Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome on Windows before 148.0.7778.216 contained a resource management vulnerability. This vulnerability stemmed from a problem with reuse after release in the Password module, which could allow remote attackers who have...

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a vulnerability related to input validation. This vulnerability stemmed from insufficient validation for untrusted inputs in the Password module, which could allow remote attackers ...

Web::Passwd 操作系统命令注入漏洞

Web::Passwd is a Perl module developed by EVANK personal developers, used for managing password files and handling identity authentication in web applications. Versions of Web::Passwd prior to 0.03 contained a vulnerability related to operating system command injection. This vulnerability stemmed...

CVE-2026-6659

Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts. The built-in rand function is predictable, and unsuitable for cryptography...

CVE-2026-6659

CVE-2026-6659 affects Crypt::PasswdMD5 up to 1.42 for Perl. Root cause: salts generated with Perl’s built-in rand are predictable, making password hashes vulnerable to weaknesses in randomness. Exploitation details are not provided in the documents. No remediation information is present in the pr...

Crypt::PasswdMD5 安全特征问题漏洞

Crypt::PasswdMD5 is a Perl module developed by RSAVAGE’s individual developers, which implements MD5-based password hashing calculations. Versions of Crypt::PasswdMD5 prior to 1.42 contained security vulnerabilities due to the use of a predictable built-in rand function to generate insecure rando...

CVE-2026-5088 Apache::API::Password versions through 0.5.2 for Perl can generate insecure random values for salts

Apache::API::Password versions through 0.5.2 for Perl can generate insecure random values for salts. The makesalt and makesaltbcrypt methods will attept to load Crypt::URandom and then Bytes::Random::Secure to generate random bytes for the salt. If those modules are unavailable, it will simply...

EUVD-2019-20022

Netartmedia Vlog System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with malicious email values in the forgottenpassword module to...

PT-2026-27375

Netartmedia Vlog System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with malicious email values in the forgotten password module to...

EUVD-2022-30874

Malicious code in bioql PyPI...

CVE-2022-30421

Improper Authentication vulnerability in Toshiba Storage Security Software V1.2.0.7413 is that allows for sensitive information to be obtained vialocal password authentication module...

The vulnerability of the View Password module in Drupal CMS systems, related to the lack of protective measures for website structures, allows attackers to execute cross-site scripting (XSS) attacks.

The vulnerability of the View Password module in the Drupal CMS system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...

Drupal View Password module < 6.0.4 - Administrator+ Cross Site Scripting (XSS) vulnerability

Administrator+ Cross Site Scripting XSS vulnerability discovered by Ide Braakman in WordPress Module View Password versions 6.0.4...

View Password - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-026

The View Password module enables you to add a help icon button next to the password input field to toggle the password visibility. The administrative user is allowed to add classes to this icon for styling purposes. The module doesn't validate the content of classes. A malicious user with access ...

Toshiba Storage Security Software 授权问题漏洞

Toshiba Storage Security Software is a security software from Toshiba Japan. It allows users to protect CANVIO series hard drives with a unique password and prevents unauthorized users from accessing private information. A security vulnerability exists in Toshiba Storage Security Software version...

CVE-2022-40323

SysAid Help Desk before 22.1.65 allows XSS in the Password Services module, aka FR 67241...

Siemens Mendix 访问控制错误漏洞

Forgot Password module allows users to register applications or reset their own passwords without administrator involvement. siemens Mendix Forgot Password Appstore module contains a security vulnerability that could be exploited by an attacker to hijack any user account using the registration fl...

CVE-2021-25672

A vulnerability has been identified in Mendix Forgot Password Appstore module All Versions V3.2.1. The Forgot Password Marketplace module does not properly control access. An attacker could take over accounts...

西门子 Mendix 安全漏洞

Mendix Forgot Password Appstore module allows users to register applications or reset their own passwords without administrator involvement. An improper access control vulnerability exists in the Siemens Mendix Forgot Password Appstore module. An attacker could exploit the vulnerability to take...

freeradius: eap-pwd: DoS issues due to multithreaded BN_CTX access

In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BNCTX instance to handle all handshakes. This mean multiple threads use the same BNCTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a...