14 matches found
EUVD-2005-4891
Malware in sbrugna...
EUVD-2022-4164
Malicious code in bioql PyPI...
CVE-2025-51726
CyberGhostVPNSetup.exe Windows installer is signed using the weak cryptographic hash algorithm SHA-1, which is vulnerable to collision attacks. This allows a malicious actor to craft a fake installer with a forged SHA-1 certificate that may still be accepted by Windows signature verification...
CVE-2025-51726
CyberGhostVPNSetup.exe Windows installer is signed using the weak cryptographic hash algorithm SHA-1, which is vulnerable to collision attacks. This allows a malicious actor to craft a fake installer with a forged SHA-1 certificate that may still be accepted by Windows signature verification...
CVE-2025-51726
CyberGhostVPNSetup.exe Windows installer is signed using the weak cryptographic hash algorithm SHA-1, which is vulnerable to collision attacks. This allows a malicious actor to craft a fake installer with a forged SHA-1 certificate that may still be accepted by Windows signature verification...
PT-2025-31866 · Cyberghost · Cyberghostvpnsetup.Exe
Name of the Vulnerable Software and Affected Versions: CyberGhostVPNSetup.exe versions affected versions not specified Description: CyberGhostVPNSetup.exe Windows installer is signed using the weak cryptographic hash algorithm SHA-1, which is vulnerable to collision attacks. This allows a malicio...
CVE-2025-51726
CVE-2025-51726 concerns the CyberGhostVPNSetup.exe Windows installer. The supplied documents confirm two concrete issues: (1) signing with the weak hash algorithm SHA-1 , enabling potential forged certificates that may bypass signature checks on systems without strict SmartScreen/trust policy enf...
CVE-2022-29835
WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content...
CVE-2018-10084
CMS Made Simple CMSMS through 2.2.6 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the effuid value within $COOKIE$this-loginkey to equal 1, because an SHA-1 cryptographic protection mechanism can be bypassed...
Jujutsu does not have SHA-1 collision detection
Summary Jujutsu 0.28.0 and earlier rely on versions of gitoxide that use SHA-1 hash implementations without any collision detection, leaving them vulnerable to hash collision attacks. Details This is a result of the underlying CVE-2025-31130 / GHSA-2frx-2596-x5r6 vulnerability in the gitoxide...
gitoxide does not detect SHA-1 collision attacks
Summary gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. Details gitoxide uses the sha1smol or sha1 crate, both of which implement standard SHA-1 without any mitigations for collision attacks. This means that two distinct G...
CVE-2025-31130
gitoxide (Rust) before version 0.42.0 used SHA-1 implementations (sha1_smol/sha1) without collision detection, risking broken Git object integrity if two distinct objects shared a SHA-1 hash. The CVE-2025-31130 vulnerability is fixed in 0.42.0. Affected users should upgrade to 0.42.0 or later to ...
SSL Certificate Signed Using Weak Hashing Algorithm
The remote service uses an SSL certificate chain that has been signed using a cryptographically weak hashing algorithm e.g. MD2, MD4, MD5, or SHA1. These signature algorithms are known to be vulnerable to collision attacks. An attacker can exploit this to generate another certificate with the sam...
SHA-1 Broken
HA-1 Broken SHA-1 has been broken. Not a reduced-round version. Not a simplified version. The real thing. The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu mostly from Shandong University in China have been quietly circulating a paper describing their results: collisions in the the...