Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded 2025/08/18 6:15 p.m.3 views

CVE-2025-55299

VaulTLS is a modern solution for managing mTLS mutual TLS certificates. Prior to 0.9.1, user accounts created through the User web UI have an empty but not NULL password set, attackers can use this to login with an empty password. This is combined with that fact, that previously disabling the...

9.4CVSS0.00061EPSS
Exploits0References2
OSV
OSVadded 2025/08/18 5:36 p.m.3 views

CVE-2025-55299 VaulTLS has a password-based login exploit in additional user accounts

VaulTLS is a modern solution for managing mTLS mutual TLS certificates. Prior to 0.9.1, user accounts created through the User web UI have an empty but not NULL password set, attackers can use this to login with an empty password. This is combined with that fact, that previously disabling the...

9.4CVSS6.8AI score0.00061EPSS
Exploits0References4
CVE
CVEadded 2025/08/18 5:36 p.m.21 views

CVE-2025-55299

VaulTLS has an authentication issue prior to 0.9.1: user accounts created via the User web UI may have an empty (non-NULL) password, enabling login with an empty password. This is exacerbated by API login still working after frontend password checks were disabled. The vulnerability is fixed in 0....

9.4CVSS7.1AI score0.00061EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/08/18 5:36 p.m.4 views

CVE-2025-55299 VaulTLS has a password-based login exploit in additional user accounts

VaulTLS is a modern solution for managing mTLS mutual TLS certificates. Prior to 0.9.1, user accounts created through the User web UI have an empty but not NULL password set, attackers can use this to login with an empty password. This is combined with that fact, that previously disabling the...

9.4CVSS7.1AI score0.00061EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/08/18 5:36 p.m.9 views

CVE-2025-55299 VaulTLS has a password-based login exploit in additional user accounts

VaulTLS is a modern solution for managing mTLS mutual TLS certificates. Prior to 0.9.1, user accounts created through the User web UI have an empty but not NULL password set, attackers can use this to login with an empty password. This is combined with that fact, that previously disabling the...

9.4CVSS0.00061EPSS
Exploits0References2
CNNVD
CNNVDadded 2025/08/18 12:0 a.m.3 views

VaulTLS 安全漏洞

VaulTLS is a modern solution from Emily Ehlert Personal Developer to easily manage mTLS two-way TLS certificates. A security vulnerability exists in VaulTLS versions prior to 0.9.1 that stems from an empty password setup and API login bypass, which could lead to unauthorized access...

9.4CVSS6.8AI score0.00061EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2025/08/18 12:0 a.m.3 views

PT-2025-33679 · Vaultls · Vaultls

Name of the Vulnerable Software and Affected Versions: VaulTLS versions prior to 0.9.1 Description: VaulTLS is a solution for managing mTLS mutual TLS certificates. User accounts created through the User web UI have an empty password set, allowing attackers to log in with a blank password...

9.4CVSS7.4AI score0.00061EPSS
Exploits0References11
Rows per page
Query Builder