23 matches found
CVE-2026-53692
CVE-2026-53692 affects Redeight CMS v1.0. The root cause is storing passwords with MD5 without a salt, a cryptographically broken hash, allowing attackers who obtain password hashes to reverse them via rainbow tables and expose plaintext credentials. The Connected CVE records confirm this in Rede...
PT-2026-7888
Name of the Vulnerable Software and Affected Versions newbee-mall affected versions not specified Description The software stores and verifies user passwords using an unsalted MD5 hashing algorithm. This implementation lacks per-user salts and computational cost controls. Attackers obtaining...
CVE-2025-34519 Ilevia EVE X1 Server 4.7.18.0.eden Insecure Hashing Algorithm
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords using the MD5 hash function without applying a per‑password salt. Because MD5 is a fast, unsalted hash, an attacker who obtains the password database can...
EUVD-2014-8533
Malware in sbrugna...
EUVD-2019-18466
Malware in sbrugna...
EUVD-2018-7551
Malware in sbrugna...
EUVD-2013-7242
Malware in sbrugna...
EUVD-2022-26963
Malicious code in bioql PyPI...
CVE-2024-36440
An issue was discovered on Swissphone DiCal-RED 4009 devices. An attacker with access to the file /etc/deviceconfig may recover the administrative device password via password-cracking methods, because unsalted MD5 is used...
CVE-2024-36440
An issue was discovered on Swissphone DiCal-RED 4009 devices. An attacker with access to the file /etc/deviceconfig may recover the administrative device password via password-cracking methods, because unsalted MD5 is used...
CVE-2024-36440
An issue was discovered on Swissphone DiCal-RED 4009 devices. An attacker with access to the file /etc/deviceconfig may recover the administrative device password via password-cracking methods, because unsalted MD5 is used...
CVE-2024-36440
Swissphone DiCal-RED 4009 devices are affected by CVE-2024-36440 due to use of unsalted MD5 for the administrative password. An attacker with access to /etc/deviceconfig can recover the admin password through password-cracking, exposing high confidentiality and integrity impact as noted in the CV...
Debian DLA-3538-1 : zabbix - LTS security update
The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3538 advisory. - Zabbix before 5.0 represents passwords in the users table with unsalted MD5. CVE-2013-7484 - An issue was discovered in...
CVE-2023-1430
The FluentCRM - Marketing Automation For WordPress plugin for WordPress is vulnerable to unauthorized modification of data in versions up to, and including, 2.7.40 due to the use of an MD5 hash without a salt to control subscriptions. This makes it possible for unauthenticated attackers to...
CVE-2018-16705
FURUNO FELCOM 250 and 500 devices allow unauthenticated access to the xml/permission.xml file containing all of the system's usernames and passwords. This includes the Admin and Service user accounts and their unsalted MD5 hashes, as well as the SMS server password in cleartext...
CVE-2018-15680
An issue was discovered in BTITeam XBTIT 2.5.4. The hashed passwords stored in the xbtitusers table are stored as unsalted MD5 hashes, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack...
Design/Logic Flaw
An issue was discovered in BTITeam XBTIT 2.5.4. The hashed passwords stored in the xbtitusers table are stored as unsalted MD5 hashes, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack...
CVE-2018-15680
CVE-2018-15680 affects BTITeam XBTIT 2.5.4 where passwords in the xbtit_users table are stored as unsalted MD5 hashes. The root cause is weak password hashing, enabling context-dependent attackers to brute-force and recover cleartext passwords. Public details in the provided documents confirm the...
Default credentials
Wonder CMS 2014 allows remote attackers to obtain sensitive information by viewing /files/password, which reveals the unsalted MD5 hashed password...
CVE-2014-8701
Wonder CMS 2014 allows remote attackers to obtain sensitive information by viewing /files/password, which reveals the unsalted MD5 hashed password...