CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

63 matches found

CVE-2026-9370

A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4. Affected by this vulnerability is the function getSecretKeySaltGenerator of the file jasypt-spring-boot/src/main/java/com/ulisesbocchio/jasyptspringboot/encryptor/SimpleGCMConfig.java of the component Password...

6.3CVSS5.1AI score0.00019EPSS

Exploits0References1

Snyk•added 2026/05/24 11:47 a.m.•5 views

Use of a One-Way Hash with a Predictable Salt

Overview Affected versions of this package are vulnerable to Use of a One-Way Hash with a Predictable Salt in the getSecretKeySaltGenerator function of the Password Hash Handler component. An attacker can compromise the confidentiality of hashed secrets by exploiting the use of a predictable salt...

6.3CVSS5.8AI score0.00019EPSS

Exploits0References2

NVD•added 2026/05/24 10:16 a.m.•5 views

CVE-2026-9370

6.3CVSS0.00019EPSS

Exploits0References6

Cvelist•added 2026/05/24 9:15 a.m.•10 views

CVE-2026-9370 ulisesbocchio jasypt-spring-boot Password Hash SimpleGCMConfig.java getSecretKeySaltGenerator hash predictable salt

6.3CVSS0.00019EPSS

Exploits0References6

ATTACKERKB•added 2026/05/24 9:15 a.m.•4 views

CVE-2026-9370

6.3CVSS5.1AI score0.00019EPSS

Exploits0References6Affected Software1

CVE•added 2026/05/24 9:15 a.m.•16 views

CVE-2026-9370

CVE-2026-9370 affects ulisesbocchio jasypt-spring-boot up to versions 3.0.5/4.0.4. The vulnerability is in getSecretKeySaltGenerator within SimpleGCMConfig.java of the Password Hash Handler. The underlying issue is a manipulation that leads to the use of a one-way hash with a predictable salt. Th...

6.3CVSS5.1AI score0.00019EPSS

Exploits0References6

Vulnrichment•added 2026/05/24 9:15 a.m.•4 views

CVE-2026-9370 ulisesbocchio jasypt-spring-boot Password Hash SimpleGCMConfig.java getSecretKeySaltGenerator hash predictable salt

6.3CVSS5.1AI score0.00019EPSS

Exploits0References6

Positive Technologies•added 2026/05/24 12:0 a.m.•7 views

PT-2026-42931

6.3CVSS5.1AI score0.00019EPSS

Exploits0References6

CNNVD•added 2026/05/08 12:0 a.m.•4 views

Crypt::PasswdMD5 安全特征问题漏洞

Crypt::PasswdMD5 is a Perl module developed by RSAVAGE’s individual developers, which implements MD5-based password hashing calculations. Versions of Crypt::PasswdMD5 prior to 1.42 contained security vulnerabilities due to the use of a predictable built-in rand function to generate insecure rando...

7.5CVSS5.8AI score0.00015EPSS

Exploits0References1

Vulnrichment•added 2025/12/19 3:37 p.m.•1 views

CVE-2025-34433 AVideo < 20.1 Unauthenticated RCE via Predictable Installation Salt

AVideo versions 14.3.1 prior to 20.1 contain an unauthenticated remote code execution vulnerability caused by predictable generation of an installation salt using PHP uniqid. The installation timestamp is exposed via a public endpoint, and a derived hash identifier is accessible through...

9.3CVSS8.1AI score0.41084EPSS

Exploits2References4

CVE•added 2025/12/19 3:37 p.m.•7 views

CVE-2025-34433

AVideo 14.3.1–20.0.x isaffected by an unauthenticated RCE due to insecure salt generation: installation salt is created with PHP uniqid(), and the installation timestamp plus a derived hashId are exposed publicly, enabling offline brute-forcing of the remaining entropy to recover the salt. Attack...

9.3CVSS8.1AI score0.41084EPSS

Exploits2References4