Threats Tagged 'cwe-836'

View all threats tagged with 'cwe-836'. Filter and sort to focus on specific types of threats.

Pro Console Lifetime

Stop chasing alerts. Route them.

Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.

Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)

View Plans & Pricing

API access activates after upgrading in Console -> Billing.

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

Filter Threats

Narrow down the results by type, severity, or affected countries

Type

Severity

Country

Tag

Time Range

Sort By

Active filters (1):Tag: cwe-836

Threats Tagged 'cwe-836'

Click on any threat for detailed analysis and mitigation recommendations


CVE-2026-40103: CWE-836: Use of Password Hash Instead of Password for Authentication in go-vikunja vikunjaCVE-2026-40103 0 Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, Vikunja's scoped API token enforcement for custom project background routes is method-confused. A token with only projects.background can successfully delete a project background, while a token with only projects.background_delete is rejected. This is a scoped-token authorization bypass. This vulnerability is fixed in 2.3.0. MediumVulnerability#cve #cve-2026-40103 #cwe-836 Join the discussion	CVE Database V5	04/10/2026, 16:12:27 UTC Added: 04/11/2026, 05:17:41 UTC
CVE-2025-52543: CWE-836 Use of Password Hash Instead of Password for Authentication in Copeland LP E3 Supervisory ControlCVE-2025-52543 0 E3 Site Supervisor Control (firmware version < 2.31F01) application services (MGW and RCI) uses client side hashing for authentication. An attacker can authenticate by obtaining only the password hash. MediumVulnerabilityGermanyFranceItaly+6#cve #cve-2025-52543 #cwe-836 Join the discussion	CVE Database V5	09/02/2025, 11:24:32 UTC Added: 09/02/2025, 11:32:56 UTC
CVE-2025-48925: CWE-836 Use of Password Hash Instead of Password for Authentication in TeleMessage serviceCVE-2025-48925 0 The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash as the authentication credential. MediumVulnerabilityGermanyFranceNetherlands+4#cve #cve-2025-48925 #cwe-836 Join the discussion	CVE Database V5	05/28/2025, 00:00:00 UTC Added: 05/28/2025, 16:58:50 UTC