| CVE-2026-42186 |
high |
7.5 |
7.5 |
|
|
|
20d ago |
OpenBao's Namespace Deletion May Not Delete Data Properly |
| CVE-2026-39396 |
medium |
6.5 |
6.5 |
|
|
|
1mo ago |
OpenBao: Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS) |
| CVE-2026-46405 |
unknown |
— |
— |
|
|
|
6d ago |
OpenBao's Kerberos Auth Method Accumulates Unaccessible Tokens |
| CVE-2026-46358 |
unknown |
— |
— |
|
|
|
6d ago |
OpenBao's Inline Auth Incorrectly Redacted Headers |
| CVE-2026-45808 |
unknown |
— |
— |
|
|
|
6d ago |
OpenBao's cross-namespace lease revocation via legacy sys/revoke path bypasses ACL |
| CVE-2026-40264 |
unknown |
— |
— |
|
|
|
1mo ago |
OpenBao's Token Store Allows Cross-Namespace Renewal, Revocation |
| CVE-2026-39946 |
unknown |
— |
— |
|
|
|
1mo ago |
OpenBao's SQL Injection in PostgreSQL database secrets engine |
| CVE-2026-39388 |
unknown |
— |
— |
|
|
|
1mo ago |
OpenBao's Certificate Authentication Allows Token Renewal With Different Certificate |
| CVE-2026-33758 |
unknown |
— |
— |
|
|
|
2mo ago |
OpenBao has Reflected XSS in its OIDC authentication error message in github.com/openbao/openbao |
| CVE-2026-33757 |
unknown |
— |
— |
|
|
|
2mo ago |
OpenBao lacks user confirmation for OIDC direct callback mode in github.com/openbao/openbao |
| CVE-2025-64761 |
unknown |
— |
— |
|
|
|
6mo ago |
OpenBao is Vulnerable to Privileged Operator Identity Group Root Escalation in github.com/openbao/openbao |
| CVE-2025-62705 |
unknown |
— |
— |
|
|
|
7mo ago |
OpenBao and Vault Leak []byte Fields in Audit Logs in github.com/openbao/openbao |
| CVE-2025-62513 |
unknown |
— |
— |
|
|
|
7mo ago |
OpenBao leaks HTTPRawBody in Audit Logs in github.com/openbao/openbao |
| CVE-2025-59043 |
unknown |
— |
— |
|
|
|
8mo ago |
OpenBao has potential Denial of Service vulnerability when processing malicious unauthenticated JSON requests in github.com/openbao/openbao |
| CVE-2025-55001 |
unknown |
— |
— |
|
|
|
10mo ago |
OpenBao LDAP MFA Enforcement Bypass When Using Username As Alias in github.com/openbao/openbao |
| CVE-2025-55003 |
unknown |
— |
— |
|
|
|
10mo ago |
OpenBao Login MFA Bypass of Rate Limiting and TOTP Token Reuse in github.com/openbao/openbao |
| CVE-2025-55000 |
unknown |
— |
— |
|
|
|
10mo ago |
OpenBao TOTP Secrets Engine Code Reuse in github.com/openbao/openbao |
| CVE-2025-54999 |
unknown |
— |
— |
|
|
|
10mo ago |
OpenBao has a Timing Side-Channel in the Userpass Auth Method in github.com/openbao/openbao |
| CVE-2025-54998 |
unknown |
— |
— |
|
|
|
10mo ago |
OpenBao Userpass and LDAP User Lockout Bypass in github.com/openbao/openbao |
| CVE-2025-54997 |
unknown |
— |
— |
|
|
|
10mo ago |
Privileged OpenBao Operator May Execute Code on the Underlying Host in github.com/openbao/openbao |
| CVE-2025-54996 |
unknown |
— |
— |
|
|
|
10mo ago |
OpenBao Root Namespace Operator May Elevate Token Privileges in github.com/openbao/openbao |
| CVE-2025-52894 |
unknown |
— |
— |
|
|
|
11mo ago |
OpenBao allows cancellation of root rekey and recovery rekey operations without authentication in github.com/openbao/openbao |
| CVE-2024-8185 |
unknown |
— |
— |
|
|
|
2y ago |
Hashicorp Vault vulnerable to denial of service through memory exhaustion in github.com/hashicorp/vault |
| CVE-2024-9180 |
unknown |
— |
— |
|
|
|
2y ago |
Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault |
| CVE-2024-7594 |
unknown |
— |
— |
|
|
|
2y ago |
Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default in github.com/hashicorp/vault |
