Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vault vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2018-20371
PhotoRange Photo Vault 1.2 appends the password to the URI for authorization, which makes it easier for remote malicious users to bypass intended GET restrictions via a brute-force approach, as demonstrated by "GET /login.html__passwd1" and "GET /login.html__passwd...
Photorange Photo Vault Project Photorange Photo Vault 1.2
356
VMScore
CVE-2021-2326
Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise Database Vaul...
Oracle Database Vault 12.2.0.1
Oracle Database Vault 19c
383
VMScore
CVE-2011-0459
Cross-site scripting (XSS) vulnerability in Cyber-Ark Password Vault Web Access (PVWA) 5.0 and previous versions, 5.5 up to and including 5.5 patch 4, and 6.0 up to and including 6.0 patch 2 allows remote malicious users to inject arbitrary web script or HTML via unspecified vect...
Cyber-ark Password Vault Web Access 5.5
Cyber-ark Password Vault Web Access 6.0
Cyber-ark Password Vault Web Access
Cyber-ark Password Vault Web Access 4.0
NA
CVE-2022-47171
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul C. Schroeder IP Vault – WP Firewall plugin <= 1.1 versions.
Ip Vault - Wp Firewall Project Ip Vault - Wp Firewall
NA
CVE-2023-5954
HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10.
Hashicorp Vault
NA
CVE-2024-0831
Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the `log_raw` option, which may log sensitive information to other audit devices, regardless of whether they are configured to use `log_raw`.
Hashicorp Vault
516
VMScore
CVE-2021-32923
HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, ...
Hashicorp Vault
NA
CVE-2023-0620
HashiCorp Vault and Vault Enterprise versions 0.8.0 up to and including 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized ...
Hashicorp Vault
445
VMScore
CVE-2020-35453
HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Fixed in 1.5.6 and 1.6.1.
Hashicorp Vault
445
VMScore
CVE-2020-13223
HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. Fixed in 1.3.6 and 1.4.2.
Hashicorp Vault
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »