|
HCSEC-2025-24 - Vault Denial of Service Though Complex JSON Payloads
|
|
0
|
1799
|
August 28, 2025
|
|
HCSEC-2025-13 - Vault Root Namespace Operator May Elevate Token Privileges
|
|
0
|
1999
|
August 1, 2025
|
|
HCSEC-2025-22 - Multiple Vulnerabilities Impacting HashiCorp Vault and Vault Enterprise
|
|
0
|
5022
|
August 6, 2025
|
|
HCSEC-2025-21 - Vault User Enumeration in Userpass Auth Method
|
|
0
|
1458
|
August 6, 2025
|
|
HCSEC-2025-20 - Vault LDAP MFA Enforcement Bypass When Using Username As Alias
|
|
0
|
1716
|
August 6, 2025
|
|
HCSEC-2025-17 - Vault TOTP Secrets Engine Code Reuse
|
|
0
|
1224
|
August 1, 2025
|
|
HCSEC-2025-19 - Vault Login MFA Bypass of Rate Limiting and TOTP Token Reuse
|
|
0
|
1272
|
August 1, 2025
|
|
HCSEC-2025-18 - Vault Certificate Auth Method Did Not Validate Common Name For Non-CA Certificates
|
|
0
|
1258
|
August 1, 2025
|
|
HCSEC-2025-16 - Vault Userpass and LDAP User Lockout Bypass
|
|
0
|
1374
|
August 1, 2025
|
|
HCSEC-2025-15 - Timing Side-Channel in Vault’s Userpass Auth Method
|
|
0
|
1226
|
August 1, 2025
|
|
HCSEC-2025-14 - Privileged Vault Operator May Execute Code on the Underlying Host
|
|
0
|
4490
|
August 1, 2025
|
|
HCSEC-2025-11 Vault Vulnerable to Recovery Key Cancellation Denial of Service
|
|
0
|
912
|
June 25, 2025
|
|
HCSEC-2025-09 - Vault May Expose Sensitive Information in Error Logs When Processing Malformed Data With the KV v2 Plugin
|
|
0
|
1825
|
May 2, 2025
|
|
HCSEC-2025-07 - Vault’s Azure Authentication Method bound_location Restriction Could be Bypassed on Login
|
|
0
|
904
|
May 2, 2025
|
|
HCSEC-2024-26 - Vault Vulnerable to Denial of Service Through Memory Exhaustion When Processing Raft Cluster Join Requests
|
|
0
|
1650
|
October 31, 2024
|
|
HCSEC-2024-21 - Vault Operators in Root Namespace May Elevate Their Privileges
|
|
0
|
3004
|
October 10, 2024
|
|
HCSEC-2024-20 - Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default
|
|
0
|
2403
|
September 26, 2024
|
|
HCSEC-2024-18 - Vault Leaks Client Token and Token Accessor in Audit Devices
|
|
0
|
2965
|
August 31, 2024
|
|
HCSEC-2024-14 - Vault Vulnerable to Denial of Service When Setting a Proxy Protocol Behavior
|
|
0
|
2206
|
July 11, 2024
|
|
HCSEC-2024-11 - Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
|
|
0
|
3818
|
June 12, 2024
|
|
HCSEC-2024-10 - Vault Enterprise Leaks Sensitive HTTP Request Headers in Audit Log When Deployed With a Performance Standby Node
|
|
0
|
4107
|
April 30, 2024
|
|
HCSEC-2024-07 - Vault TLS Cert Auth Method Did Not Correctly Validate OCSP Responses
|
|
0
|
5371
|
April 4, 2024
|
|
HCSEC-2024-05 - Vault Cert Auth Method Did Not Correctly Validate Non-CA Certificates
|
|
0
|
9930
|
March 4, 2024
|
|
HCSEC-2024-01 - Vault May Expose Sensitive Information When Configuring An Audit Log Device
|
|
0
|
6522
|
February 1, 2024
|
|
HCSEC-2023-34 - Vault Vulnerable to Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests
|
|
0
|
9522
|
December 8, 2023
|
|
HCSEC-2023-33 - Vault Requests Triggering Policy Checks May Lead To Unbounded Memory Consumption
|
|
0
|
7935
|
November 9, 2023
|
|
HCSEC-2023-32 - Vault, Consul, and Boundary Affected By HTTP/2 “Rapid Reset” Denial of Service Vulnerability (CVE-2023-44487)
|
|
0
|
13482
|
November 2, 2023
|
|
HCSEC-2023-30 - Vault’s Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets
|
|
0
|
7880
|
September 28, 2023
|
|
HCSEC-2023-29 - Vault Enterprise’s Sentinel RGP Policies Allowed For Cross-Namespace Denial of Service
|
|
0
|
7974
|
September 28, 2023
|
|
HCSEC-2023-28 - Vault’s Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption
|
|
0
|
8458
|
September 14, 2023
|