CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Fedora•added 2026/05/01 3:6 a.m.•3 views

[SECURITY] Fedora 43 Update: openbao-2.5.3-1.fc43

7.5CVSS5.4AI score0.00054EPSS

Exploits1

Fedora•added 2026/04/25 1:52 a.m.•1 views

[SECURITY] Fedora 44 Update: openbao-2.5.2-1.fc44

9.6CVSS6AI score0.0004EPSS

NVD•added 2026/04/21 1:16 a.m.•0 views

CVE-2026-40264

OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Prior to version 2.5.3, a tenant who leaks token accessors can have their token revoked or renewed by a privileged administrator in another tenant. This is addressed in v2.5.3...

2.7CVSS0.0005EPSS

ATTACKERKB•added 2026/04/21 12:47 a.m.•0 views

CVE-2026-40264

2CVSS5.8AI score0.0005EPSS

Exploits0References2Affected Software1

AlpineLinux•added 2026/04/21 12:19 a.m.•1 views

CVE-2026-39946

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, when OpenBao revoked privileges on a role in the PostgreSQL database secrets engine, OpenBao failed to use proper database quoting on schema names provided by PostgreSQL. This could lead to role revocation...

4.9CVSS5.8AI score0.00032EPSS

ATTACKERKB•added 2026/03/27 2:12 p.m.•1 views

CVE-2026-33758

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao installations that have an OIDC/JWT authentication method enabled and a role with callbackmode=direct configured are vulnerable to XSS via the errordescription parameter on the page for a failed...

9.4CVSS5.8AI score0.00035EPSS

Exploits0References5Affected Software1

CVE•added 2026/03/27 2:10 p.m.•17 views

CVE-2026-33757

OpenBao (before 2.5.2) is vulnerable to a login flow issue when using JWT/OIDC with a role whose callback_mode is direct: no user confirmation is prompted, enabling remote phishing by auto-logging in to the attacker’s session. Version 2.5.2 adds a confirmation screen for direct logins to require ...

9.6CVSS5.9AI score0.0004EPSS

Exploits0References3Affected Software1

EUVD•added 2026/03/27 2:10 p.m.•0 views

EUVD-2026-16624

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao does not prompt for user confirmation when logging in via JWT/OIDC and a role with callbackmode set to direct. This allows an attacker to start an authentication request and perform "remote phishin...

9.6CVSS5.9AI score0.0004EPSS

Exploits0References3

OSV•added 2026/03/19 12:42 p.m.•2 views

GHSA-GFGR-6HRJ-85WW Juju affected by timing ownership claim attack on new external back-end secrets

A race condition in the secrets management subsystem of Juju versions 3.0.0 through 3.6.18 allows an authenticated unit agent to claim ownership of a newly initialized secret. Between generating a Juju Secret ID and creating the secret's first revision, an attacker authenticated as another unit...

Snyk•added 2026/03/19 12:42 p.m.•2 views

Exploits0References3

Incorrect Ownership Assignment

Overview Affected versions of this package are vulnerable to Incorrect Ownership Assignment in the secrets management process. An attacker can gain unauthorized access to sensitive information by exploiting a race condition between the generation of a secret ID and the creation of the secret's...

6CVSS5.9AI score0.00016EPSS

Exploits0References2

NVD•added 2026/03/18 1:16 p.m.•2 views

CVE-2026-32691

5.3CVSS0.00016EPSS

OSV•added 2026/03/18 1:16 p.m.•0 views

CVE-2026-32691

5.3CVSS5.9AI score

Vulnrichment•added 2026/03/18 12:28 p.m.•2 views

CVE-2026-32691 Timing ownership claim attack on new external back-end secrets

CVE•added 2026/03/18 12:28 p.m.•8 views

CVE-2026-32691

CVE-2026-32691 describes a race condition in the Juju secrets management subsystem affecting Juju versions 3.0.0 through 3.6.18. Between generating a Juju Secret ID and creating the secret’s first revision, an attacker authenticated as another unit agent can claim ownership of a known secret, all...

Exploits0References1Affected Software1

ATTACKERKB•added 2026/03/18 12:28 p.m.•2 views

CVE-2026-32691

Exploits0References2Affected Software1

Positive Technologies•added 2026/01/20 12:0 a.m.•2 views

PT-2026-3742

Summary The getSecretKey template function, while introduced for senhasegura Devops Secrets Management DSM provider, has the ability to fetch secrets cross-namespaces with the roleBinding of the external-secrets controller, bypassing our security mechanisms. This function was completely removed, ...

9.3CVSS5.5AI score

Exploits0References7

The Hacker News•added 2026/01/07 11:0 a.m.•7 views

The Future of Cybersecurity Includes Non-Human Employees

Non-human employees are becoming the future of cybersecurity, and enterprises need to prepare accordingly. As organizations scale Artificial Intelligence AI and cloud automation, there is exponential growth in Non-Human Identities NHIs, including bots, AI agents, service accounts and automation...

7AI score

Fedora•added 2025/12/03 1:40 a.m.•6 views

[SECURITY] Fedora 41 Update: openbao-2.4.4-1.fc41

7.5CVSS7AI score0.00044EPSS

Fedora•added 2025/12/03 1:12 a.m.•4 views

[SECURITY] Fedora 42 Update: openbao-2.4.4-1.fc42

7.5CVSS7AI score0.00036EPSS