Login Sign Up

CWE-156: CWE-156

4
Total CVEs
0
Critical
0
High
6.2
Avg CVSS

Yearly Trend

2025
4

Top Affected Vendors

1 Openbao 2
2 Aquaplatform 1
3 Hashicorp 1

All CWE-156 CVEs (4)

CVE-2025-55000
6.5

OpenBao's TOTP secrets engine in versions 0.1.0 through 2.3.1 allows TOTP codes to be reused multiple times due to normalization issues in the underly...

Aug 9, 2025
CVE-2025-55001
6.5

OpenBao versions 2.3.1 and below contain an LDAP authentication bypass vulnerability when using username_as_alias=true parameter. Attackers can bypass...

Aug 9, 2025
CVE-2025-6014
6.5

The Vault TOTP secrets engine code validation endpoint allows time-based one-time password codes to be reused within their validity period. This affec...

Aug 1, 2025
CVE-2025-55127
5.4

This vulnerability allows attackers to create usernames with leading or trailing whitespace that appear identical to legitimate usernames in the UI, p...

Nov 20, 2025

About CWE-156 (CWE-156)

Our database tracks 4 CVEs classified as CWE-156, with 0 rated critical and 0 rated high severity. The average CVSS score for CWE-156 vulnerabilities is 6.2.

External reference: View CWE-156 on MITRE CWE →

Monitor CWE-156 Vulnerabilities

Get alerted when new CWE-156 CVEs affect your infrastructure.

Start Monitoring Free