoSheezy 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the file containing the administrator's password hash via a direct request for config/password...

5CVSS5.4AI score0.06282EPSS
Exploits0References6
Rows per page
Query Builder