CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

110 matches found

CVE-2026-42186

OpenBao is an open source identity-based secrets management system. Prior to 2.5.3, when OpenBao's initial namespace deletion fails, subsequent retries fail to properly remove all data before marking the namespace as deleted. This can affect any outstanding leases as well as potentially leaving...

7.5CVSS5.4AI score0.00036EPSS

Exploits0References1

OSV•added 2026/05/18 5:39 a.m.•3 views

BIT-ETCD-2026-44283 etcd: Read access via PrevKv in etcd transactions may bypass RBAC authorization checks

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user...

4.3CVSS5.8AI score0.00012EPSS

Exploits0References2

Veracode•added 2026/05/16 5:34 a.m.•7 views

Improper Cleanup Of Namespace Data

OpenBao is vulnerable to improper cleanup of namespace data.The vulnerability is due to incomplete cleanup when retries occur after an initial namespace deletion failure, which allows an attacker to potentially retain access to outstanding leases or leave residual storage entries that should have...

7.5CVSS5.8AI score0.00036EPSS

Exploits0References3Affected Software1

Fedora•added 2026/05/15 8:57 p.m.•9 views

[SECURITY] Fedora 44 Update: dnsmasq-2.92rel2-9.fc44

Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. It can serve the names of local machines which are not in the global DNS. The DHCP server integrates with the DNS server and allows machines with...

8.4CVSS5.8AI score0.0024EPSS

Exploits4

SUSE CVE•added 2026/05/15 1:58 a.m.•5 views

SUSE CVE-2026-42186

7.5CVSS5.8AI score0.00036EPSS

Exploits0References3

ATTACKERKB•added 2026/05/14 5:1 p.m.•6 views

CVE-2026-44283

5.8AI score0.00012EPSS

Exploits0References2Affected Software1

NVD•added 2026/05/14 3:16 p.m.•6 views

CVE-2026-42186

7.5CVSS0.00036EPSS

Exploits0References3

Cvelist•added 2026/05/14 2:36 p.m.•32 views

CVE-2026-42186 OpenBao's Namespace Deletion May Not Delete Data Properly

2.3CVSS0.00036EPSS

Exploits0References3

Vulnrichment•added 2026/05/14 2:36 p.m.•8 views

CVE-2026-42186 OpenBao's Namespace Deletion May Not Delete Data Properly

2.3CVSS5.8AI score0.00036EPSS

Exploits0References3

EUVD•added 2026/05/14 2:36 p.m.•4 views

EUVD-2026-30298

2.3CVSS5.8AI score0.00036EPSS

Exploits0References3

AlpineLinux•added 2026/05/14 2:36 p.m.•8 views

CVE-2026-42186

7.5CVSS5.8AI score0.00036EPSS

Exploits0References3

ATTACKERKB•added 2026/05/14 2:36 p.m.•2 views

CVE-2026-42186

2.3CVSS5.8AI score0.00036EPSS

Exploits0References4Affected Software1

CVE•added 2026/05/14 2:36 p.m.•6 views

CVE-2026-42186

OpenBao vulnerability CVE-2026-42186 affects the OpenBao identity-based secrets manager where, before v2.5.3, if the initial namespace deletion fails, subsequent retries do not fully remove data before marking the namespace deleted. This can leave outstanding leases and unrelated storage entries....

7.5CVSS5.8AI score0.00036EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2026/05/14 12:0 a.m.•4 views

PT-2026-41030

Crabbox prior to v0.12.0 contains a privilege escalation vulnerability that allows users with shared visibility-only access to obtain Code, WebVNC, and Egress agent tickets by sending POST requests to ticket endpoints. Attackers can exploit insufficient access control checks on the...

8.6CVSS5.8AI score0.00024EPSS

Exploits0References5

Github Security Blog•added 2026/05/05 8:2 p.m.•3 views

OpenBao's Namespace Deletion May Not Delete Data Properly

Impact When OpenBao's initial namespace deletion fails, subsequent retries fail to properly remove all data before marking the namespace as deleted. This can affect any outstanding leases as well as potentially leaving unrelated storage entries around. Patches This will be patched in OpenBao...

7.5CVSS5.8AI score0.00036EPSS

Exploits0References5Affected Software1

OSV•added 2026/05/05 8:2 p.m.•2 views

GHSA-VV66-6RP4-WR4F OpenBao's Namespace Deletion May Not Delete Data Properly

2.3CVSS5.8AI score0.00036EPSS

Exploits0References5

Positive Technologies•added 2026/05/05 12:0 a.m.•6 views

PT-2026-37251

2.3CVSS5.8AI score0.00036EPSS

Exploits0References6

RedhatCVE•added 2026/04/21 12:47 p.m.•2 views

CVE-2026-39388

A flaw was found in OpenBao, an open source identity-based secrets management system. When renewing tokens using the Certificate authentication method with disablebinding=true, the system incorrectly verifies the presented mTLS mutual Transport Layer Security certificate. This vulnerability allow...

3.1CVSS5.7AI score0.00021EPSS

Exploits0References2

NVD•added 2026/04/21 1:16 a.m.•1 views

CVE-2026-39388

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authentication method, when a token renewal is requested and disablebinding=true is set, attempts to verify the current request's presented mTLS certificate matches the original. Toke...

3.1CVSS0.00021EPSS

Exploits0References1

CNVD•added 2026/04/07 12:0 a.m.•4 views

Endian Firewall remark parameter cross-site scripting vulnerability

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improperly cleaning up the input of the remark parameter in /manage/dhcp/fixedleases/, and can be exploited by an attacker to...

6.4CVSS5AI score0.00011EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by