Lucene search
K

1275 matches found

CVE
CVE
added last week14 views

CVE-2026-14867

PcVue projects store credentials for built-in users insecurely in the User directory, affecting all versions before 17.0.0. A local attacker could retrieve these credentials, impacting confidentiality. Active Directory accounts are not affected. The provided documents do not include explicit reme...

6.8CVSS5.9AI score0.00092EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added last week31 views

CVE-2026-14867 Insecure password storage in User directory

Credentials of built-in users are insecurely stored in the User directory of PcVue projects, all versions prior to 17.0.0. A local attacker could retrieve users’ credentials. Active Directory accounts are not affected by this vulnerability...

6.8CVSS0.00092EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 11:20 a.m.6 views

EUVD-2026-40294

Redeight CMS version 1.0 uses the MD5 algorithm without a salt to store user passwords. Because MD5 is a cryptographically broken algorithm and lacks salting, attackers who obtain the password hashes can trivially reverse them using rainbow tables, leading to the exposure of plaintext credentials...

9.3CVSS5.8AI score0.00399EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 11:20 a.m.10 views

CVE-2026-53692

CVE-2026-53692 affects Redeight CMS v1.0. The root cause is storing passwords with MD5 without a salt, a cryptographically broken hash, allowing attackers who obtain password hashes to reverse them via rainbow tables and expose plaintext credentials. The Connected CVE records confirm this in Rede...

5.9CVSS5.8AI score0.00082EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/30 11:20 a.m.8 views

CVE-2026-53692 Weak hashing algorithm in Redeight CMS

Redeight CMS version 1.0 uses the MD5 algorithm without a salt to store user passwords. Because MD5 is a cryptographically broken algorithm and lacks salting, attackers who obtain the password hashes can trivially reverse them using rainbow tables, leading to the exposure of plaintext credentials...

5.9CVSS5.8AI score0.00399EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.3 views

Carrier Corporation i-VU Storing Passwords in a Recoverable Format (CVE-2025-14295)

CWE-257 Storing Passwords in a Recoverable Format vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. An attacker with elevated access can retrieve passwords stored in a recoverable format, potentially compromising credentials and neighboring...

7CVSS5.9AI score0.00158EPSS
Exploits0References2
Talos Blog
Talos Blog
added 2026/06/11 6:0 p.m.13 views

A tale of two eras

Welcome to this week's edition of the Threat Source newsletter. To the surprise of absolutely no one who has seen my face, I'm one of the younger employees at Talos. As my industry veteran colleagues were buying the first iPods, navigating the switch from dial-up to broadband, saying goodbye to...

5.8AI score
Exploits0
NVD
NVD
added 2026/06/09 2:16 p.m.16 views

CVE-2026-11789

A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP server during authentication...

6.5CVSS0.00282EPSS
Exploits0References2
OSV
OSV
added 2026/06/09 2:16 p.m.12 views

DEBIAN-CVE-2026-11789

A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP server during authentication...

6.5CVSS5.7AI score0.00282EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 2:16 p.m.11 views

UBUNTU-CVE-2026-11789

A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP server during authentication...

6.5CVSS5.5AI score0.00282EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/09 1:9 p.m.51 views

CVE-2026-11790 389-ds-base: 389-ds-base: pbkdf2 password storage plugin unbounded iteration count denial of service

A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce an upper bound on the iteration count extracted from stored password hashes. A privileged attacker who can modify a user's password hash can cause excessive CPU consumption during authentication,...

4.9CVSS0.00291EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 1:2 p.m.10 views

CVE-2026-11789 389-ds-base: 389-ds-base: smd5 password storage plugin salt length integer underflow crash

A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP server during authentication...

4.9CVSS5.7AI score0.00282EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.15 views

PT-2026-47779

Name of the Vulnerable Software and Affected Versions 389 Directory Server affected versions not specified Description A flaw in the SMD5 password storage plugin allows an unsigned integer underflow when calculating the salt length from a crafted password hash shorter than 16 bytes. This leads to...

6.5CVSS6.1AI score0.00282EPSS
Exploits0References11
Fedora
Fedora
added 2026/06/05 4:26 a.m.19 views

[SECURITY] Fedora 44 Update: perl-Crypt-Argon2-0.031-1.fc44

This module implements the Argon2 key derivation function, which is suitable to convert any password into a cryptographic key. This is most often used to for secure storage of passwords but can also be used to derive a encryption key from a password. It offers variable time and memory costs as we...

5.3CVSS5.8AI score0.00327EPSS
Exploits0
Fedora
Fedora
added 2026/06/05 4:9 a.m.14 views

[SECURITY] Fedora 43 Update: perl-Crypt-Argon2-0.031-1.fc43

This module implements the Argon2 key derivation function, which is suitable to convert any password into a cryptographic key. This is most often used to for secure storage of passwords but can also be used to derive a encryption key from a password. It offers variable time and memory costs as we...

5.3CVSS5.8AI score0.00327EPSS
Exploits0
NVD
NVD
added 2026/05/26 9:16 p.m.17 views

CVE-2026-45413

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwords are stored using unsalted MD5 hashes, making them trivially crackable via rainbow tables or GPU-accelerated brute force hashcat. This vulnerability is fixed in 2.9.1...

6.9CVSS0.00083EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 8:12 p.m.8 views

CVE-2026-45413

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwords are stored using unsalted MD5 hashes, making them trivially crackable via rainbow tables or GPU-accelerated brute force hashcat. This vulnerability is fixed in 2.9.1...

6.9CVSS5.8AI score0.00083EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.18 views

PT-2026-43406

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwords are stored using unsalted MD5 hashes, making them trivially crackable via rainbow tables or GPU-accelerated brute force hashcat. This vulnerability is fixed in 2.9.1...

6.9CVSS5.8AI score0.00083EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in LibreOffice

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted using a single master key provided by the user. There was a flaw in LibreOffice where the required initialization vector for encryption was always the same,...

7.5CVSS7.7AI score0.00804EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

SOGo SQL注入漏洞

SOGo is a very fast and scalable modern collaboration suite open source by Alinto. It offers calendar management, address book management, a fully functional webmail client, as well as features for resource sharing and permission handling. Versions of SOGo prior to 5.12.7 had an SQL injection...

7.1CVSS5.8AI score0.00239EPSS
Exploits0References1
Rows per page
Query Builder