Lucene search
+L

67 matches found

osv
osv
added 2025/08/14 6:52 p.m.2 views

MAL-2025-27865 Malicious code in ns-sha3 (npm)

The package ns-sha3 was found to contain malicious code...

7.2AI score
Exploits0
osv
osv
added 2025/08/14 6:52 p.m.2 views

MAL-2025-22742 Malicious code in hs-sha3 (npm)

The package hs-sha3 was found to contain malicious code...

7.2AI score
Exploits0
veracode
veracode
added 2025/03/07 5:38 a.m.6 views

Weak Password Hashing

Manifest is vulnerable to Weak Password Hashing. The vulnerability is due to improper password hashing due to the use of SHA3 without a salt, making user passwords more susceptible to cracking if an attacker gains access to the database...

4.8CVSS7.2AI score0.00146EPSS
Exploits0References3Affected Software1
osv
osv
added 2025/03/03 7:55 p.m.6 views

GHSA-H8H6-7752-G28C Manifest Uses a One-Way Hash without a Salt

Summary Manifest employs a weak password hashing implementation that uses SHA3 without a salt. This exposes user passwords to a higher risk of being cracked if an attacker gains access to the database. Without the use of a salt, identical passwords across multiple users will result in the same...

4.8CVSS5.3AI score0.00146EPSS
Exploits0References4
github
github
added 2025/03/03 7:55 p.m.14 views

Manifest Uses a One-Way Hash without a Salt

Summary Manifest employs a weak password hashing implementation that uses SHA3 without a salt. This exposes user passwords to a higher risk of being cracked if an attacker gains access to the database. Without the use of a salt, identical passwords across multiple users will result in the same...

4.8CVSS7.6AI score0.00146EPSS
Exploits0References4Affected Software1
nvd
nvd
added 2025/02/28 6:15 p.m.8 views

CVE-2025-27408

Manifest offers users a one-file micro back end. Prior to version 4.9.2, Manifest employs a weak password hashing implementation that uses SHA3 without a salt. This exposes user passwords to a higher risk of being cracked if an attacker gains access to the database. Without the use of a salt,...

4.8CVSS0.00146EPSS
Exploits0References2
osv
osv
added 2025/02/28 5:26 p.m.4 views

CVE-2025-27408 Manifest Uses a One-Way Hash without a Salt

Manifest offers users a one-file micro back end. Prior to version 4.9.2, Manifest employs a weak password hashing implementation that uses SHA3 without a salt. This exposes user passwords to a higher risk of being cracked if an attacker gains access to the database. Without the use of a salt,...

4.8CVSS6.8AI score0.00146EPSS
Exploits0References4
osv
osv
added 2024/07/04 7:8 a.m.13 views

SUSE-SU-2024:2298-1 Security update for openCryptoki

This update for openCryptoki fixes the following issues: openCryptoki was updated to version to 3.17.0 bsc1220266, bsc1219217 + openCryptoki 3.17 - tools: added function to list keys to p11sak - common: added support for OpenSSL 3.0 - common: added support for event notifications - ICA: added SW...

5.9CVSS5.6AI score0.00878EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2024/02/05 9:4 p.m.16 views

CVE-2024-24559 Vyper SHA3 code generation bug

Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the IR for sha364. Concretely, the height variable is miscalculated. The vulnerability can't be triggered without writing the IR by hand that is, it cannot be triggered from regular...

3.7CVSS6.9AI score0.00255EPSS
Exploits0References2
osv
osv
added 2023/11/29 3:51 p.m.5 views

USN-6525-1 pysha3 vulnerability

Nicky Mouha discovered that pysha incorrectly handled certain SHA-3 operations. An attacker could possibly use this issue to cause pysha3 to crash, resulting in a denial of service, or possibly execute arbitrary code...

9.8CVSS6.9AI score0.05193EPSS
Exploits1References2
osv
osv
added 2023/08/11 10:50 a.m.3 views

SUSE-SU-2023:3290-1 Security update for qatengine

This update for qatengine fixes the following issues: - CVE-2022-43507: Fixed a buffer overflow issue with SHA3. bsc1211296...

8.8CVSS9AI score0.00611EPSS
Exploits0References3
osv
osv
added 2023/02/01 11:4 a.m.4 views

OESA-2023-1045 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

9.8CVSS9.4AI score0.05193EPSS
Exploits1References2
snyk
snyk
added 2022/11/04 9:27 a.m.2 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound which allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. Remediation Upgrade sha3 to version 1.0.5 or higher. Reference...

9.8CVSS7.9AI score0.05193EPSS
Exploits1References2
osv
osv
added 2022/10/21 6:15 a.m.6 views

AZL-11501 CVE-2022-37454 affecting package php for versions less than 8.1.12-1

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface...

9.8CVSS7.4AI score0.05193EPSS
Exploits1References1
kitploit
kitploit
added 2020/10/26 11:30 a.m.177 views

Decoder++ - An Extensible Application For Penetration Testers And Software Developers To Decode/Encode Data Into Various Formats

An extensible application for penetration testers and software developers to decode/encode data into various formats. Setup Decoder++ can be either installed by using pip or by pulling the source from this repository: Install using pip pip3 install decoder-plus-plus Overview This section provides...

7.2AI score
Exploits0References2
github
github
added 2020/09/03 11:18 p.m.26 views

Malicious Package in ns-sha3

Version 0.8.0 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised...

4.4AI score
Exploits0References2Affected Software1
github
github
added 2020/09/03 11:17 p.m.33 views

Malicious Package in ks-sha3

Version 0.8.0 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised...

4.4AI score
Exploits0References2Affected Software1
github
github
added 2020/09/03 11:15 p.m.26 views

Malicious Package in jw-sha3

Version 0.8.0 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised...

4.4AI score
Exploits0References2Affected Software1
osv
osv
added 2020/09/03 11:15 p.m.12 views

GHSA-8G3R-968R-C644 Malicious Package in jw-sha3

Version 0.8.0 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised...

9.8CVSS7.1AI score
Exploits0References1
osv
osv
added 2020/09/03 10:57 p.m.9 views

GHSA-67MP-PCV9-VVQ6 Malicious Package in jr-sha3

Version 0.8.0 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised...

9.8CVSS7.1AI score
Exploits0References1
Rows per page
Query Builder