CVE-2026-32953

Tillitis TKey Client package is a Go package for a TKey client. Versions 1.2.0 and below contain a critical bug in the tkeyclient Go module which causes 1 out of every 256 User Supplied Secrets USS to be silently ignored, producing the same Compound Device Identifier CDI—and thus the same key...

CVE-2025-40236

In the Linux kernel, the following vulnerability has been resolved: virtio-net: zero unused hash fields When GSO tunnel is negotiated virtionethdrtnlfromskb tries to initialize the tunnel metadata but forget to zero unused rxhash fields. This may leak information to another side. Fixing this by...

CVE-2025-47776

Mantis Bug Tracker MantisBT is an open source issue tracker. Due to incorrect use of loose == instead of strict === comparison in the authentication code in versions 2.27.1 and below.PHP type juggling will cause certain MD5 hashes matching scientific notation to be interpreted as numbers. Instanc...

CVE-2025-47776

Mantis Bug Tracker MantisBT is an open source issue tracker. Due to incorrect use of loose == instead of strict === comparison in the authentication code in versions 2.27.1 and below.PHP type juggling will cause certain MD5 hashes matching scientific notation to be interpreted as numbers. Instanc...

CVE-2025-47776

MantisBT (versions ≤ 2.27.1) is vulnerable to authentication bypass due to using loose (==) rather than strict (===) comparison in the MD5 login path. PHP type juggling can cause certain MD5 hashes matching scientific notation to be interpreted as numbers, allowing an attacker who knows the victi...

CVE-2025-47776 MantisBT: Authentication bypass for some passwords due to PHP type juggling

Mantis Bug Tracker MantisBT is an open source issue tracker. Due to incorrect use of loose == instead of strict === comparison in the authentication code in versions 2.27.1 and below.PHP type juggling will cause certain MD5 hashes matching scientific notation to be interpreted as numbers. Instanc...

PT-2025-45043

Name of the Vulnerable Software and Affected Versions Mantis Bug Tracker versions 2.27.1 and below Description Mantis Bug Tracker contains a flaw in its authentication code due to the use of loose comparison == instead of strict comparison ===. PHP type juggling can cause certain MD5 hashes...

GHSA-4V8W-GG5J-PH37 MantisBT vulnerable to authentication bypass for some passwords due to PHP type juggling

Due to an incorrect use of loose == instead of strict === comparison in the authentication code1, PHP type juggling will cause interpretation of certain MD5 hashes as numbers, specifically those matching scientific notation. 1:...

MantisBT vulnerable to authentication bypass for some passwords due to PHP type juggling

Due to an incorrect use of loose == instead of strict === comparison in the authentication code1, PHP type juggling will cause interpretation of certain MD5 hashes as numbers, specifically those matching scientific notation. 1:...

CVE-2022-36072 SilverwareGames.io used == for hashing instead of ===

SilverwareGames.io is a social network for users to play video games online. In version 1.1.8 and prior, due to an unobvious feature of PHP, hashes generated by built-in functions and starting with the 0e symbols were being handled as zero multiplied with the e number. Therefore, the hash value w...