Lucene search
K

405 matches found

OSV
OSV
added 2026/04/21 12:15 p.m.3 views

BIT-VAULT-2026-3605 Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service

An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, resulting in denial-of-service. This vulnerability did not allow a malicious user to delete secrets across namespaces, nor read any secret...

8.1CVSS5.8AI score0.00376EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/20 7:22 p.m.7 views

CVE-2026-40525

OpenViking prior to version 0.3.9 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the apikey configuration value is unset or empty. Remote attackers with network access to the exposed service can invoke...

9.1CVSS5.8AI score0.00571EPSS
Exploits1References1
OSV
OSV
added 2026/04/20 5:16 p.m.51 views

UBUNTU-CVE-2026-28684

python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prior to version 1.2.2, setkey and unsetkey in python-dotenv follow symbolic links when rewriting .env files, allowing a local attacker to overwrite arbitrary files via a crafted symlink when a...

6.6CVSS5.9AI score0.00236EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/04/20 4:25 p.m.5 views

CVE-2026-28684

python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prior to version 1.2.2, setkey and unsetkey in python-dotenv follow symbolic links when rewriting .env files, allowing a local attacker to overwrite arbitrary files via a crafted symlink when a...

6.6CVSS5.5AI score0.00236EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/04/17 10:37 p.m.18 views

CVE-2026-3605

A flaw was found in Vault. An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write. This vulnerability can lead to a denial-of-service by allowing the deletion of critical data. It does not permit ...

8.1CVSS5.6AI score0.00376EPSS
Exploits0References4
OSV
OSV
added 2026/04/17 6:31 a.m.5 views

GHSA-M2W4-8GGF-RJ47 HashiCorp Vault has a KVv2 Metadata and Secret Deletion Policy Bypass that leads to Denial-of-Service

An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, resulting in denial-of-service. This vulnerability did not allow a malicious user to delete secrets across namespaces, nor read any secret...

8.1CVSS5.7AI score0.00376EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/17 6:31 a.m.9 views

HashiCorp Vault has a KVv2 Metadata and Secret Deletion Policy Bypass that leads to Denial-of-Service

An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, resulting in denial-of-service. This vulnerability did not allow a malicious user to delete secrets across namespaces, nor read any secret...

8.1CVSS5.7AI score0.00376EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/17 2:44 a.m.30 views

CVE-2026-3605 Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service

An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, resulting in denial-of-service. This vulnerability did not allow a malicious user to delete secrets across namespaces, nor read any secret...

8.1CVSS0.00376EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.10 views

PT-2026-33397

Name of the Vulnerable Software and Affected Versions HashiCorp Vault Community Edition versions prior to 2.0.0 HashiCorp Vault Enterprise versions prior to 1.19.16 HashiCorp Vault Enterprise versions prior to 1.20.10 HashiCorp Vault Enterprise versions prior to 2.0.0 Description An authenticated...

8.5CVSS5.7AI score0.00376EPSS
Exploits0References21
Fedora
Fedora
added 2026/04/03 12:52 a.m.6 views

[SECURITY] Fedora 43 Update: openbao-2.5.2-1.fc43

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...

9.6CVSS6.3AI score0.00411EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/03/26 1:36 p.m.5 views

CVE-2026-33413

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, unauthorized users may bypass authentication or authorization checks and call certain etcd functions in clusters that expose the gRPC API to untrusted or partially trusted...

8.8CVSS5.7AI score0.00249EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/03/26 1:23 p.m.5 views

CVE-2026-33343

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, an authenticated user with RBAC restricted permissions on key ranges can use nested transactions to bypass all key-level authorization. This allows any authenticated user with...

6.5CVSS5.4AI score0.0021EPSS
Exploits0
Fedora
Fedora
added 2026/03/07 12:33 a.m.9 views

[SECURITY] Fedora 44 Update: valkey-9.0.3-1.fc44

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

8.5CVSS5.8AI score0.00586EPSS
Exploits0
Fedora
Fedora
added 2026/03/05 1:13 a.m.5 views

[SECURITY] Fedora 42 Update: valkey-8.0.7-1.fc42

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

8.5CVSS6AI score0.00586EPSS
Exploits0
AlmaLinux
AlmaLinux
added 2026/03/02 12:0 a.m.10 views

Important: valkey security update

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

8.5CVSS6AI score0.00586EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

MiracleLinux 7 : etcd-3.2.26-1.el7 (AXSA:2019-3901:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2019-3901:01 advisory. Security Fix - etcd RABC etcd gRPC-gateway REST API TLS RBAC Common Name CN CVE-2018-16886 CVEJVNhttp://jvndb.jvn.jp/ Tenable has extracted the preceding...

8.1CVSS7.1AI score0.04031EPSS
Exploits0References2
Fedora
Fedora
added 2025/12/03 1:40 a.m.8 views

[SECURITY] Fedora 41 Update: openbao-2.4.4-1.fc41

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...

7.5CVSS7AI score0.00626EPSS
Exploits0
Fedora
Fedora
added 2025/12/03 1:12 a.m.8 views

[SECURITY] Fedora 42 Update: openbao-2.4.4-1.fc42

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...

7.5CVSS7AI score0.00419EPSS
Exploits0
Fedora
Fedora
added 2025/12/03 12:59 a.m.9 views

[SECURITY] Fedora 43 Update: openbao-2.4.4-1.fc43

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...

7.5CVSS7AI score0.00626EPSS
Exploits0
CNNVD
CNNVD
added 2025/11/28 12:0 a.m.6 views

Apache Kvrocks 安全漏洞

Apache Kvrocks is a distributed key-value NoSQL database from the Apache USA Foundation. Apache Kvrocks suffers from an elevation of privilege vulnerability that is caused by improper privilege management in the RESET command. An attacker can exploit this vulnerability to gain administrator...

5.4CVSS5.8AI score0.00356EPSS
Exploits0References3
Rows per page
Query Builder