PT-2025-26818 · Unknown +1 · Mountain Duck +1

Name of the Vulnerable Software and Affected Versions: Cyberduck versions through 9.1.6 Mountain Duck versions through 4.17.5 Description: The issue is related to improper handling of TLS certificate pinning for untrusted certificates, such as self-signed certificates, in Cyberduck and Mountain...

Security Bulletin: BM Engineering Lifecycle Optimization - Publishing uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Summary Weak cryptographic hashes cannot guarantee data integrity and should not be used in security-critical contexts. MD5 and SHA-1 are popular cryptographic hash algorithms often used to verify the integrity of messages and other data. Recent advances in cryptanalysis have discovered weaknesse...

CVE-2020-36563 Weak hash (SHA-1) in github.com/RobotsAndPencils/go-saml

XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input...