SUSE CVE-2023-43635

Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism. Different parts of the system update different PCR values in the TPM, resulting in a unique value for each PCR entry. These PCRs are then used in order to seal/unseal a key from the...

Ubuntu 26.04 LTS : Dnsmasq vulnerability (USN-8308-1)

The remote Ubuntu 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8308-1 advisory. It was discovered that Dnsmasq incorrectly handled BOOTREPLY packets when configured with the --dhcp- split-relay option. A remote attacker could use this issue t...

CVE-2026-9581

A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit is publicly available and might be used. Upgrading to version...

USN-8308-1 dnsmasq vulnerability

It was discovered that Dnsmasq incorrectly handled BOOTREPLY packets when configured with the --dhcp-split-relay option. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly execute arbitrary code...

CVE-2026-34961

barebox prior to version 2026.04.0 contains out-of-bounds read vulnerabilities in ext4 extent parsing due to missing validation of the ehentries field against buffer capacity in fs/ext4/ext4common.c. Attackers can supply a malicious ext4 filesystem image via USB, SD card, or network boot to trigg...

This Week in Spring - May 26th, 2026

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm in Coimbra, Portugal, where I just did my usual shtick on the latest and greatest in Spring Framework 7.x, Spring Boot 4.x, and Spring AI 2.x. It was a ton of fun, and I want to thank everybody who came out. Last week I w...

May 26, 2026—KB5089573 (OS Builds 26200.8524 and 26100.8524) Preview

May 26, 2026—KB5089573 OS Builds 26200.8524 and 26100.8524 Preview ​​​​This cumulative update for Windows 11, version 25H2 and 24H2 KB5089573, includes production-quality improvements. Visit the Windows release health dashboard for the latest status on this release. Announcements and messages Thi...

Security Bulletin: Multiple Vulnerabilities in IBM Library Support for Spring

Summary Multiple vulnerabilities were addressed in IBM Library Support for Spring 2.7.38 Vulnerability Details CVEID:CVE-2026-40972 DESCRIPTION: An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In...

biz.devstack.springframework.boot:spring-boot-starter-api (>=1.0.0 <=1.2.1), biz.devstack:spring-boot-starter-api-quickstart (>=1.0.0 <=1.0.4) +653 more potentially affected by CVE-2026-9370 via com.github.ulisesbocchio:jasypt-spring-boot (>=3.0.4 <=4.0.4)

com.github.ulisesbocchio:jasypt-spring-boot MAVEN version =3.0.4, =1.0.0, =1.0.0, =1.0, =1.0.4 - cn.com.tltim.pigx:mybatis-enhance =5.0.0-20240820 - cn.com.tltim.pigx:pigx =5.0.0-20240820 - cn.com.tltim.pigx:pigx-common =5.0.0-20240820 - cn.com.tltim.pigx:pigx-common-audit =5.0.0-20240820 -...

Use of a One-Way Hash with a Predictable Salt

Overview Affected versions of this package are vulnerable to Use of a One-Way Hash with a Predictable Salt in the getSecretKeySaltGenerator function of the Password Hash Handler component. An attacker can compromise the confidentiality of hashed secrets by exploiting the use of a predictable salt...

CVE-2026-9370

A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4. Affected by this vulnerability is the function getSecretKeySaltGenerator of the file jasypt-spring-boot/src/main/java/com/ulisesbocchio/jasyptspringboot/encryptor/SimpleGCMConfig.java of the component Password...

CVE-2026-9370 ulisesbocchio jasypt-spring-boot Password Hash SimpleGCMConfig.java getSecretKeySaltGenerator hash predictable salt

A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4. Affected by this vulnerability is the function getSecretKeySaltGenerator of the file jasypt-spring-boot/src/main/java/com/ulisesbocchio/jasyptspringboot/encryptor/SimpleGCMConfig.java of the component Password...

CVE-2026-9370 ulisesbocchio jasypt-spring-boot Password Hash SimpleGCMConfig.java getSecretKeySaltGenerator hash predictable salt

A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4. Affected by this vulnerability is the function getSecretKeySaltGenerator of the file jasypt-spring-boot/src/main/java/com/ulisesbocchio/jasyptspringboot/encryptor/SimpleGCMConfig.java of the component Password...

CVE-2026-9370

A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4. Affected by this vulnerability is the function getSecretKeySaltGenerator of the file jasypt-spring-boot/src/main/java/com/ulisesbocchio/jasyptspringboot/encryptor/SimpleGCMConfig.java of the component Password...

EUVD-2026-31584

A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4. Affected by this vulnerability is the function getSecretKeySaltGenerator of the file jasypt-spring-boot/src/main/java/com/ulisesbocchio/jasyptspringboot/encryptor/SimpleGCMConfig.java of the component Password...

CVE-2026-9370

CVE-2026-9370 affects ulisesbocchio jasypt-spring-boot up to versions 3.0.5/4.0.4. The vulnerability is in getSecretKeySaltGenerator within SimpleGCMConfig.java of the Password Hash Handler. The underlying issue is a manipulation that leads to the use of a one-way hash with a predictable salt. Th...

SUSE CVE-2022-50250

In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix usecount leakage when handling boot-on I found a usecount leakage towards supply regulator of rdev with boot-on option. ───────────────────┐ ───────────────────┐ | regulatordev A | | regulatordev B | | boot-o...

jasypt-spring-boot 安全漏洞

jasypt-spring-boot is an integration tool developed by Ulises Bocchio, a personal developer, that provides attribute encryption support for Spring Boot applications. There are security vulnerabilities in versions of jasypt-spring-boot 3.0.5 and earlier, as well as versions 4.0.4 and earlier. Thes...

PT-2026-42931

A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4. Affected by this vulnerability is the function getSecretKeySaltGenerator of the file jasypt-spring-boot/src/main/java/com/ulisesbocchio/jasyptspringboot/encryptor/SimpleGCMConfig.java of the component Password...

com.github.vindell:spring-boot-starter-cxf-jaxws-plus (>=1.0.0.RELEASE <=1.0.2.RELEASE), org.apache.cxf:apache-cxf (>=3.3.0 <=3.6.10) +1 more potentially affected by CVE-2026-44618 via org.apache.cxf:cxf-rt-ws-transfer (>=3.2.4 <=3.6.10)

org.apache.cxf:cxf-rt-ws-transfer MAVEN version =3.2.4, =1.0.0.RELEASE, =3.3.0, =3.4.0, =3.6.10 Source cves: CVE-2026-44618 Source advisory: SNYK:JAVA-ORGAPACHECXF-17115402...