Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the kvv2 process. An attacker can cause unauthorized deletion of secrets by exploiting policy configurations containing a glob pattern, which may result in service disruption...

EUVD-2024-2227

Malicious code in bioql PyPI...

EUVD-2024-53883

Malicious code in bioql PyPI...

Malicious code in vault-api-redux-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 15cac4b456079ac507ddcba10b8fb9b258c916f8fcc7d22565567810a43d6a63 The OpenSSF Package Analysis project identified 'vault-api-redux-client' @ 9000.0.0 npm as malicious. It is considered malicious because: - The...

MAL-2025-47515 Malicious code in vault-api-redux-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 15cac4b456079ac507ddcba10b8fb9b258c916f8fcc7d22565567810a43d6a63 The OpenSSF Package Analysis project identified 'vault-api-redux-client' @ 9000.0.0 npm as malicious. It is considered malicious because: - The...

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment via the identity endpoint in the root namespace. An attacker can gain unauthorized access to elevated privileges by modifying token permissions to use the root policy. Remediation Upgrade...

CVE-2025-4166

Vault Community and Vault Enterprise Key/Value kv Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret creation or update operations via the Vault REST API. This vulnerability, identified as CVE-2025-4166, is...

CVE-2024-43779

An information disclosure vulnerability exists in the Vault API functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to reading vaults that have been previously disabled, possibly leaking sensitive credentials. An attacker can send a series of HTTP...

CVE-2024-43779

CVE-2024-43779 is a information-disclosure vulnerability in ClearML Enterprise Server 3.22.5-1533. The root cause is that the Vault API can expose disabled vault items, allowing an authenticated user to retrieve vault contents via API requests (notably GET /api/v2.30/users.get_vaults). Cisco Talo...

ClearML Vault API disabled vaults retrieval vulnerability

Talos Vulnerability Report TALOS-2024-2112 ClearML Vault API disabled vaults retrieval vulnerability February 6, 2025 CVE Number CVE-2024-43779 SUMMARY An information disclosure vulnerability exists in the Vault API functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP...

CVE-2021-36750

ENC DataVault before 7.2 and VaultAPI v67 mishandle key derivation, making it easier for attackers to determine the passwords of all DataVault users across USB drives sold under multiple brand names...