Hashicorp Vault Enterprise Vulnerabilities
Hashicorp Vault Enterprise vulnerabilities.
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
LDAP Authentication Flaw in HashiCorp Vault and Vault Enterprise
CVE-2025-6013HashicorpVault6.5MEDIUMMFA Bypass and Token Reuse in HashiCorp Vault and Vault Enterprise
CVE-2025-6015HashicorpVault5.7MEDIUMTiming Side Channel Vulnerability in Vault and Vault Enterprise
CVE-2025-6011HashicorpVault3.7LOWUser Lockout Bypass in Vault by HashiCorp
CVE-2025-6004HashicorpVault5.3MEDIUMTLS Certificate Authentication Issue in HashiCorp Vault Products
CVE-2025-6037HashicorpVault6.8MEDIUMCode Reuse Vulnerability in HashiCorp Vault's TOTP Secrets Engine
CVE-2025-6014HashicorpVault6.5MEDIUMPrivileged Code Execution Vulnerability in HashiCorp Vault
CVE-2025-6000HashicorpVault9.1CRITICALPrivilege Escalation Vulnerability in HashiCorp Vault by HashiCorp
CVE-2025-5999HashicorpVault7.2HIGHDenial of Service Vulnerability in HashiCorp Vault Community and Enterprise Products
CVE-2025-4656HashicorpVault3.1LOWAuthentication Method Flaw in Vault by HashiCorp
CVE-2025-3879HashicorpVault6.6MEDIUMSensitive Information Exposure in HashiCorp Vault Key/Value Plugin
CVE-2025-4166HashicorpVault4.5MEDIUMRoot Privileges Escalation Vulnerability in Vault
CVE-2024-9180HashicorpVault7.2HIGHVault SSH secrets engine vulnerability: unauthorized access via SSH certificates
CVE-2024-7594HashicorpVault7.5HIGHVault Leaks AppRole Client Tokens And Accessor in Audit Log
CVE-2024-8365HashicorpVault6.5MEDIUMVault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
CVE-2024-5798HashicorpVault2.6LOWVault Enterprise Leaks Sensitive HTTP Request Headers in the Audit Log When Deployed With a Performance Standby Node
CVE-2024-2877HashicorpVault Enterprise5.5MEDIUMOCSP Response Validation Fix for Vault and Vault Enterprise TLS Certificates
CVE-2024-2660HashicorpVault6.4MEDIUMCertificate Validation Bypass Vulnerability
CVE-2024-2048HashicorpVaultππ°8.1HIGHVault May Expose Sensitive Information When Configuring An Audit Log Device
CVE-2024-0831HashicorpVault4.5MEDIUMVault May be Vulnerable to a Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests
CVE-2023-6337HashicorpVault7.5HIGHVault Requests Triggering Policy Checks May Lead To Unbounded Memory Consumption
CVE-2023-5954HashicorpVault5.9MEDIUMVault Enterprise's Sentinel RGP Policies Allowed For Cross-Namespace Denial of Service
CVE-2023-3775HashicorpVault Enterprise4.9MEDIUMVault's Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets
CVE-2023-5077HashicorpVault7.5HIGHVault's Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption
CVE-2023-4680HashicorpVault6.8MEDIUMVault's LDAP Auth Method Allows for User Enumeration
CVE-2023-3462HashicorpVault5.3MEDIUM