PT-2026-41793

Name of the Vulnerable Software and Affected Versions Sulu versions prior to 2.6.23 Sulu versions prior to 3.0.6 Description Sulu is an open-source PHP content management system based on the Symfony framework. The generation of API keys and password reset tokens utilizes a weak cryptographical ha...

CVE-2026-4409 Subscribe To Comments Reloaded <= 240119 - Improper Authorization to Unauthenticated Arbitrary Subscription Management

The Subscribe To Comments Reloaded plugin for WordPress is vulnerable to unauthorized modification of data due to a leaked secret key and usage of a weak hash generation algorithm in all versions up to, and including, 240119. This makes it possible for unauthenticated attackers to extract the...

CVE-2026-4409 Subscribe To Comments Reloaded <= 240119 - Improper Authorization to Unauthenticated Arbitrary Subscription Management

The Subscribe To Comments Reloaded plugin for WordPress is vulnerable to unauthorized modification of data due to a leaked secret key and usage of a weak hash generation algorithm in all versions up to, and including, 240119. This makes it possible for unauthenticated attackers to extract the...

CVE-2026-33037

WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files docker-compose.yml, env.example ship with the admin password set to "password", which is automatically used to seed the admin account during installation, meaning any instance deployed...

CVE-2026-33037 WWBN AVideo has predictable default admin credentials in official Docker deployment path

WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files docker-compose.yml, env.example ship with the admin password set to "password", which is automatically used to seed the admin account during installation, meaning any instance deployed...

EUVD-2010-2477

Malware in sbrugna...

EUVD-2014-1770

Malware in sbrugna...

EUVD-2008-3276

Malware in sbrugna...

EUVD-2023-41382

Malicious code in bioql PyPI...

EUVD-2023-38510

Malicious code in bioql PyPI...

CVE-2025-59745

Vulnerability in the cryptographic algorithm of AndSoft's e-TMS v25.03, which uses MD5 to encrypt passwords. MD5 is a cryptographically vulnerable hash algorithm and is no longer considered secure for storing or transmitting passwords. It is vulnerable to collision attacks and can be easily crack...

CVE-2025-55053

CVE-2025-55053 is a CWE-328 weak-hash issue. Connected sources indicate Baicells devices (NOVA430e/430i, NOVA436Q, NEUTRINO430, NOVA846) are affected, with the vulnerability stemming from weak hashing that could bypass security features. There is no explicit product/version-specific fix details i...

CVE-2025-41256

CVE-2025-41256 affects Cyberduck (through 9.1.6) and Mountain Duck (through 4.17.5) due to improper TLS certificate pinning for untrusted certificates, with fingerprint storage using SHA-1. This creates a high-severity risk (CVSSv3: 7.4, High) for network-based situations where self-signed or unt...

CVE-2025-41256 Cyberduck and Mountain Duck - Weak Hash Algorithm for Certificate Fingerprint

Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates e.g., self-signed, since the certificate fingerprint is stored as SHA-1, although SHA-1 is considered weak. This issue affects Cyberduck: through 9.1.6; Mountain Duck: through 4.17.5...

CVE-2025-41256 Cyberduck and Mountain Duck - Weak Hash Algorithm for Certificate Fingerprint

Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates e.g., self-signed, since the certificate fingerprint is stored as SHA-1, although SHA-1 is considered weak. This issue affects Cyberduck: through 9.1.6; Mountain Duck: through 4.17.5...

CVE-2024-56414

Web installer integrity check used weak hash algorithm. The following products are affected: Acronis Cyber Protect 16 Windows before build 39169...

CVE-2023-0452

Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for encrypting privileged user credentials. A configuration file that is accessible without authentication uses MD5 hashes for encrypting credentials, including those of administrators and technicians...

CVE-2024-56414

Web installer integrity check used weak hash algorithm. The following products are affected: Acronis Cyber Protect 16 Windows before build 39169...

CVE-2024-56414

The CVE-2024-56414 entry describes a vulnerability in Acronis Cyber Protect 16 for Windows prior to build 39169, where the web installer integrity check uses a weak hash algorithm. Affected product/version: Acronis Cyber Protect 16 (Windows) before build 39169. Impact and exploit details are not ...

CVE-2024-56414

Web installer integrity check used weak hash algorithm. The following products are affected: Acronis Cyber Protect 16 Windows before build 39169...