Lucene search
K

23 matches found

CVE
CVE
added 5 days ago7 views

CVE-2026-53692

CVE-2026-53692 affects Redeight CMS v1.0. The root cause is storing passwords with MD5 without a salt, a cryptographically broken hash, allowing attackers who obtain password hashes to reverse them via rainbow tables and expose plaintext credentials. The Connected CVE records confirm this in Rede...

5.9CVSS5.8AI score0.00082EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.6 views

PT-2026-7888

Name of the Vulnerable Software and Affected Versions newbee-mall affected versions not specified Description The software stores and verifies user passwords using an unsalted MD5 hashing algorithm. This implementation lacks per-user salts and computational cost controls. Attackers obtaining...

9.3CVSS5.4AI score0.00191EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/10/16 5:55 p.m.9 views

CVE-2025-34519 Ilevia EVE X1 Server 4.7.18.0.eden Insecure Hashing Algorithm

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords using the MD5 hash function without applying a per‑password salt. Because MD5 is a fast, unsalted hash, an attacker who obtains the password database can...

8.2CVSS0.0028EPSS
Exploits2References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2014-8533

Malware in sbrugna...

7.5CVSS7.6AI score0.01462EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2019-18466

Malware in sbrugna...

7.5CVSS7.5AI score0.00658EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-7551

Malware in sbrugna...

9.8CVSS9.5AI score0.00792EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2013-7242

Malware in sbrugna...

7.5CVSS7.3AI score0.01211EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-26963

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00513EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:29 a.m.6 views

CVE-2024-36440

An issue was discovered on Swissphone DiCal-RED 4009 devices. An attacker with access to the file /etc/deviceconfig may recover the administrative device password via password-cracking methods, because unsalted MD5 is used...

6.8CVSS6.7AI score0.00292EPSS
Exploits1References1
NVD
NVD
added 2024/08/22 3:15 p.m.9 views

CVE-2024-36440

An issue was discovered on Swissphone DiCal-RED 4009 devices. An attacker with access to the file /etc/deviceconfig may recover the administrative device password via password-cracking methods, because unsalted MD5 is used...

6.8CVSS0.00292EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/08/22 12:0 a.m.9 views

CVE-2024-36440

An issue was discovered on Swissphone DiCal-RED 4009 devices. An attacker with access to the file /etc/deviceconfig may recover the administrative device password via password-cracking methods, because unsalted MD5 is used...

7AI score0.00292EPSS
Exploits1References2
CVE
CVE
added 2024/08/22 12:0 a.m.40 views

CVE-2024-36440

Swissphone DiCal-RED 4009 devices are affected by CVE-2024-36440 due to use of unsalted MD5 for the administrative password. An attacker with access to /etc/deviceconfig can recover the admin password through password-cracking, exposing high confidentiality and integrity impact as noted in the CV...

6.8CVSS7.1AI score0.00292EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2023/08/22 12:0 a.m.55 views

Debian DLA-3538-1 : zabbix - LTS security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3538 advisory. - Zabbix before 5.0 represents passwords in the users table with unsalted MD5. CVE-2013-7484 - An issue was discovered in...

9.8CVSS6.6AI score0.5415EPSS
Exploits6References21
ATTACKERKB
ATTACKERKB
added 2023/06/09 6:15 a.m.4 views

CVE-2023-1430

The FluentCRM - Marketing Automation For WordPress plugin for WordPress is vulnerable to unauthorized modification of data in versions up to, and including, 2.7.40 due to the use of an MD5 hash without a salt to control subscriptions. This makes it possible for unauthenticated attackers to...

5.3CVSS5.9AI score0.00802EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2018/09/10 5:0 p.m.16 views

CVE-2018-16705

FURUNO FELCOM 250 and 500 devices allow unauthenticated access to the xml/permission.xml file containing all of the system's usernames and passwords. This includes the Admin and Service user accounts and their unsalted MD5 hashes, as well as the SMS server password in cleartext...

9.7AI score0.01573EPSS
Exploits1References2
NVD
NVD
added 2018/09/05 9:29 p.m.15 views

CVE-2018-15680

An issue was discovered in BTITeam XBTIT 2.5.4. The hashed passwords stored in the xbtitusers table are stored as unsalted MD5 hashes, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack...

9.8CVSS9.2AI score0.00792EPSS
Exploits1References1
Prion
Prion
added 2018/09/05 9:29 p.m.14 views

Design/Logic Flaw

An issue was discovered in BTITeam XBTIT 2.5.4. The hashed passwords stored in the xbtitusers table are stored as unsalted MD5 hashes, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack...

5CVSS9.1AI score0.00792EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/09/05 9:0 p.m.43 views

CVE-2018-15680

CVE-2018-15680 affects BTITeam XBTIT 2.5.4 where passwords in the xbtit_users table are stored as unsalted MD5 hashes. The root cause is weak password hashing, enabling context-dependent attackers to brute-force and recover cleartext passwords. Public details in the provided documents confirm the...

9.8CVSS9AI score0.00792EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2017/03/17 2:59 p.m.12 views

Default credentials

Wonder CMS 2014 allows remote attackers to obtain sensitive information by viewing /files/password, which reveals the unsalted MD5 hashed password...

5CVSS6.7AI score0.01462EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2017/03/17 2:0 p.m.12 views

CVE-2014-8701

Wonder CMS 2014 allows remote attackers to obtain sensitive information by viewing /files/password, which reveals the unsalted MD5 hashed password...

7.4AI score0.01462EPSS
Exploits1References2
Rows per page
Query Builder