CVE-2026-45027

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash function with the SHA-256 algorithm and no salt before comparing it to the stored value. The password change flow in...

CVE-2026-45413

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwords are stored using unsalted MD5 hashes, making them trivially crackable via rainbow tables or GPU-accelerated brute force hashcat. This vulnerability is fixed in 2.9.1...

CVE-2026-45413

MaxKB (open‑source enterprise AI assistant) prior to version 2.9.1 stores user passwords with unsalted MD5 hashes, enabling trivial cracking via rainbow tables or GPU-based brute force. The issue is fixed in 2.9.1. Rate of exploitation and in‑the‑wild impact are not detailed in the provided docum...

CVE-2026-45413 MaxKB: Unsalted MD5 Password Hashing

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwords are stored using unsalted MD5 hashes, making them trivially crackable via rainbow tables or GPU-accelerated brute force hashcat. This vulnerability is fixed in 2.9.1...

EUVD-2026-31984

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwords are stored using unsalted MD5 hashes, making them trivially crackable via rainbow tables or GPU-accelerated brute force hashcat. This vulnerability is fixed in 2.9.1...

CVE-2026-26219

newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure, backup leakage, or other compromise vectors to...

CVE-2026-26219

newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure, backup leakage, or other compromise vectors to...

CVE-2026-26219

CVE-2026-26219 affects newbee-mall stores that hash passwords using unsalted MD5 without per-user salts or computational cost controls. Root cause: MD5 hashing without salt enables offline credential cracking if password hashes are exposed. Impact: high confidentiality and integrity risk; plainte...

CVE-2025-34519

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords using the MD5 hash function without applying a per‑password salt. Because MD5 is a fast, unsalted hash, an attacker who obtains the password database can...

CVE-2025-34519

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords using the MD5 hash function without applying a per‑password salt. Because MD5 is a fast, unsalted hash, an attacker who obtains the password database can...

CVE-2025-34519

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords using the MD5 hash function without applying a per‑password salt. Because MD5 is a fast, unsalted hash, an attacker who obtains the password database can...

CVE-2025-34519

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden store user passwords with MD5 without per-password salt, enabling offline dictionary/rainbow-table/brute-force attacks on a breached database. Connected sources confirm this insecure hashing practice and indicate the vendor has declined to se...

EUVD-2025-34806

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords using the MD5 hash function without applying a per‑password salt. Because MD5 is a fast, unsalted hash, an attacker who obtains the password database can...

CVE-2025-34208 Vasion Print (formerly PrinterLogic) Insecure Password Hashing

Vasion Print formerly PrinterLogic Virtual Appliance Host and Application VA/SaaS deployments store user passwords using unsalted SHA-512 hashes with a fall-back to unsalted SHA-1. The hashing is performed via PHP's hash function in multiple files serverwriterequestsusers.php, updatedatabase.php,...

Weak Password Storage

github.com/neuvector/neuvector is vulnerable to Weak Password Storage. The vulnerability is due to storing user passwords and API keys with a simple, unsalted hash, making them susceptible to offline rainbow-table attacks...

CVE-2025-53884 NeuVector has an insecure password storage vulnerable to rainbow attack

NeuVector stores user passwords and API keys using a simple, unsalted hash. This method is vulnerable to rainbow table attack offline attack where hashes of known passwords are precomputed...

CVE-2025-53884

CVE-2025-53884 concerns NeuVector, where passwords and API keys are stored using a simple, unsalted hash. The provided documents state this scheme is vulnerable to rainbow table attacks (offline hash precomputation), enabling potential credential exposure if hashes are compromised. The NVD entry ...

CVE-2025-53884 NeuVector has an insecure password storage vulnerable to rainbow attack

NeuVector stores user passwords and API keys using a simple, unsalted hash. This method is vulnerable to rainbow table attack offline attack where hashes of known passwords are precomputed...

Use of Password Hash With Insufficient Computational Effort

Overview Affected versions of this package are vulnerable to Use of Password Hash With Insufficient Computational Effort due to the use of a simple, unsalted hash for storing user passwords and API keys. An attacker can obtain sensitive information by performing offline rainbow table attacks...

Use of Password Hash With Insufficient Computational Effort

Overview Affected versions of this package are vulnerable to Use of Password Hash With Insufficient Computational Effort due to the use of a simple, unsalted hash for storing user passwords and API keys. An attacker can obtain sensitive information by performing offline rainbow table attacks...