CVEs classified under CWE-156, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2025-55001 — CVSS 6.5 (medium): OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In…
CVE-2025-55000 — CVSS 6.5 (medium): OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In…
CVE-2025-6013 — CVSS 6.5 (medium): Vault and Vault Enterprise’s (“Vault”) ldap auth method may not have correctly enforced MFA if username_as_alias was set to true and…
CVE-2025-6014 — CVSS 6.5 (medium): Vault and Vault Enterprise’s (“Vault”) TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity…
CVE-2025-55127 — CVSS 5.4 (medium): HackerOne community member Dao Hoang Anh (yoyomiski) has reported an improper neutralization of whitespace in the username when adding new…