Lucene search
K

663 matches found

RedHat Linux
RedHat Linux
added 2026/07/01 6:20 p.m.5 views

postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

8.2CVSS5.8AI score0.00558EPSS
Exploits0References5
CVE
CVE
added 2026/06/24 11:53 a.m.9 views

CVE-2026-56272

Flowise before 3.0.13 uses bcrypt with default salt rounds of 5 (32 iterations), yielding a higher risk of password hash cracking. The vulnerability allows attackers to crack hashes faster on modern GPUs, potentially compromising all user accounts in a database breach. Affected component is the b...

5.6CVSS5.8AI score0.00073EPSS
Exploits0References2Affected Software1
Fedora
Fedora
added 2026/06/21 1:11 a.m.5 views

[SECURITY] Fedora 43 Update: perl-Crypt-PBKDF2-0.261630-1.fc43

PBKDF2 is a secure password hashing algorithm that uses the techniques of "key strengthening" to make the complexity of a brute-force attack arbitrarily hig h. PBKDF2 uses any other cryptographic hash or cipher by convention, usually HMAC-SHA2, but Crypt::PBKDF2 is fully pluggable, and allows for...

7.5CVSS5.8AI score0.00319EPSS
Exploits0
Fedora
Fedora
added 2026/06/21 1:1 a.m.4 views

[SECURITY] Fedora 44 Update: perl-Crypt-PBKDF2-0.261630-1.fc44

PBKDF2 is a secure password hashing algorithm that uses the techniques of "key strengthening" to make the complexity of a brute-force attack arbitrarily hig h. PBKDF2 uses any other cryptographic hash or cipher by convention, usually HMAC-SHA2, but Crypt::PBKDF2 is fully pluggable, and allows for...

7.5CVSS5.8AI score0.00319EPSS
Exploits0
OSV
OSV
added 2026/06/18 7:51 a.m.2 views

OPENSUSE-SU-2026:21137-1 Security update for perl-Crypt-PasswdMD5

This update for perl-Crypt-PasswdMD5 fixes the following issues: Changes in perl-Crypt-PasswdMD5: - updated to 1.430.0 1.43 see /usr/share/doc/packages/perl-Crypt-PasswdMD5/Changelog.ini V 1.43 Date=2026-05-23T08:14:00 Deploy.Action=Upgrade Deploy.Reason=Security Comments= EOT - Accept pull reque...

7.5CVSS5.8AI score0.00447EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/16 12:18 p.m.10 views

postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

8.2CVSS5.5AI score0.00558EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/12 2:57 p.m.10 views

CVE-2026-9641 Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations

Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be used for legacy systems. These versions default to using 1000 iterations. Depending on the chosen algorithm, 220,000 to 1,400,000...

5.3AI score0.00226EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Erlang/OTP 安全漏洞

Erlang/OTP is an open-source JavaScript library for handling exceptions, developed by Erlang/OTP. This library can catch exceptions caused by Node.js’s built-in APIs. Erlang/OTP ssh versions prior to 6.0.0 had a security vulnerability. This vulnerability stemmed from the sshauth module’s use of...

6.3CVSS5.4AI score0.00354EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 2:16 p.m.16 views

CVE-2026-11790

A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce an upper bound on the iteration count extracted from stored password hashes. A privileged attacker who can modify a user's password hash can cause excessive CPU consumption during authentication,...

4.9CVSS0.00291EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 1:9 p.m.9 views

CVE-2026-11790 389-ds-base: 389-ds-base: pbkdf2 password storage plugin unbounded iteration count denial of service

A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce an upper bound on the iteration count extracted from stored password hashes. A privileged attacker who can modify a user's password hash can cause excessive CPU consumption during authentication,...

4.9CVSS5.4AI score0.00291EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 1:9 p.m.14 views

EUVD-2026-35422

A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce an upper bound on the iteration count extracted from stored password hashes. A privileged attacker who can modify a user's password hash can cause excessive CPU consumption during authentication,...

4.9CVSS5.4AI score0.00291EPSS
Exploits0References3
NVD
NVD
added 2026/06/09 10:16 a.m.21 views

CVE-2026-46749

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The affected application uses a password hashing implementation with a static, hardcoded salt shared across all users and installations, and is configured with an insufficient number of iterations. This could allow a...

9.8CVSS0.00121EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 8:47 a.m.14 views

EUVD-2026-35386

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The affected application uses a password hashing implementation with a static, hardcoded salt shared across all users and installations, and is configured with an insufficient number of iterations. This could allow a...

7.5CVSS5.3AI score0.00121EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 8:47 a.m.25 views

CVE-2026-46749

Summary: CVE-2026-46749 affects SINEC INS (versions older than 1.0 SP2 Update 6). The password hashing uses a static, hardcoded salt shared across users/installations and too few iterations, enabling feasible brute-force or precomputed attacks to recover passwords and potentially gain unauthorize...

9.8CVSS5.3AI score0.00121EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/09 8:47 a.m.10 views

CVE-2026-46749

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The affected application uses a password hashing implementation with a static, hardcoded salt shared across all users and installations, and is configured with an insufficient number of iterations. This could allow a...

7.5CVSS5.3AI score0.00121EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/09 3:41 a.m.70 views

secure-banking-app

secure-banking-app...

5.6AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-47735

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The affected application uses a password hashing implementation with a static, hardcoded salt shared across all users and installations, and is configured with an insufficient number of iterations. This could allow a...

7.5CVSS5.3AI score0.00121EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.18 views

389 Directory Server 数字错误漏洞

389 Directory Server is an open-source implementation of a highly available, fully functional, reliable, and secure LDAP server. 389 Directory Server has a numerical error vulnerability, which stems from the SMD5 password storage plugin executing an unsigned integer underflow when calculating...

6.5CVSS5.5AI score0.00282EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.16 views

Siemens SINEC INS 安全漏洞

Siemens SINEC INS is a software developed by Siemens, a German company, that provides central services for network infrastructure. Versions of Siemens SINEC INS prior to SINEC INS V1.0 SP2 Update 6 contained security vulnerabilities. These vulnerabilities stemmed from the use of static, hard-code...

9.8CVSS5.4AI score0.00121EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/08 3:15 p.m.43 views

CVE-2026-48488 phpMyFAQ has Weak Cryptography - SHA1 for Password Hashing

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4, attachment passwords are hashed using SHA-1, a cryptographically broken algorithm. SHA-1 has been vulnerable to collision attacks since 2017 SHAttered. Version 4.1.4 fixes the issue...

6.9CVSS0.00182EPSS
Exploits0References2
Rows per page
Query Builder