CWE-836
14 CVEs classified under CWE-836. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-23857 | Critical | 10.0 | 2021-10-04 | Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Combined with CV… |
CVE-2023-4299 | Critical | 9.0 | 2023-08-31 | Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment. |
CVE-2023-23614 | High | 8.8 | 2023-01-26 | Pi-hole®'s Web interface (based off of AdminLTE) provides a central location to manage your Pi-hole. Versions 4.0 and above, prior to 5.18.3 are vulnerable to… |
CVE-2025-62618 | High | 8.0 | 2025-10-31 | ELOG allows an authenticated user to upload arbitrary HTML files. The HTML content is executed in the context of other users when they open the file. Because E… |
CVE-2019-25552 | High | 7.5 | 2026-03-21 | CEWE PHOTO SHOW 6.4.3 contains a denial of service vulnerability that allows attackers to crash the application by submitting an excessively long buffer to the… |
CVE-2017-7927 | High | 7.3 | 2017-05-06 | A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW… |
CVE-2022-32282 | High | 7.2 | 2022-08-22 | An improper password check exists in the login functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. An attacker that owns a users' password hash w… |
CVE-2023-23450 | Medium | 6.2 | 2023-05-15 | Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524… |
CVE-2025-64471 | Medium | 4.4 | 2025-12-09 | A use of password hash instead of password for authentication vulnerability [CWE-836] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 th… |
CVE-2026-40103 | Medium | 4.3 | 2026-04-10 | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, Vikunja's scoped API token enforcement for custom project background routes is… |
CVE-2025-48925 | Medium | 4.3 | 2025-05-28 | The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash as the authentication… |
CVE-2025-52543 | | 2025-09-02 | E3 Site Supervisor Control (firmware version < 2.31F01) application services (MGW and RCI) uses client side hashing for authentication. An attacker can authent… | |
CVE-2023-39546 | | 2023-11-17 | CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and… | |
CVE-2023-34132 | | 2023-07-13 | Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks. This issue affects GMS… |