VYPR

CWE-328

Use of Weak Hash

BaseDraft

Description

The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).

Hierarchy (View 1000)

Children

Related attack patterns (CAPEC)

CAPEC-461 · CAPEC-68

CVEs mapped to this weakness (67)

page 2 of 4
  • CVE-2025-31130MedApr 4, 2025
    risk 0.37cvss 6.8epss 0.00

    gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide uses the sha1_smol or sha1 crate, both of which implement standard SHA-1…

  • CVE-2024-56414MedJan 2, 2025
    risk 0.36cvss 5.5epss 0.00

    Web installer integrity check used weak hash algorithm. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.

  • CVE-2015-8234MedMar 29, 2017
    risk 0.36cvss 5.5epss 0.01

    The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision.

  • CVE-2026-21717MedMar 30, 2026
    risk 0.31cvss 5.9epss 0.00

    A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade…

  • CVE-2025-0508MedMar 20, 2025
    risk 0.31cvss 5.9epss 0.00

    A vulnerability in the SageMaker Workflow component of aws/sagemaker-python-sdk allows for the possibility of MD5 hash collisions in all versions. This can lead to workflows being inadvertently replaced due to the reuse of results from different configurations that produce the…

  • CVE-2026-34527MedMay 5, 2026
    risk 0.27cvss 5.3epss 0.00

    Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, SbieIniServer::HashPassword converts a SHA-1 digest to hexadecimal incorrectly. The high nibble of each byte is shifted right by 8 instead of 4, which always produces…

  • CVE-2024-34914MedMay 14, 2024
    risk 0.27cvss 5.3epss 0.00

    php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a weak hashing algorithm for its remember_key value. This allows attackers to bruteforce to bruteforce the remember_key value to gain access to accounts that have checked "remember me" when logging in.

  • CVE-2026-56272medMar 5, 2026
    risk 0.26cvss epss 0.00

    ### Description The default bcrypt salt rounds is set to 5, which is below the recommended minimum for security. ### Affected Code ``` export function getHash(value: string) { const salt = bcrypt.genSaltSync(parseInt(process.env.PASSWORD_SALT_HASH_ROUNDS || '5')) return…

  • CVE-2026-8803LowMay 18, 2026
    risk 0.24cvss 3.7epss 0.00

    A flaw has been found in opensourcepos Open Source Point of Sale up to 3.4.2. Impacted is the function Login of the file app/Models/Employee.php of the component Employee Login. This manipulation causes use of weak hash. Remote exploitation of the attack is possible. The attack…

  • CVE-2026-7103LowApr 27, 2026
    risk 0.24cvss 3.7epss 0.00

    A vulnerability was determined in code-projects Chat System 1.0. Affected is an unknown function of the file update_user.php of the component MD5 Hash Handler. This manipulation of the argument Password causes use of weak hash. The attack is possible to be carried out remotely.…

  • CVE-2025-14636LowDec 13, 2025
    risk 0.24cvss 3.7epss 0.00

    A security flaw has been discovered in Tenda AX9 22.03.01.46. This affects the function image_check of the component httpd. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is…

  • CVE-2026-10814MedJun 4, 2026
    risk 0.22cvss 4.5epss 0.00

    A vulnerability has been found in milvus-io milvus up to 2.6.13. This vulnerability affects unknown code of the file internal/metastore/kv/rootcoord/kv_catalog.go of the component Grantee ID Hash Handler. The manipulation leads to use of weak hash. The attack needs to be…

  • CVE-2026-11479MedJun 8, 2026
    risk 0.20cvss 4.2epss 0.00

    A vulnerability has been found in yoanbernabeu grepai 0.35.0. This issue affects some unknown processing of the file indexer/chunker.go of the component Qdrant Backend. Such manipulation leads to use of weak hash. The attack may be performed from remote. Attacks of this nature…

  • CVE-2025-8260LowJul 28, 2025
    risk 0.20cvss 3.1epss 0.00

    A security flaw has been discovered in Vaelsys VaelsysV4 up to 5.1.0/5.4.0. This affects an unknown part of the file /grid/vgrid_server.php of the component Web interface. Performing a manipulation of the argument xajaxargs results in use of weak hash. The attack is possible to…

  • CVE-2026-44582LowMay 13, 2026
    risk 0.17cvss 3.7epss 0.00

    Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can be vulnerable to cache poisoning in deployments that rely on shared caches with insufficient response partitioning. In affected…

  • CVE-2026-7845LowMay 5, 2026
    risk 0.17cvss 2.6epss 0.00

    A flaw has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. This issue affects the function PIL.Image.tobytes of the file libs/chatchat-server/chatchat/webui_pages/dialogue/dialogue.py of the component Vision Chat Paste Image Handler. This manipulation of the…

  • CVE-2026-11330LowJun 5, 2026
    risk 0.16cvss 3.6epss 0.00

    A weakness has been identified in thedotmack claude-mem up to 11.0.1. The affected element is the function computeObservationContentHash of the file src/services/sqlite/observations/store.ts of the component Observation Content Hash Handler. This manipulation causes use of weak…

  • CVE-2026-11329LowJun 5, 2026
    risk 0.16cvss 3.6epss 0.00

    A vulnerability has been found in onnx onnx-mlir up to 0.5.0.0. Affected by this issue is the function generate_hash_key of the file src/Runtime/python/torch_onnxmlir/src/torch_onnxmlir/backend.py of the component Placeholder Node Cache Handler. Such manipulation leads to use of…

  • CVE-2026-10813LowJun 4, 2026
    risk 0.16cvss 3.6epss 0.00

    A flaw has been found in LMCache up to 0.4.6. This affects the function hex_hash_to_int16 of the file lmcache/integration/vllm/utils.py of the component KV Cache Handler. Executing a manipulation can lead to use of weak hash. The attack needs to be launched locally. The attack…

  • CVE-2026-10812LowJun 4, 2026
    risk 0.16cvss 3.6epss 0.00

    A vulnerability was detected in zilliztech GPTCache up to 0.1.44. Affected by this issue is the function BufferedReader.peek of the file gptcache/processor/pre.py of the component Cache Key Handler. Performing a manipulation of the argument input_data["image"] results in use of…