CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

17 matches found

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2025-23387

Malicious code in bioql PyPI...

9.1CVSS7.7AI score0.00588EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-23388

Malicious code in bioql PyPI...

7.2CVSS6.5AI score0.00158EPSS

Exploits0References3

OSV•added 2025/08/05 8:52 a.m.•11 views

BIT-VAULT-2025-6000 Arbitrary Remote Code Execution via Plugin Catalog Abuse

A privileged Vault operator within the root namespace with write permission to sys/audit may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

9.1CVSS6.6AI score0.00588EPSS

Exploits0References2

OSV•added 2025/08/05 8:52 a.m.•3 views

BIT-VAULT-2025-5999 Vault Root Namespace Operator May Elevate Token Privileges

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11 and 1.16.22...

7.2CVSS6.5AI score0.00158EPSS

Exploits0References2

SUSE CVE•added 2025/08/04 11:25 p.m.•1 views

SUSE CVE-2025-6000

A privileged Vault operator within the root namespace with write permission to sys/audit may obtain code execution on the underlying host if a plugin directory is set in Vault's configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

8CVSS8AI score0.00588EPSS

Exploits0References4

RedhatCVE•added 2025/08/04 9:33 a.m.•2 views

CVE-2025-6000

A flaw was found in github.com/hashicorp/vault. This vulnerability allows a privileged Vault operator with write access to the sys/audit endpoint to achieve code execution on the host system if a plugin directory is configured. This issue arises from the operator's ability to write malicious code...

9.1CVSS6.7AI score0.00588EPSS

Exploits0References5

OSV•added 2025/08/01 6:31 p.m.•5 views

GHSA-6H4P-M86H-HHGH Hashicorp Vault has Privilege Escalation Vulnerability

7.2CVSS6.4AI score0.00158EPSS

Exploits0References3

Github Security Blog•added 2025/08/01 6:31 p.m.•9 views

Hashicorp Vault has Privilege Escalation Vulnerability

7.2CVSS7.3AI score0.00158EPSS

Exploits0References3Affected Software1

NVD•added 2025/08/01 6:15 p.m.•5 views

CVE-2025-6000

9.1CVSS0.00588EPSS

Exploits0References1

NVD•added 2025/08/01 6:15 p.m.•4 views

CVE-2025-5999

7.2CVSS0.00158EPSS

Exploits0References1

OSV•added 2025/08/01 6:15 p.m.•2 views

CVE-2025-5999

7.2CVSS7.3AI score

Exploits0References1

CVE•added 2025/08/01 5:40 p.m.•75 views

CVE-2025-6000

CVE-2025-6000 affects HashiCorp Vault where a privileged Vault operator in the root namespace with write access to {{sys/audit}} can trigger code execution on the host via a misconfigured plugin directory. Connected advisories corroborate the root-namespace operator scenario and the plugin-direct...

9.1CVSS7.6AI score0.00588EPSS

Exploits0References1Affected Software1

Cvelist•added 2025/08/01 5:38 p.m.•6 views

CVE-2025-5999 Vault Root Namespace Operator May Elevate Token Privileges

7.2CVSS0.00158EPSS

Exploits0References1

CVE•added 2025/08/01 5:38 p.m.•45 views

CVE-2025-5999

CVE-2025-5999 affects Vault: a privileged operator with write access to the root namespace identity endpoints can escalate tokens to Vault root policy. The issue is confirmed in multiple OSV/GHSA entries and maps to OpenBao/HASHICorp disclosures. Affected product surface is the identity/group/end...

7.2CVSS7.4AI score0.00158EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2025/08/01 12:0 a.m.•2 views

PT-2025-31661

Name of the Vulnerable Software and Affected Versions HashiCorp Vault versions prior to 1.20.1 HashiCorp Vault versions 1.19.7 and earlier HashiCorp Vault versions 1.18.12 and earlier HashiCorp Vault versions 1.16.23 and earlier HashiCorp Vault versions 0.8.0 through 1.16.22 HashiCorp Vault...

9.1CVSS8.2AI score0.00588EPSS

Exploits0References48

Positive Technologies•added 2025/08/01 12:0 a.m.•2 views

PT-2025-31660

Name of the Vulnerable Software and Affected Versions Vault Community Edition versions prior to 1.20.0 Vault Enterprise versions prior to 1.20.0 Vault Enterprise version 1.19.6 Vault Enterprise version 1.18.11 Vault Enterprise version 1.16.22 Description A privileged Vault operator with write...

9.1CVSS7AI score0.00588EPSS

Exploits0References39

OSV•added 2024/10/10 9:15 p.m.•8 views

CVE-2024-9180

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16...

7.2CVSS7AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by