PT-2025-33670 · Liferay · Liferay Portal +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.3.0 through 7.4.3.132 Liferay DXP versions 2025.Q1 through 2025.Q1.6 Liferay DXP versions 2024.Q4.0 through 2024.Q4.7 Liferay DXP versions 2024.Q3.1 through 2024.Q3.13 Liferay DXP versions 2024.Q2.0 through 2024.Q2.1...

OpenBao suffers from an unspecified vulnerability (CNVD-2025-18606)

OpenBao is OpenBao open source a sensitive data management software . A security vulnerability exists in OpenBao 2.3.1 and earlier versions that can be exploited by an attacker to cause bypassing of internal rate limiting and reuse of existing MFA code...

OpenBao has an unspecified vulnerability (CNVD-2025-18598)

OpenBao is OpenBao open source a sensitive data management software . A security vulnerability exists in OpenBao 2.3.1 and earlier versions, which can be exploited by attackers to cause MFA requirements to be bypassed...

CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Wednesday added two security flaws impacting N-able N-central to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. N-able N-central is a Remote Monitoring and Management RMM platform designed...

PT-2025-33075

Name of the Vulnerable Software and Affected Versions: N-able N-Central versions prior to 2025.3.1 N-able N-Central versions prior to 2024.6 Hotfix 2 Description: A deserialization of untrusted data issue exists in N-able N-Central, potentially allowing for local execution of code. This...

Authentication Bypass

github.com/openbao/openbao is vulnerable to Authentication bypass. The vulnerability is due to improper normalization in the underlying TOTP library, which allows an attacker to bypass rate limiting by inserting whitespace and reuse existing MFA codes...

SUSE CVE-2025-55001

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao allowed the assignment of policies and MFA attribution based upon entity aliases, chosen by the underlying auth method. Whe...

GO-2025-3859 OpenBao LDAP MFA Enforcement Bypass When Using Username As Alias in github.com/openbao/openbao

OpenBao LDAP MFA Enforcement Bypass When Using Username As Alias in github.com/openbao/openbao. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerabilit...

GO-2025-3856 OpenBao Login MFA Bypass of Rate Limiting and TOTP Token Reuse in github.com/openbao/openbao

OpenBao Login MFA Bypass of Rate Limiting and TOTP Token Reuse in github.com/openbao/openbao. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

GO-2025-3842 Hashicorp Vault has Login MFA Rate Limit Bypass Vulnerability in github.com/hashicorp/vault

Hashicorp Vault has Login MFA Rate Limit Bypass Vulnerability in github.com/hashicorp/vault...

GO-2025-3848 HashiCorp Vault ldap auth method may not have correctly enforced MFA in github.com/hashicorp/vault

HashiCorp Vault ldap auth method may not have correctly enforced MFA in github.com/hashicorp/vault...

CVE-2025-55003

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao's Login Multi-Factor Authentication MFA system allows enforcing MFA using Time-based One Time Password TOTP. Due to...

CVE-2025-55001

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao allowed the assignment of policies and MFA attribution based upon entity aliases, chosen by the underlying auth method. Whe...

PT-2025-32486

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 9.2 through 18.9.5 GitLab CE/EE versions 18.10 through 18.10.3 GitLab CE/EE versions 18.11 through 18.11.0 Description An issue exists where an authenticated user can cause a denial of service due to insufficient resource...

CVE-2025-55001

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao allowed the assignment of policies and MFA attribution based upon entity aliases, chosen by the underlying auth method. Whe...

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization via the usernameasalias parameter in the LDAP authentication process. An attacker can gain unauthorized access to resources protected by multi-factor authentication by supplying a crafted username that bypasses...

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization via the usernameasalias parameter in the LDAP authentication process. An attacker can gain unauthorized access to resources protected by multi-factor authentication by supplying a crafted username that bypasses...

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization via the usernameasalias parameter in the LDAP authentication process. An attacker can gain unauthorized access to resources protected by multi-factor authentication by supplying a crafted username that bypasses...

CVE-2025-55003

OpenBao CVE-2025-55003 affects OpenBao MFA (TOTP) in versions ≤ 2.3.1, where normalization in the TOTP library allowed whitespace-containing codes to bypass rate limiting and reuse existing MFA codes. The issue is fixed in version 2.3.2. Per the CVE, the exploitation vector is network with low co...

CVE-2025-55003 OpenBao Login MFA Bypasses Rate Limiting and TOTP Token Reuse

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao's Login Multi-Factor Authentication MFA system allows enforcing MFA using Time-based One Time Password TOTP. Due to...