Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vault vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-20371
PhotoRange Photo Vault 1.2 appends the password to the URI for authorization, which makes it easier for remote malicious users to bypass intended GET restrictions via a brute-force approach, as demonstrated by "GET /login.html__passwd1" and "GET /login.html__passwd...
Photorange Photo Vault Project Photorange Photo Vault 1.2
2.7
CVSSv3
CVE-2021-2326
Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise Database Vaul...
Oracle Database Vault 12.2.0.1
Oracle Database Vault 19c
NA
CVE-2011-0459
Cross-site scripting (XSS) vulnerability in Cyber-Ark Password Vault Web Access (PVWA) 5.0 and previous versions, 5.5 up to and including 5.5 patch 4, and 6.0 up to and including 6.0 patch 2 allows remote malicious users to inject arbitrary web script or HTML via unspecified vect...
Cyber-ark Password Vault Web Access 5.5
Cyber-ark Password Vault Web Access 6.0
Cyber-ark Password Vault Web Access
Cyber-ark Password Vault Web Access 4.0
4.8
CVSSv3
CVE-2022-47171
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul C. Schroeder IP Vault – WP Firewall plugin <= 1.1 versions.
Ip Vault - Wp Firewall Project Ip Vault - Wp Firewall
4.4
CVSSv3
CVE-2021-38553
HashiCorp Vault and Vault Enterprise 1.4.0 up to and including 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.
Hashicorp Vault
5.3
CVSSv3
CVE-2021-38554
HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases.
Hashicorp Vault
6.5
CVSSv3
CVE-2024-0831
Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the `log_raw` option, which may log sensitive information to other audit devices, regardless of whether they are configured to use `log_raw`.
Hashicorp Vault
5.3
CVSSv3
CVE-2022-30689
HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. F...
Hashicorp Vault
7.5
CVSSv3
CVE-2023-6337
HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the e...
Hashicorp Vault
1 Github repository
5.3
CVSSv3
CVE-2021-3024
HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.
Hashicorp Vault
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »