EUVD-2025-24037

Malicious code in bioql PyPI...

ROS-20250912-13

A vulnerability in OpenBao's secret management and encryption system is related to an unexpected normalization in the in the TOTP base library. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data A vulnerability in the OpenBao secret management and encryptio...

Improper Access Control

github.com/openbao/openbao is vulnerable to improper access control. The vulnerability is due to the ability of privileged API operators to bypass restrictions on system code execution and network connections through manipulation of audit log prefixes, which allows an attacker to execute...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the audit subsystem when manipulating log prefixes. An attacker can execute unauthorized code and gain network access by bypassing intended restrictions on privileged API operators. Note: This is exploitable...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the audit subsystem when manipulating log prefixes. An attacker can execute unauthorized code and gain network access by bypassing intended restrictions on privileged API operators. Note: This is exploitable...

CVE-2025-54997 OpenBao: Privileged Operator May Execute Code on the Underlying Host

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, some OpenBao deployments intentionally limit privileged API operators from executing system code or making network connections...