28
CVEs
2
Critical
11
High
0
KEV
5
PoC
4
Unpatched C/H
64.3%
Patch Rate
0.1%
Avg EPSS
Severity Breakdown
CRITICAL
2
HIGH
11
MEDIUM
13
LOW
2
Monthly CVE Trend
Affected Products (22)
Vault
11
Windows
3
Android
2
Coder
1
Clearml Enterprise Server
1
Juju
1
Teamcity
1
Kubernetes
1
Command Injection
1
Openbao
1
Terraform Provider
1
Go Getter
1
Go Slug
1
Deserialization
1
Docker
1
Atlantis
1
Gallery Vault
1
Terraform
1
iOS
1
Privileged Access Manager
1
Java
1
Remote Desktop Manager
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-58437 | Coder allows organizations to provision remote development environments via Terraform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available. | HIGH | 8.1 | 0.0% | 61 |
PoC
|
| CVE-2026-33722 | Authenticated users in n8n versions prior to 1.123.23 and 2.6.4 can bypass external secrets permission checks to retrieve plaintext secret values from configured vaults by referencing secrets by name in credentials, even without list permissions. This allows unauthorized access to sensitive vault-stored credentials without requiring admin or owner privileges, provided the attacker knows or can guess the target secret name. Public exploit code exists for this vulnerability. | HIGH | 7.3 | 0.0% | 57 |
PoC
|
| CVE-2026-34976 | Unauthenticated remote attackers can trigger complete database overwrites, server-side file reads, and SSRF attacks against Dgraph graph database servers (v24.x, v25.x prior to v25.3.1) via the admin API's restoreTenant mutation. The mutation bypasses all authentication middleware due to missing authorization configuration, allowing attackers to provide arbitrary backup source URLs (including file:// schemes for local filesystem access), S3/MinIO credentials, Vault configuration paths, and encryption key file paths. Live exploitation confirmed in Docker deployments. Vendor-released patch available in v25.3.1 (commit b15c87e9). | CRITICAL | 10.0 | 0.0% | 50 |
|
| CVE-2026-32309 | Cryptomator's Hub-based unlock flow contains a protocol downgrade vulnerability that allows the application to communicate with Hub endpoints over plaintext HTTP instead of enforcing HTTPS. Cryptomator versions prior to 1.19.1 are affected, exposing OAuth bearer tokens, key-loading traffic, and endpoint-level trust decisions to network interception and tampering by active attackers. This is a verified GitHub security advisory with patches available in version 1.19.1, though no EPSS score or KEV listing indicates limited evidence of active exploitation. | HIGH | 8.7 | 0.0% | 44 |
No patch
|
| CVE-2026-32692 | An authorization bypass vulnerability exists in the Vault secrets back-end implementation of Canonical's Juju orchestration tool, allowing authenticated unit agents to perform unauthorized updates to secret revisions beyond their intended scope. Juju versions 3.1.6 through 3.6.18 are affected, and attackers with sufficient information can poison any existing secret revision within the Vault secret back-end scope. With a CVSS score of 7.6 (High severity) featuring network attack vector, low complexity, and high integrity impact, this represents a significant security concern for Juju deployments using Vault as their secrets back-end, though no active exploitation (KEV) status or EPSS score was provided in available data. | HIGH | 7.6 | 0.0% | 38 |
|
| CVE-2026-32303 | Cryptomator versions prior to 1.19.1 contain an integrity check vulnerability that allows attackers to tamper with the vault.cryptomator configuration file, enabling man-in-the-middle attacks during Hub key loading. Attackers can mix legitimate authentication endpoints with malicious API endpoints to exfiltrate access tokens from users unlocking Hub-backed vaults in environments where vault configuration files can be modified. The CVSS score of 7.6 indicates high severity with network attack vector requiring low privileges and user interaction, though no active exploitation (KEV) or public POC has been reported at this time. | HIGH | 7.6 | 0.0% | 38 |
No patch
|
| CVE-2026-32317 | An integrity check vulnerability in Cryptomator for Android prior to version 1.12.3 allows attackers to tamper with the vault configuration file, enabling a man-in-the-middle attack against the Hub key loading mechanism. Attackers who can modify the vault.cryptomator file can mix legitimate authentication endpoints with malicious API endpoints to exfiltrate tokens from users unlocking Hub-backed vaults. With a CVSS score of 7.6 and requiring low attack complexity with user interaction, this vulnerability poses a moderate risk to affected users in environments where vault configuration files can be altered. | HIGH | 7.6 | 0.0% | 38 |
No patch
|
| CVE-2026-32318 | A man-in-the-middle vulnerability in Cryptomator for iOS versions prior to 2.8.3 allows attackers who can modify the vault.cryptomator configuration file to intercept authentication tokens by substituting malicious API endpoints while maintaining legitimate authentication endpoints. This affects users unlocking Hub-backed vaults in environments where attackers have write access to vault configuration files. No evidence of active exploitation (not in CISA KEV) has been reported, and patches are available. | HIGH | 7.6 | 0.0% | 38 |
No patch
|
| CVE-2025-6037 | Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as [+trusted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | MEDIUM | 6.8 | 0.0% | 34 |
|
| CVE-2025-3879 | Vault Community, Vault Enterprise (“Vault”) Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the bound_locations parameter on. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available. | MEDIUM | 6.6 | 0.2% | 33 |
|
| CVE-2025-6014 | Vault and Vault Enterprise’s (“Vault”) TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | MEDIUM | 6.5 | 0.0% | 33 |
|
| CVE-2025-32987 | Arctera eDiscovery Platform before 10.3.2, when Enterprise Vault Collection Module is used, places a cleartext password on a command line in EVSearcher. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available. | MEDIUM | 6.0 | 0.1% | 30 |
No patch
|
| CVE-2025-6015 | Vault and Vault Enterprise’s (“Vault”) login MFA rate limits could be bypassed and TOTP tokens could be reused. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | MEDIUM | 5.7 | 0.0% | 29 |
|
| CVE-2025-6004 | Vault and Vault Enterprise’s (“Vault”) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | MEDIUM | 5.3 | 0.0% | 27 |
|
| CVE-2025-2180 | An unsafe deserialization vulnerability in Palo Alto Networks Checkov by Prisma® Cloud allows an authenticated user to execute arbitrary code as a non administrative user by scanning a malicious. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available. | MEDIUM | 4.8 | 0.3% | 24 |
No patch
|