| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-5807 | Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations | HashiCorp | Vault | High | 7.5 | 2026-04-17 03:22:14 | Deep Dive |
| CVE-2026-4525 | Vault Token Leaked to Backends via Authorization: Bearer Passthrough Header | HashiCorp | Vault | High | 7.5 | 2026-04-17 03:00:48 | Deep Dive |
| CVE-2026-5052 | Vault Vulnerable to Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS | HashiCorp | Vault | Medium | 5.3 | 2026-04-17 02:55:25 | Deep Dive |
| CVE-2026-3605 | Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service | HashiCorp | Vault | High | 8.1 | 2026-04-17 02:44:42 | Deep Dive |
| CVE-2021-47921 | Free Photo & Video Vault 0.0.2 Directory Traversal Vulnerability via Web Request | Author: Scott Ferreira | Free Photo & Video Vault - WiFi Transfer | Medium | 6.5 | 2026-02-01 12:56:57 | Deep Dive |
| CVE-2025-67642 | Jenkins HashiCorp Vault Plugin 安全漏洞 | Jenkins Project | Jenkins HashiCorp Vault Plugin | - | - | 2025-12-10 16:50:40 | Deep Dive |
| CVE-2025-12044 | Vault Vulnerable to Denial of Service Due to Rate Limit Regression | HashiCorp | Vault | High | 7.5 | 2025-10-23 19:15:17 | Deep Dive |
| CVE-2025-11621 | Vault AWS auth method bypass due to AWS client cache | HashiCorp | Vault | High | 8.1 | 2025-10-23 19:08:55 | Deep Dive |
| CVE-2025-9695 | GalleryVault Gallery Vault App com.thinkyeah.galleryvault AndroidManifest.xml improper export of android application components | GalleryVault | Gallery Vault App | Medium | 5.3 | 2025-08-30 15:32:07 | Deep Dive |
| CVE-2025-6203 | Vault unauthenticated denial of service through complex json payload | HashiCorp | Vault | High | 7.5 | 2025-08-28 19:36:10 | Deep Dive |
| CVE-2025-6013 | Vault LDAP MFA Enforcement Bypass When Using Username As Alias | HashiCorp | Vault | Medium | 6.5 | 2025-08-06 10:06:56 | Deep Dive |
| CVE-2025-6015 | Vault Login MFA Bypass of Rate Limiting and TOTP Code Reuse | HashiCorp | Vault | Medium | 5.7 | 2025-08-01 18:03:53 | Deep Dive |
| CVE-2025-6011 | Timing Side-Channel in Vault’s Userpass Auth Method | HashiCorp | Vault | Low | 3.7 | 2025-08-01 18:00:25 | Deep Dive |
| CVE-2025-6004 | Vault Userpass and LDAP User Lockout Bypass | HashiCorp | Vault | Medium | 5.3 | 2025-08-01 17:56:01 | Deep Dive |
| CVE-2025-6037 | Vault Certificate Auth Method Did Not Validate Common Name For Non-CA Certificates | HashiCorp | Vault | Medium | 6.8 | 2025-08-01 17:52:49 | Deep Dive |
| CVE-2025-6014 | Vault TOTP Secrets Engine Code Reuse | HashiCorp | Vault | Medium | 6.5 | 2025-08-01 17:50:09 | Deep Dive |
| CVE-2025-6000 | Arbitrary Remote Code Execution via Plugin Catalog Abuse | HashiCorp | Vault | Critical | 9.1 | 2025-08-01 17:40:49 | Deep Dive |
| CVE-2025-5999 | Vault Root Namespace Operator May Elevate Token Privileges | HashiCorp | Vault | High | 7.2 | 2025-08-01 17:38:58 | Deep Dive |
| CVE-2025-4656 | Vault Vulnerable to Recovery Key Cancellation Denial of Service | HashiCorp | Vault | Low | 3.1 | 2025-06-25 16:15:12 | Deep Dive |
| CVE-2025-3879 | Vault’s Azure Authentication Method bound_location Restriction Could be Bypassed on Login | HashiCorp | Vault | Medium | 6.6 | 2025-05-02 16:15:11 | Deep Dive |