Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-328

CWE-328

Use of Weak Hash

Parent: CWE-326 - Inadequate Encryption Strength

The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).

79 vulnerabilities with CWE-328

CVE-2026-48488 LOW

phpMyFAQ has Weak Cryptography - SHA1 for Password Hashing

CVE-2026-11481 LOW

yoanbernabeu grepai Postgres Embedding Cache chunker.go PostgresStore.LookupByContentHash weak hash

CVE-2026-11479 MEDIUM

yoanbernabeu grepai Qdrant Backend chunker.go weak hash

CVE-2026-11330 LOW

thedotmack claude-mem Observation Content Hash store.ts computeObservationContentHash weak hash

CVE-2026-11329 LOW

onnx onnx-mlir Placeholder Node Cache backend.py generate_hash_key weak hash

CVE-2026-36182 CRITICAL

GNCC GP5 v7.1.76 - Weak Hashing Algorithm for Root Password

CVE-2026-10814 MEDIUM

milvus-io milvus Grantee ID Hash kv_catalog.go weak hash

CVE-2026-10813 LOW

LMCache KV Cache utils.py hex_hash_to_int16 weak hash

CVE-2026-10812 LOW

zilliztech GPTCache Cache Key pre.py BufferedReader.peek weak hash

CVE-2026-10804 LOW

Streamlit Palette hashing.py weak hash

CVE-2026-10803 LOW

MLflow Dataset Digest Computation digest_utils.py mlflow.data.digest_utils weak hash

CVE-2026-10801 LOW

modelscope ms-swift PIL Image Cache Key base.py Template._save_pil_image weak hash

CVE-2026-10800 LOW

PaddlePaddle FastDeploy MultimodalHasher hasher.py hash_features weak hash

CVE-2026-10783 LOW

gradio-app gradio Audio Cache Key save_audio_to_cache weak hash

CVE-2026-10766 LOW

mlrun DataFrame Hash helpers.py mlrun.utils.helpers.calculate_dataframe_hash weak hash

CVE-2026-45413 MEDIUM

MaxKB: Unsalted MD5 Password Hashing

CVE-2026-8803 LOW

opensourcepos Open Source Point of Sale Employee Login Employee.php login weak hash

CVE-2026-44582 LOW

Next.js: Cache poisoning via collisions in React Server Component cache-busting

CVE-2026-34527 MEDIUM

Sandboxie-Plus EditPassword hash entropy reduced from 160 bits to 80 bits due to incorrect nibble extraction

CVE-2026-7845 LOW

chatchat-space Langchain-Chatchat Vision Chat Paste Image dialogue.py PIL.Image.tobytes weak hash

CVE-2026-7103 LOW

code-projects Chat System MD5 Hash update_user.php weak hash

CVE-2026-40164 HIGH

jq: Algorithmic complexity DoS via hardcoded MurmurHash3 seed

CVE-2026-21717 MEDIUM

Node.js 20.x 22.x 24.x 25.x - Denial of Service via V8 String Hash Collision

CVE-2026-32129 HIGH

soroban-poseidon < 25.0.1 - Hash Collision via Implicit Zero-Filling in PoseidonSponge

CVE-2026-27754 MEDIUM

SODOLA SL902-SWTGW124AS Firmware <200.1.20 - Auth Bypass

Page 1 of 4 Next

Details

Vulnerabilities 79

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy