PT-2026-22392

Name of the Vulnerable Software and Affected Versions HTTP::Session2 versions prior to 1.12 Description The software may generate weak session IDs using the rand function. The session ID generator returns a SHA-1 hash seeded with the rand function, epoch time, and the process ID PID. The rand...

EUVD-2006-1545

Malware in sbrugna...

EUVD-2024-22464

Malicious code in bioql PyPI...

PYSEC-2025-98

A Server-Side Request Forgery SSRF vulnerability was discovered in gaizhenbiao/chuanhuchatgpt version 20240914. The vulnerability allows an attacker to construct a response link by saving the response in a folder named after the SHA-1 hash of the target URL. This enables the attacker to access th...

CVE-2025-2265

The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of hash bytes encoded and stored is truncated if the hash contains a zero byte...

CVE-2025-2265

The CVE-2025-2265 entry concerns Santesoft Sante PACS Server (Sante PACS Server.exe) where a web user’s password is processed as a 0x2000-byte zero-padded value that is SHA-1 hashed, base64-encoded, and stored in the HTTP.db’s USER table. The reported issue is that the number of hash bytes encode...

Linux Distros Unpatched Vulnerability : CVE-2023-46233

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at...

WordPress Plugin SALESmanago Authorization Issues Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.WordPress plugin i...

Researchers Decrypted Qakbot Banking Trojan's Encrypted Registry Keys

Cybersecurity researchers have decoded the mechanism by which the versatile Qakbot banking trojan handles the insertion of encrypted configuration data into the Windows Registry. Qakbot, also known as QBot, QuackBot and Pinkslipbot, has been observed in the wild since 2007. Although mainly...

in hascheksolutions/pictshare

BUG ========== sha1 comparision bypass DETAILS ============= There is vulnerable code which can bypass file sha1 hash checking bypass function sha1Exists$sha1 $handle = fopenROOT.DS.'data'.DS.'sha1.csv', "r"; if $handle while $line = fgets$handle !== false ifsubstr$line,0,40==$sha1 return...

End of support for Office 2010

End of support for Office 2010 Support for Office 2010 ended on October 13, 2020 and there will be no extension and no extended security updates.Buy or try Microsoft 365 Tip: Not sure what version of Office you have? See Find details for other versions of Office to help you determine what version...

Servicing stack update for Windows 10, version 1809: November 10, 2020

Servicing stack update for Windows 10, version 1809: November 10, 2020 This update applies to the following: ​Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows Server 2019 Windows Server 2019 Server Cor...

Servicing stack update for Windows 10, version 2004 and 20H2: November 10, 2020

Servicing stack update for Windows 10, version 2004 and 20H2: November 10, 2020 This update applies to the following: ​Windows 10, version 2004 for 32-bit Systems Windows 10, version 2004 for x64-based Systems Windows 10, version 2004 for ARM64-based Systems Windows Server, version 2004 Server Co...

Description of the security update for Office 2010: October 13, 2020

Description of the security update for Office 2010: October 13, 2020 Summary This security update resolves remote code execution vulnerabilities that exist in Microsoft Office software when the software fails to properly handle objects in memory. To learn more about these vulnerabilities, see...

Servicing stack update for Windows 10, version 1803: October 13, 2020

Servicing stack update for Windows 10, version 1803: October 13, 2020 Applies to Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1803 for x64-based Systems Windows Server, version 1803 Server Core Installation Summary This update makes...

Servicing stack update for Windows 10, version 2004: September 8, 2020

Servicing stack update for Windows 10, version 2004: September 8, 2020 Applies to Windows 10, version 2004 for 32-bit Systems Windows 10, version 2004 for ARM64-based Systems Windows 10, version 2004 for x64-based Systems Windows Server, version 2004 Server Core installation Summary This update...

Description of the security update for Office 2010: August 11, 2020

Description of the security update for Office 2010: August 11, 2020 Summary This security update resolves a remote code execution vulnerability that exists in Microsoft Access software if the software does not correctly handle objects in memory. To learn more about the vulnerability, see Microsof...

Servicing stack update for Windows 10, version 1809: July 14, 2020

Servicing stack update for Windows 10, version 1809: July 14, 2020 Applies to Windows 10, version 1809 for 32-bit Systems Windows 10, version 1809 for ARM64-based Systems Windows 10, version 1809 for x64-based Systems Windows Server 2019 Windows Server 2019 Server Core installation Summary This...

Description of the security update for Word 2013: July 14, 2020

Description of the security update for Word 2013: July 14, 2020 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the following Microsoft...

Description of the security update for Office 2016: June 9, 2020

Description of the security update for Office 2016: June 9, 2020 Summary This update resolves a security feature bypass vulnerability that exists if Microsoft Outlook or another relevant product does not enforce security settings that are configured on a system. To learn more about the...