14 matches found
SUSE CVE-2025-6014
Vault and Vault Enterprise's “Vault” TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...
SUSE CVE-2026-3605
An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, resulting in denial-of-service. This vulnerability did not allow a malicious user to delete secrets across namespaces, nor read any secret...
GHSA-M2W4-8GGF-RJ47 HashiCorp Vault has a KVv2 Metadata and Secret Deletion Policy Bypass that leads to Denial-of-Service
An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, resulting in denial-of-service. This vulnerability did not allow a malicious user to delete secrets across namespaces, nor read any secret...
CVE-2026-5052
Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges. This may lead to these requests being sent to local network targets, potentially leading to information disclosure. Fixed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0,...
PT-2025-43549
Name of the Vulnerable Software and Affected Versions HashiCorp Vault versions prior to 1.16.27 HashiCorp Vault Enterprise versions prior to 1.16.27 HashiCorp Vault versions prior to 1.19.11 HashiCorp Vault Enterprise versions prior to 1.19.11 HashiCorp Vault versions prior to 1.20.5 HashiCorp...
EUVD-2022-29940
Malicious code in bioql PyPI...
EUVD-2025-23390
Malicious code in bioql PyPI...
CVE-2025-6203 Vault unauthenticated denial of service through complex json payload
A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server to become...
SUSE CVE-2025-6000
A privileged Vault operator within the root namespace with write permission to sys/audit may obtain code execution on the underlying host if a plugin directory is set in Vault's configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...
CVE-2025-5999 Vault Root Namespace Operator May Elevate Token Privileges
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11 and 1.16.22...
AZL-34585 CVE-2023-6337 affecting package cert-manager for versions less than 1.12.12-1
HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of...
Veritas Enterprise Vault 代码问题漏洞
Veritas Enterprise Vault is an enterprise-class file protection and archive automation software from Veritas, Inc. A security vulnerability exists in Veritas Enterprise Vault 14.1.2 and prior versions, where Enterprise Vault applications start multiple services that listen for commands from clien...
Hashicorp HashiCorp Vault 安全漏洞
Hashicorp HashiCorp Vault is a private key access management tool from HashiCorp Hashicorp, USA. A security vulnerability exists in HashiCorp Vault andVault Enterprise versions 1.8.0 through 1.8.4, which stems from the possibility of unexpected interactions between the software's globally relevan...
Oracle Database Server 输入验证错误漏洞
Oracle Database Server is an object-one relational database management system that provides an open, comprehensive, and integrated approach to information management. A security vulnerability exists in the Database Vault component of Oracle Database Server versions 12.1.0.2, 12.2.0.1, 18c, and 19...