Lucene search
+L

8 matches found

CNNVD
CNNVD
added 2026/04/21 12:0 a.m.10 views

blueprintUE self-hosted edition 安全漏洞

The blueprintUE self-hosted edition is an open-source data modeling and visualization tool developed by blueprintUE. Versions prior to blueprintUE self-hosted edition 4.2.0 contained security vulnerabilities. These vulnerabilities stemmed from the password change form located at...

8.1CVSS5.8AI score0.00215EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-8071

Malware in sbrugna...

8.8CVSS8.8AI score0.01216EPSS
Exploits1References2
OSV
OSV
added 2025/01/14 7:19 p.m.9 views

BIT-PHP-MIN-2024-3096 PHP function password_verify can erroneously return true when argument contains NUL

In PHP version 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, if a password stored with passwordhash starts with a null byte \x00, testing a blank string as the password via passwordverify will incorrectly return true...

6.5CVSS6.5AI score0.0148EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2024/12/11 4:16 p.m.1 views

php: password_verify can erroneously return true, opening ATO risk

A null byte interaction error vulnerability was found in PHP. If a password stored with passwordhash starts with a null byte \x00, testing a blank string as the password via passwordverify will incorrectly return true. If a user can create a password with a leading null byte unlikely, but...

6.5CVSS5.7AI score0.0148EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/01/18 12:0 a.m.7 views

PT-2024-19279 · Nextcloud · Nextcloud Global Site Selector

Name of the Vulnerable Software and Affected Versions: Nextcloud Global Site Selector versions prior to 1.4.1 Nextcloud Global Site Selector versions prior to 2.1.2 Nextcloud Global Site Selector versions prior to 2.3.4 Nextcloud Global Site Selector versions prior to 2.4.5 Description: The...

9.8CVSS9.4AI score0.00755EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 3:52 a.m.3 views

SUSE CVE-2020-28052

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different...

8.1CVSS7AI score0.0714EPSS
Exploits1References7
BDU FSTEC
BDU FSTEC
added 2021/12/22 12:0 a.m.5 views

The vulnerability of the microprogrammed Ethernet module WISE-4060 and Adam-6050 D lies in the lack of input password verification procedures, allowing attackers to gain full access to the device with administrator privileges.

The vulnerability of the Microprogrammed Ethernet module WISE-4060 and Adam-6050 D lies in the deficiencies in the input password verification process. Exploiting this vulnerability allows a malicious actor to gain full access to the device with administrator privileges through a specially crafte...

10CVSS5.5AI score
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2021/03/16 1:38 p.m.8 views

bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible

A flaw was found in bouncycastle. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. The highest threat from this vulnerability is to data...

8.1CVSS6.8AI score0.0714EPSS
Exploits1References4
Rows per page
Query Builder