Lucene search
K

81 matches found

Cvelist
Cvelist
added 2026/06/30 11:20 a.m.32 views

CVE-2026-53692 Weak hashing algorithm in Redeight CMS

Redeight CMS version 1.0 uses the MD5 algorithm without a salt to store user passwords. Because MD5 is a cryptographically broken algorithm and lacks salting, attackers who obtain the password hashes can trivially reverse them using rainbow tables, leading to the exposure of plaintext credentials...

5.9CVSS0.00082EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 11:20 a.m.7 views

EUVD-2026-40294

Redeight CMS version 1.0 uses the MD5 algorithm without a salt to store user passwords. Because MD5 is a cryptographically broken algorithm and lacks salting, attackers who obtain the password hashes can trivially reverse them using rainbow tables, leading to the exposure of plaintext credentials...

9.3CVSS5.8AI score0.00399EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/30 11:20 a.m.8 views

CVE-2026-53692 Weak hashing algorithm in Redeight CMS

Redeight CMS version 1.0 uses the MD5 algorithm without a salt to store user passwords. Because MD5 is a cryptographically broken algorithm and lacks salting, attackers who obtain the password hashes can trivially reverse them using rainbow tables, leading to the exposure of plaintext credentials...

5.9CVSS5.8AI score0.00399EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 11:20 a.m.10 views

CVE-2026-53692

CVE-2026-53692 affects Redeight CMS v1.0. The root cause is storing passwords with MD5 without a salt, a cryptographically broken hash, allowing attackers who obtain password hashes to reverse them via rainbow tables and expose plaintext credentials. The Connected CVE records confirm this in Rede...

5.9CVSS5.8AI score0.00399EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 3:24 p.m.9 views

CVE-2026-45027 WeGIA: Use of Weak Password Hashing Algorithm (SHA-256, no salt) in html/login.php

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash function with the SHA-256 algorithm and no salt before comparing it to the stored value. The password change flow in...

5.9CVSS5.8AI score0.00136EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 3:24 p.m.22 views

CVE-2026-45027

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, login.php hashes the submitted password with PHP hash(…, 'SHA-256') and no salt, and the password-change flow uses the same pattern. SHA-256 is a fast general-purpose hash, not ideal for password storage, so identical...

5.9CVSS5.8AI score0.00136EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.14 views

PT-2026-44042

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash function with the SHA-256 algorithm and no salt before comparing it to the stored value. The password change flow in...

5.9CVSS5.8AI score0.00136EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/26 8:12 p.m.8 views

CVE-2026-45413

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwords are stored using unsalted MD5 hashes, making them trivially crackable via rainbow tables or GPU-accelerated brute force hashcat. This vulnerability is fixed in 2.9.1...

6.9CVSS5.8AI score0.00083EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/26 8:12 p.m.17 views

EUVD-2026-31984

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwords are stored using unsalted MD5 hashes, making them trivially crackable via rainbow tables or GPU-accelerated brute force hashcat. This vulnerability is fixed in 2.9.1...

6.9CVSS5.8AI score0.00083EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/17 7:48 p.m.12 views

AVideo has an Unauthenticated Password Hash Oracle via encryptPass.json.php

Summary /objects/encryptPass.json.php exposes the application's password hashing algorithm to any unauthenticated user. An attacker can submit arbitrary passwords and receive their hashed equivalents, enabling offline password cracking against leaked database hashes. Details File:...

5.3CVSS5.9AI score0.00327EPSS
Exploits1References4Affected Software1
Packet Storm News
Packet Storm News
added 2025/10/11 12:0 a.m.5 views

System Password Security: Attack and Defense Mechanisms

System passwords serve as critical credentials for user authentication and access control when logging into operating systems or applications. Upon entering a valid password, users pass verification to access system resources and execute corresponding operations. In recent years, frequent passwor...

7.1AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-11480

Malware in sbrugna...

5.5CVSS5.5AI score0.00216EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-20698

Malware in sbrugna...

5.5CVSS5.6AI score0.00719EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/17 12:0 a.m.6 views

NeuVector 安全漏洞

NeuVector is an end-to-end container security platform from US-based NeuVector. The platform includes features such as image vulnerability management, access control and container process/filesystem protection. NeuVector suffers from a security vulnerability that stems from the use of simple and...

5.3CVSS6.4AI score0.00162EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/28 1:33 p.m.3 views

Use of Password Hash With Insufficient Computational Effort

Overview Affected versions of this package are vulnerable to Use of Password Hash With Insufficient Computational Effort due to the use of a simple, unsalted hash for storing user passwords and API keys. An attacker can obtain sensitive information by performing offline rainbow table attacks...

6.9CVSS6.5AI score0.00162EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/07/31 5:10 p.m.5 views

CVE-2025-5922

Access to TSplus Remote Access Admin Tool is restricted to administrators unless "Disable UAC" option is enabled and requires a PIN code. In versions below v18.40.6.17 the PIN's hash is stored in a system registry accessible to regular users, making it possible to perform a brute-force attack usi...

4.8CVSS6.2AI score0.00084EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/07/19 12:0 a.m.4 views

Hybrid Classical-Quantum Rainbow Table Attack on Human Passwords

Passwords that are long and human-generated pose a challenge for both classical and quantum attacks due to their irregular structure and large search space. In this work, we present an enhanced classical-quantum hybrid attack tailored to this scenario. We build rainbow tables using dictionary-bas...

6.9AI score
Exploits0
NVD
NVD
added 2025/05/28 5:15 p.m.32 views

CVE-2025-48931

The TeleMessage service through 2025-05-05 relies on MD5 for password hashing, which opens up various attack possibilities including rainbow tables with low computational effort...

5.5CVSS0.00081EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/28 12:0 a.m.5 views

CVE-2025-48931

The TeleMessage service through 2025-05-05 relies on MD5 for password hashing, which opens up various attack possibilities including rainbow tables with low computational effort...

3.2CVSS4.3AI score0.00081EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/28 12:0 a.m.10 views

CVE-2025-48931

The TeleMessage service through 2025-05-05 relies on MD5 for password hashing, which opens up various attack possibilities including rainbow tables with low computational effort...

3.2CVSS0.00081EPSS
Exploits0References1
Rows per page
Query Builder