Security Bulletin: Vault Token Leaked to Backends via Authorization: Bearer Passthrough Header

Summary If a Vault auth mount is configured to pass through the "Authorization" header, and the "Authorization" header is used to authenticate to Vault, Vault forwarded the Vault token to the auth plugin backend. Fixed in 2.0.0, 1.21.5, 1.20.10, and 1.19.16. Vulnerability Details...

CVE-2026-4525

creationtimestamp| type| source ---|---|--- 2026-04-17 05:15:31+00:00| seen| Telegram/ZsD0WH1x-fGDClxVyGq1OwOyswCrVsbtDHfPHjSJRDr2T4Y 2026-04-17 06:17:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjobofphqo2f 2026-04-17 13:00:29+00:00| seen|...

CVE-2026-4525 Vault Token Leaked to Backends via Authorization: Bearer Passthrough Header

If a Vault auth mount is configured to pass through the "Authorization" header, and the "Authorization" header is used to authenticate to Vault, Vault forwarded the Vault token to the auth plugin backend. Fixed in 2.0.0, 1.21.5, 1.20.10, and 1.19.16...

RHEL 9 : vsftpd (RHSA-2026:4525)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:4525 advisory. The vsftpd packages include a Very Secure File Transfer Protocol FTP daemon, which is used to serve files over a network. Security Fixes: vsftpd:...

CVE-2017-4525

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none...

EUVD-2012-4454

Malware in sbrugna...

CVE-2024-4525

A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /view/studentpaymentdetails4.php. The manipulation of the argument index leads to cross site scripting. The attack can be...

CVE-2022-4525

A vulnerability has been found in National Sleep Research Resource sleepdata.org up to 58.x and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 59.0.0.r...

CVE-2012-4526

piwigo has XSS in password.php incomplete fix for CVE-2012-4525...

CVE-2012-4525

piwigo has XSS in password.php...

CVE-2006-4525

Cross-site scripting XSS vulnerability in CubeCart 3.0.12 and earlier, when registerglobals is enabled, allows remote attackers to inject arbitrary web script or HTML via the links array...

CVE-2025-4525

CVE-2025-4525 affects Discord 1.0.9188 on Windows, with the WINSTA.dll library involved. The issue is an uncontrolled search path in WINSTA.dll, enabling a locally approached attack. Reported characteristics: local attack vector, description notes high impact on confidentiality, integrity, and av...

CVE-2025-4525 Discord WINSTA.dll uncontrolled search path

A vulnerability, which was classified as critical, has been found in Discord 1.0.9188 on Windows. Affected by this issue is some unknown functionality in the library WINSTA.dll. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity of an...

Linux Distros Unpatched Vulnerability : CVE-2010-4525

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Linux kernel 2.6.33 and 2.6.34.y does not initialize the kvmvcpuevents-interrupt.pad structure member, which allows local users to obtain potentially sensitive...

CVE-2024-4525

creationtimestamp| type| source ---|---|--- 2025-02-19 19:13:57+00:00| seen| Telegram/IW2TD75wanZ8aa6o7Xutq2VYjAYPk7shyh-jDY1mTaNk-Y...

CVE-2024-4525

A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /view/studentpaymentdetails4.php. The manipulation of the argument index leads to cross site scripting. The attack can be...

Oracle Linux 5 : kvm (ELSA-2011-0028)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2011-0028 advisory. - CVE: CVE-2010-4525 - Resolves: bz570532 CVE-2010-0435 kvm: vmx null pointer dereference - CVE: CVE-2010-0435 - Related: bz639887 CVE-2010-3698 kvm: invalid...

CVE-2023-4525

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none...

CVE-2022-4525

A vulnerability has been found in National Sleep Research Resource sleepdata.org up to 58.x and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 59.0.0.r...

CVE-2022-4525

A vulnerability has been found in National Sleep Research Resource sleepdata.org up to 58.x and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 59.0.0.r...