Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:9 p.m.2 views

CVE-2026-33041

WWBN AVideo is an open source video platform. In versions 25.0 and below, /objects/encryptPass.json.php exposes the application's password hashing algorithm to any unauthenticated user. An attacker can submit arbitrary passwords and receive their hashed equivalents, enabling offline password...

5.3CVSS6AI score0.00327EPSS
Exploits1References1
OSV
OSV
added 2026/03/20 5:50 a.m.4 views

CVE-2026-33041 AVideo has an Unauthenticated Password Hash Oracle via encryptPass.json.php

WWBN AVideo is an open source video platform. In versions 25.0 and below, /objects/encryptPass.json.php exposes the application's password hashing algorithm to any unauthenticated user. An attacker can submit arbitrary passwords and receive their hashed equivalents, enabling offline password...

5.3CVSS6AI score0.00327EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/20 5:50 a.m.10 views

CVE-2026-33041

WWBN AVideo is an open source video platform. In versions 25.0 and below, /objects/encryptPass.json.php exposes the application's password hashing algorithm to any unauthenticated user. An attacker can submit arbitrary passwords and receive their hashed equivalents, enabling offline password...

5.3CVSS6AI score0.00327EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/20 5:50 a.m.23 views

CVE-2026-33041 AVideo has an Unauthenticated Password Hash Oracle via encryptPass.json.php

WWBN AVideo is an open source video platform. In versions 25.0 and below, /objects/encryptPass.json.php exposes the application's password hashing algorithm to any unauthenticated user. An attacker can submit arbitrary passwords and receive their hashed equivalents, enabling offline password...

5.3CVSS0.00327EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.11 views

PT-2026-25998

Summary /objects/encryptPass.json.php exposes the application's password hashing algorithm to any unauthenticated user. An attacker can submit arbitrary passwords and receive their hashed equivalents, enabling offline password cracking against leaked database hashes. Details File:...

5.3CVSS6AI score0.00327EPSS
Exploits1References5
Rows per page
Query Builder