Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vault vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-20371
PhotoRange Photo Vault 1.2 appends the password to the URI for authorization, which makes it easier for remote malicious users to bypass intended GET restrictions via a brute-force approach, as demonstrated by "GET /login.html__passwd1" and "GET /login.html__passwd...
Photorange Photo Vault Project Photorange Photo Vault 1.2
2.7
CVSSv3
CVE-2021-2326
Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise Database Vaul...
Oracle Database Vault 12.2.0.1
Oracle Database Vault 19c
NA
CVE-2011-0459
Cross-site scripting (XSS) vulnerability in Cyber-Ark Password Vault Web Access (PVWA) 5.0 and previous versions, 5.5 up to and including 5.5 patch 4, and 6.0 up to and including 6.0 patch 2 allows remote malicious users to inject arbitrary web script or HTML via unspecified vect...
Cyber-ark Password Vault Web Access 5.5
Cyber-ark Password Vault Web Access 6.0
Cyber-ark Password Vault Web Access
Cyber-ark Password Vault Web Access 4.0
4.8
CVSSv3
CVE-2022-47171
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul C. Schroeder IP Vault – WP Firewall plugin <= 1.1 versions.
Ip Vault - Wp Firewall Project Ip Vault - Wp Firewall
8.1
CVSSv3
CVE-2021-42135
HashiCorp Vault and Vault Enterprise 1.8.x up to and including 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the ...
Hashicorp Vault
8.2
CVSSv3
CVE-2020-16250
HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1..
Hashicorp Vault
1 Github repository
5.3
CVSSv3
CVE-2021-38554
HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases.
Hashicorp Vault
8.1
CVSSv3
CVE-2023-24999
HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, ...
Hashicorp Vault
7.4
CVSSv3
CVE-2021-32923
HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, ...
Hashicorp Vault
6.8
CVSSv3
CVE-2023-4680
HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially d...
Hashicorp Vault
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »