CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

67 matches found

SUSE CVE•added 2026/05/20 3:2 a.m.•2 views

SUSE CVE-2025-6037

Vault and Vault Enterprise “Vault” TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as +trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/certcertificate. In this configuration, an attacker may be able to...

6.8CVSS6AI score0.0021EPSS

Exploits0References3

IBM Security Bulletins•added 2026/05/12 7:40 p.m.•9 views

Security Bulletin: Vault Token Leaked to Backends via Authorization: Bearer Passthrough Header

Summary If a Vault auth mount is configured to pass through the "Authorization" header, and the "Authorization" header is used to authenticate to Vault, Vault forwarded the Vault token to the auth plugin backend. Fixed in 2.0.0, 1.21.5, 1.20.10, and 1.19.16. Vulnerability Details...

8.8CVSS5.7AI score0.00309EPSS

Exploits0Affected Software1

SUSE CVE•added 2026/05/12 3:58 a.m.•2 views

SUSE CVE-2025-6015

Vault and Vault Enterprise's “Vault” login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

5.7CVSS5.8AI score0.00274EPSS

Exploits0References3

EUVD•added 2026/04/17 6:31 a.m.•26 views

EUVD-2026-23362

Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot. This prevents legitimate operators from completing these workflows. This...

7.5CVSS5.8AI score0.0046EPSS

Exploits0References2

NVD•added 2026/04/17 5:16 a.m.•38 views

CVE-2026-5807

7.5CVSS0.0046EPSS

Exploits0References1

ATTACKERKB•added 2026/04/17 3:22 a.m.•1 views

CVE-2026-5807

7.5CVSS5.8AI score0.0046EPSS

Exploits0References2

OSV•added 2025/10/28 11:51 a.m.•7 views

BIT-VAULT-2025-11621 Vault AWS auth method bypass due to AWS client cache

Vault and Vault Enterprise’s “Vault” AWS Auth method may be susceptible to authentication bypass if the role of the configured boundprincipaliam is the same across AWS accounts, or uses a wildcard. This vulnerability, CVE-2025-11621, is fixed in Vault Community Edition 1.21.0 and Vault Enterprise...

8.1CVSS6.7AI score0.00496EPSS

Exploits0References2

Github Security Blog•added 2025/10/23 9:31 p.m.•12 views

Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON

Vault and Vault Enterprise "Vault" are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for +HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393...

7.5CVSS6.8AI score0.00519EPSS

Exploits0References5Affected Software1

OSV•added 2025/10/23 9:31 p.m.•4 views

GHSA-VP5W-XCFC-73WF Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON

7.5CVSS6.8AI score0.00519EPSS

Exploits0References5

Redos•added 2025/10/20 12:0 a.m.•4 views

ROS-20251020-05

Vulnerability in the audit subroutine of the enterprise information archiving platforms Vault Enterprise and Vault Community Edition is related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service by sending...

7.5CVSS6.6AI score0.00697EPSS

Exploits0

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2024-2820