Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

23 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2025-24033

Malicious code in bioql PyPI...

6.5CVSS6.2AI score0.00163EPSS
Exploits0References5
Redos
Redosadded 2025/09/12 12:0 a.m.2 views

ROS-20250912-13

A vulnerability in OpenBao's secret management and encryption system is related to an unexpected normalization in the in the TOTP base library. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data A vulnerability in the OpenBao secret management and encryptio...

9.1CVSS7.2AI score0.00276EPSS
Exploits0
Veracode
Veracodeadded 2025/08/26 9:31 a.m.2 views

Broken Authentication

github.com/hashicorp/vault is vulnerable to Broken Authentication. The vulnerability is due to improper MFA enforcement when usernameasalias is set to true and a user has multiple CNs with leading or trailing spaces, which allows attackers to bypass MFA authentication...

8.1CVSS6AI score0.00163EPSS
Exploits0References3Affected Software1
SUSE CVE
SUSE CVEadded 2025/08/11 11:22 p.m.1 views

SUSE CVE-2025-55001

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao allowed the assignment of policies and MFA attribution based upon entity aliases, chosen by the underlying auth method. Whe...

6.5CVSS6.8AI score0.0006EPSS
Exploits0References4
OSV
OSVadded 2025/08/11 5:59 p.m.3 views

GO-2025-3859 OpenBao LDAP MFA Enforcement Bypass When Using Username As Alias in github.com/openbao/openbao

OpenBao LDAP MFA Enforcement Bypass When Using Username As Alias in github.com/openbao/openbao. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerabilit...

8.1CVSS7AI score0.00163EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2025/08/11 2:30 a.m.4 views

CVE-2025-55001

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao allowed the assignment of policies and MFA attribution based upon entity aliases, chosen by the underlying auth method. Whe...

6.5CVSS6.6AI score0.0006EPSS
Exploits0References1
Snyk
Snykadded 2025/08/09 2:41 a.m.1 views

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization via the usernameasalias parameter in the LDAP authentication process. An attacker can gain unauthorized access to resources protected by multi-factor authentication by supplying a crafted username that bypasses...

8.5CVSS7.1AI score0.0006EPSS
Exploits0References2
Snyk
Snykadded 2025/08/09 2:41 a.m.1 views

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization via the usernameasalias parameter in the LDAP authentication process. An attacker can gain unauthorized access to resources protected by multi-factor authentication by supplying a crafted username that bypasses...

8.5CVSS7.1AI score0.0006EPSS
Exploits0References2
Snyk
Snykadded 2025/08/09 2:41 a.m.1 views

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization via the usernameasalias parameter in the LDAP authentication process. An attacker can gain unauthorized access to resources protected by multi-factor authentication by supplying a crafted username that bypasses...

8.5CVSS7.1AI score0.0006EPSS
Exploits0References2
Snyk
Snykadded 2025/08/09 2:41 a.m.1 views

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization via the usernameasalias parameter in the LDAP authentication process. An attacker can gain unauthorized access to resources protected by multi-factor authentication by supplying a crafted username that bypasses...

8.5CVSS7.1AI score0.0006EPSS
Exploits0References2
Snyk
Snykadded 2025/08/09 2:41 a.m.1 views

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization via the usernameasalias parameter in the LDAP authentication process. An attacker can gain unauthorized access to resources protected by multi-factor authentication by supplying a crafted username that bypasses...

8.5CVSS7.1AI score0.0006EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/08/09 2:1 a.m.4 views

CVE-2025-55001 OpenBao LDAP MFA Enforcement Bypass When Using Username As Alias

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao allowed the assignment of policies and MFA attribution based upon entity aliases, chosen by the underlying auth method. Whe...

6.5CVSS0.0006EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2025/08/09 2:1 a.m.2 views

CVE-2025-55001 OpenBao LDAP MFA Enforcement Bypass When Using Username As Alias

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao allowed the assignment of policies and MFA attribution based upon entity aliases, chosen by the underlying auth method. Whe...

6.5CVSS6.9AI score0.0006EPSS
Exploits0References3
OSV
OSVadded 2025/08/09 2:1 a.m.5 views

CVE-2025-55001 OpenBao LDAP MFA Enforcement Bypass When Using Username As Alias

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao allowed the assignment of policies and MFA attribution based upon entity aliases, chosen by the underlying auth method. Whe...

6.5CVSS6.5AI score0.0006EPSS
Exploits0References5
CVE
CVEadded 2025/08/09 2:1 a.m.23 views

CVE-2025-55001

OpenBao OpenBao LDAP MFA enforcement bypass (CVE-2025-55001) affects version 2.3.1 and earlier. When username_as_alias=true is used with LDAP auth, the caller-supplied username is used verbatim, bypassing alias-specific MFA requirements and potentially exposing confidential data and keys. The iss...

6.5CVSS6.6AI score0.0006EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blogadded 2025/08/08 3:17 p.m.4 views

OpenBao LDAP MFA Enforcement Bypass When Using Username As Alias

Impact OpenBao allows assignment of policies and MFA attribution based upon entity aliases, chosen by the underlying auth method. When using the usernameasalias=true parameter in the LDAP auth method, the caller-supplied username is used verbatim without normalization, allowing an attacker to...

6.5CVSS6AI score0.0006EPSS
Exploits0References6Affected Software1
OSV
OSVadded 2025/08/08 3:17 p.m.3 views

GHSA-2Q8Q-8FGW-9P6P OpenBao LDAP MFA Enforcement Bypass When Using Username As Alias

Impact OpenBao allows assignment of policies and MFA attribution based upon entity aliases, chosen by the underlying auth method. When using the usernameasalias=true parameter in the LDAP auth method, the caller-supplied username is used verbatim without normalization, allowing an attacker to...

6.5CVSS6.5AI score0.00163EPSS
Exploits0References6
SUSE CVE
SUSE CVEadded 2025/08/06 11:26 p.m.1 views

SUSE CVE-2025-6013

Vault and Vault Enterprise's "Vault" ldap auth method may not have correctly enforced MFA if usernameasalias was set to true and a user had multiple CNs that are equal but with leading or trailing spaces. Fixed in Vault Community Edition 1.20.2 and Vault Enterprise 1.20.2, 1.19.8, 1.18.13, and...

6.5CVSS6.6AI score0.00163EPSS
Exploits0References4
Snyk
Snykadded 2025/08/06 12:31 p.m.2 views

Improper Neutralization

Overview github.com/hashicorp/vault/builtin/credential/ldap is a package ldap for Hashicorp. Affected versions of this package are vulnerable to Improper Neutralization in the ldap authentication method when usernameasalias is enabled and a user has multiple CNs that are equal except for leading ...

8.5CVSS7.1AI score0.00163EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/08/06 10:6 a.m.2 views

CVE-2025-6013 Vault LDAP MFA Enforcement Bypass When Using Username As Alias

Vault and Vault Enterprise’s “Vault” ldap auth method may not have correctly enforced MFA if usernameasalias was set to true and a user had multiple CNs that are equal but with leading or trailing spaces. Fixed in Vault Community Edition 1.20.2 and Vault Enterprise 1.20.2, 1.19.8, 1.18.13, and...

6.5CVSS6.4AI score0.00163EPSS
Exploits0References1
Rows per page
Query Builder