Where
-Infinity
0

Trending

Last week
Last month
Last year

HashiCorp VaultVault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations

Risk 31
Severity
7.5
EPSS
0.02%
First published (updated )
CVE-2026-5807

HashiCorp VaultVault Token Leaked to Backends via Authorization: Bearer Passthrough Header

Risk 79
Severity
8.8
First published (updated )
CVE-2026-4525

HashiCorp VaultVault Vulnerable to Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS

Risk 34
Severity
8.6
EPSS
0.01%
First published (updated )
CVE-2026-5052

HashiCorp VaultVault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service

Risk 60
Severity
8.1
First published (updated )
CVE-2026-3605

HashiCorp Vault 2.0End of life details

First published (updated )
EOL-hashicorp-vault-2.0
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

HashiCorp VaultVault Vulnerable to Denial of Service Due to Rate Limit Regression

Risk 43
Severity
7.5
First published (updated )
CVE-2025-12044

HashiCorp VaultVault AWS auth method bypass due to AWS client cache

Risk 60
Severity
8.1
First published (updated )
CVE-2025-11621

HashiCorp Vault 1.21Reached end of life

EOL
Apr 13, 2026
First published (updated )
EOL-hashicorp-vault-1.21

HashiCorp VaultVault unauthenticated denial of service through complex json payload

Risk 43
Severity
7.5
First published (updated )
CVE-2025-6203

HashiCorp VaultVault LDAP MFA Enforcement Bypass When Using Username As Alias

Risk 60
Severity
8.1
First published (updated )
CVE-2025-6013
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

HashiCorp VaultVault Certificate Auth Method Did Not Validate Common Name For Non-CA Certificates

Risk 61
Severity
6.8
First published (updated )
CVE-2025-6037

HashiCorp VaultVault’s Azure Authentication Method bound_location Restriction Could be Bypassed on Login

Risk 56
Severity
8.8
EPSS
0.04%
First published (updated )
CVE-2025-3879

HashiCorp VaultVault May Include Sensitive Data in Error Logs When Using the KV v2 Plugin

Risk 27
Severity
6.5
EPSS
0.03%
First published (updated )
CVE-2025-4166

HashiCorp Vault 1.18Reached end of life

EOL
Mar 4, 2025
First published (updated )
latest-version-hashicorp-vault-1.18

HashiCorp Vault 1.18Reached end of life

EOL
Mar 4, 2025
First published (updated )
EOL-hashicorp-vault-1.18
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

HashiCorp VaultVault Operators in Root Namespace May Elevate Their Privileges

Risk 51
Severity
7.2
EPSS
0.05%
First published (updated )
CVE-2024-9180

HashiCorp VaultVault Leaks AppRole Client Tokens And Accessor in Audit Log

Risk 28
Severity
6.5
EPSS
0.09%
First published (updated )
CVE-2024-8365

HashiCorp Vault 1.17Reached end of life

EOL
Oct 9, 2024
First published (updated )
EOL-hashicorp-vault-1.17

HashiCorp Vault 1.17Reached end of life

EOL
Oct 9, 2024
First published (updated )
latest-version-hashicorp-vault-1.17

HashiCorp Vault 1.16Reached end of life

EOL
Jun 10, 2024
First published (updated )
latest-version-hashicorp-vault-1.16
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

HashiCorp Vault 1.16Reached end of life

EOL
Jun 10, 2024
First published (updated )
EOL-hashicorp-vault-1.16

HashiCorp VaultVault May Expose Sensitive Information When Configuring An Audit Log Device

Risk 40
Severity
6.5
First published (updated )
CVE-2024-0831

HashiCorp VaultVault May be Vulnerable to a Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests

Risk 31
Severity
7.5
EPSS
0.05%
First published (updated )
CVE-2023-6337

HashiCorp VaultVault Requests Triggering Policy Checks May Lead To Unbounded Memory Consumption

Risk 31
Severity
7.5
EPSS
0.05%
First published (updated )
CVE-2023-5954

HashiCorp VaultVault's Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets

Risk 65
Severity
7.6
First published (updated )
CVE-2023-5077
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

HashiCorp VaultVault Enterprise's Sentinel RGP Policies Allowed For Cross-Namespace Denial of Service

Risk 31
Severity
4.9
First published (updated )
CVE-2023-3775

HashiCorp Vault 1.15Reached end of life

EOL
Oct 8, 2024
First published (updated )
EOL-hashicorp-vault-1.15

HashiCorp Vault 1.15Reached end of life

EOL
Oct 8, 2024
First published (updated )
latest-version-hashicorp-vault-1.15

HashiCorp VaultVault's Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption

Risk 54
Severity
6.8
First published (updated )
CVE-2023-4680

HashiCorp VaultVault's LDAP Auth Method Allows for User Enumeration

Risk 28
Severity
5.3
First published (updated )
CVE-2023-3462
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203