12 matches found
EUVD-2025-19111
Malicious code in bioql PyPI...
OpenBao suffers from an unspecified vulnerability (CNVD-2025-18607)
OpenBao is OpenBao open source a sensitive data management software . A security vulnerability exists in OpenBao versions 0.1.0 through 2.3.1, which stems from the TOTP key engine being able to accept valid code multiple times, and no details of the vulnerability are provided at this time...
CVE-2025-54999
CVE-2025-54999 affects OpenBao (versions 0.1.0–2.3.1) via the userpass authentication method, enabling user enumeration due to timing differences between non-existent users and those with credentials. This timing side-channel is independent of credential validity. The issue is fixed in version 2....
CVE-2025-52893
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 may leak sensitive information in logs when processing malformed data. This is separate from the earlier HCSEC-2025-09 / CVE-2025-4166. Th...
CVE-2025-52894
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 allowed an attacker to perform unauthenticated, unaudited cancellation of root rekey and recovery rekey operations, effecting a denial of...
CVE-2025-52893
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 may leak sensitive information in logs when processing malformed data. This is separate from the earlier HCSEC-2025-09 / CVE-2025-4166. Th...
CVE-2025-52894
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 allowed an attacker to perform unauthenticated, unaudited cancellation of root rekey and recovery rekey operations, effecting a denial of...
CVE-2025-52894
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 allowed an attacker to perform unauthenticated, unaudited cancellation of root rekey and recovery rekey operations, effecting a denial of...
CVE-2025-52894 OpenBao Vulnerable to Unauthenticated Rekey Operation Cancellation
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 allowed an attacker to perform unauthenticated, unaudited cancellation of root rekey and recovery rekey operations, effecting a denial of...
CVE-2025-52893
OpenBao before v2.3.0 may leak sensitive information in logs when processing malformed data. Affected software: OpenBao (open-source data management for secrets, certificates, keys). Root cause: log disclosure vulnerability due to handling of malformed input. Impact: potential exposure of sensiti...
CVE-2025-52893 OpenBao May Leak Sensitive Information in Logs When Processing Malformed Data
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 may leak sensitive information in logs when processing malformed data. This is separate from the earlier HCSEC-2025-09 / CVE-2025-4166. Th...
PT-2025-26866 · Openbao · Openbao
Name of the Vulnerable Software and Affected Versions: OpenBao versions prior to 2.3.0 Description: OpenBao is a software solution for managing, storing, and distributing sensitive data, including secrets, certificates, and keys. The issue allows an attacker to perform unauthenticated, unaudited...