6 matches found
CVE-2026-1814 Rapid7 Nexpose Insecure Java Keystore Password Generation
Rapid7 Nexpose versions 6.4.50 and later are vulnerable to an insufficient entropy issue in the CredentialsKeyStorePassword.generateRandomPassword method. When updating legacy keystore passwords, the application generates a new password with insufficient length 7-12 characters and a static prefix...
CVE-2025-57434
Creacast Creabox Manager contains a critical authentication flaw that allows an attacker to bypass login validation. The system grants access when the username is creabox and the password begins with the string creacast, regardless of what follows...
CVE-2025-57434
Creacast Creabox Manager contains a critical authentication flaw that allows an attacker to bypass login validation. The system grants access when the username is creabox and the password begins with the string creacast, regardless of what follows...
CVE-2025-57434
The vulnerability CVE-2025-57434 affects Creacast Creabox Manager. An authentication bypass exists: if the username is creabox and the password begins with creacast, access is granted regardless of the remaining password. This is described consistently across multiple sources. The CVSS 3.1 vector...
TYPO3 12.0.0 < 12.4.37 / 13.0.0 < 13.4.18 (TYPO3-CORE-SA-2025-019)
The version of TYPO3 installed on the remote host is 12.0.0 prior to 12.4.37 / 13.0.0 prior to 13.4.18. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2025-019 advisory. - By default, the Password Generation component creates a password that always begins with a...
crypt(): DES encrypted password weakness
The cryptdes aka DES-based crypt function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an...