Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

ATTACKERKB
ATTACKERKBadded 2026/05/27 3:24 p.m.6 views

CVE-2026-45027

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash function with the SHA-256 algorithm and no salt before comparing it to the stored value. The password change flow in...

5.9CVSS5.8AI score0.00136EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2026/05/27 3:24 p.m.11 views

CVE-2026-45027

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, login.php hashes the submitted password with PHP hash(…, 'SHA-256') and no salt, and the password-change flow uses the same pattern. SHA-256 is a fast general-purpose hash, not ideal for password storage, so identical...

5.9CVSS5.8AI score0.00136EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/05/27 12:0 a.m.7 views

PT-2026-44042

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash function with the SHA-256 algorithm and no salt before comparing it to the stored value. The password change flow in...

5.9CVSS5.8AI score0.00136EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.6 views

EUVD-2025-23885

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.0031EPSS
Exploits0References2
OSV
OSVadded 2025/08/06 9:15 p.m.1 views

CVE-2025-46660

An issue was discovered in 4C Strategies Exonaut 21.6. Passwords, stored in the database, are hashed without a salt...

5.3CVSS5.8AI score0.0031EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/05/23 1:4 a.m.6 views

CVE-2022-37164

Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes...

9.8CVSS7.3AI score0.00539EPSS
Exploits0References1
OSV
OSVadded 2025/02/28 5:26 p.m.3 views

CVE-2025-27408 Manifest Uses a One-Way Hash without a Salt

Manifest offers users a one-file micro back end. Prior to version 4.9.2, Manifest employs a weak password hashing implementation that uses SHA3 without a salt. This exposes user passwords to a higher risk of being cracked if an attacker gains access to the database. Without the use of a salt,...

4.8CVSS6.8AI score0.00146EPSS
Exploits0References4
Prion
Prionadded 2022/09/08 4:15 p.m.19 views

Design/Logic Flaw

Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes...

7.5CVSS9.5AI score0.00539EPSS
Exploits0References4Affected Software1
Hacker One
Hacker Oneadded 2021/04/12 6:38 p.m.77 views

GitHub Security Lab: [Java] CWE-759: Query to detect password hash without a salt

This bug was reported directly to GitHub Security Lab...

0.5AI score
Exploits0
Rows per page
Query Builder