Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

58 matches found

Veracode
Veracodeadded 2026/06/08 1:27 p.m.9 views

Use Of Predictable Salt

jasypt-spring-boot is vulnerable to Use of Predictable Salt. The vulnerability is due to the getSecretKeySaltGenerator implementation in SimpleGCMConfig.java, which can generate predictable salts for password hashing operations. This reduces the effectiveness of the one-way hash and may allow...

6.3CVSS5.4AI score0.00202EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/03/04 8:10 a.m.4 views

CVE-2026-29120

The /root/anaconda-ks.cfg installation configuration file in International Datacasting Corporation IDC SFX SeriesSFX2100 SuperFlex Satellite Receiver insecurely stores the hardcoded root password hash. The password itself is highly insecure and susceptible to offline dictionary attacks using the...

9.2CVSS5.9AI score0.00142EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2026/02/13 7:18 p.m.4 views

CVE-2026-26219

newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure, backup leakage, or other compromise vectors to...

9.3CVSS5.5AI score0.00191EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/02/12 6:39 p.m.4 views

CVE-2026-26219 newbee-mall Unsalted MD5 Password Hashing Enables Offline Credential Cracking

newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure, backup leakage, or other compromise vectors to...

9.3CVSS5.5AI score0.00191EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2026/02/12 12:0 a.m.4 views

PT-2026-7888

Name of the Vulnerable Software and Affected Versions newbee-mall affected versions not specified Description The software stores and verifies user passwords using an unsalted MD5 hashing algorithm. This implementation lacks per-user salts and computational cost controls. Attackers obtaining...

9.3CVSS5.4AI score0.00191EPSS
Exploits1References6
RedhatCVE
RedhatCVEadded 2025/10/17 6:44 p.m.15 views

CVE-2025-34519

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords using the MD5 hash function without applying a per‑password salt. Because MD5 is a fast, unsalted hash, an attacker who obtains the password database can...

8.2CVSS7.1AI score0.0028EPSS
Exploits2References1
OSV
OSVadded 2025/10/16 6:15 p.m.2 views

CVE-2025-34519

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords using the MD5 hash function without applying a per‑password salt. Because MD5 is a fast, unsalted hash, an attacker who obtains the password database can...

7.5CVSS5.8AI score0.0028EPSS
Exploits2References3
NVD
NVDadded 2025/10/16 6:15 p.m.6 views

CVE-2025-34519

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords using the MD5 hash function without applying a per‑password salt. Because MD5 is a fast, unsalted hash, an attacker who obtains the password database can...

8.2CVSS0.0028EPSS
Exploits2References3
CVE
CVEadded 2025/10/16 5:55 p.m.9 views

CVE-2025-34519

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden store user passwords with MD5 without per-password salt, enabling offline dictionary/rainbow-table/brute-force attacks on a breached database. Connected sources confirm this insecure hashing practice and indicate the vendor has declined to se...

8.2CVSS6.7AI score0.0028EPSS
Exploits2References3Affected Software1
EUVD
EUVDadded 2025/10/16 5:55 p.m.5 views

EUVD-2025-34806

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords using the MD5 hash function without applying a per‑password salt. Because MD5 is a fast, unsalted hash, an attacker who obtains the password database can...

8.2CVSS6.6AI score0.0028EPSS
Exploits2References4
Vulnrichment
Vulnrichmentadded 2025/10/16 5:55 p.m.3 views

CVE-2025-34519 Ilevia EVE X1 Server 4.7.18.0.eden Insecure Hashing Algorithm

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords using the MD5 hash function without applying a per‑password salt. Because MD5 is a fast, unsalted hash, an attacker who obtains the password database can...

8.2CVSS6.7AI score0.0028EPSS
Exploits2References3
Cvelist
Cvelistadded 2025/10/16 5:55 p.m.8 views

CVE-2025-34519 Ilevia EVE X1 Server 4.7.18.0.eden Insecure Hashing Algorithm

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords using the MD5 hash function without applying a per‑password salt. Because MD5 is a fast, unsalted hash, an attacker who obtains the password database can...

8.2CVSS0.0028EPSS
Exploits2References3
CNNVD
CNNVDadded 2025/10/16 12:0 a.m.4 views

Ilevia EVE X1 Server 安全漏洞

Ilevia EVE X1 Server is a smart home and building automation from Ilevia, Italy. A security vulnerability exists in Ilevia EVE X1 Server version 4.7.18.0.eden and prior versions, which stems from storing passwords using the unsalted MD5 hash algorithm, which could lead to an offline dictionary...

8.2CVSS6.6AI score0.0028EPSS
Exploits2References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2022-43592

Malicious code in bioql PyPI...

4.9CVSS5.4AI score0.00368EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.7 views

EUVD-2025-32184

Malicious code in bioql PyPI...

8.2CVSS6.6AI score0.00416EPSS
Exploits1References5
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2022-28956

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.0044EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.4 views

EUVD-2025-22097

Malicious code in bioql PyPI...

7.3CVSS6.6AI score0.00358EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2025/10/03 4:58 p.m.6 views

CVE-2025-34208

Vasion Print formerly PrinterLogic Virtual Appliance Host and Application VA/SaaS deployments store user passwords using unsalted SHA-512 hashes with a fall-back to unsalted SHA-1. The hashing is performed via PHP's hash function in multiple files serverwriterequestsusers.php, updatedatabase.php,...

8.2CVSS7.4AI score0.00416EPSS
Exploits1References1
NVD
NVDadded 2025/10/02 5:16 p.m.9 views

CVE-2025-34208

Vasion Print formerly PrinterLogic Virtual Appliance Host and Application VA/SaaS deployments store user passwords using unsalted SHA-512 hashes with a fall-back to unsalted SHA-1. The hashing is performed via PHP's hash function in multiple files serverwriterequestsusers.php, updatedatabase.php,...

8.2CVSS0.00416EPSS
Exploits1References4
CVE
CVEadded 2025/10/02 4:13 p.m.15 views

CVE-2025-34208

Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SAAS) uses unsalted SHA-512 and, fallback unsalted SHA-1, for password hashing via PHP hash() in multiple files (server_write_requests_users.php, update_database.php, legacy/Login.php, tests/Unit/Api/IdpControllerTest...

8.2CVSS7AI score0.00416EPSS
Exploits1References4Affected Software2
Rows per page
Query Builder