102 matches found
EUVD-2026-28318
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the checkSQL validation function that blocks dangerous SQL keywords e.g., pgreadfile, LOADFILE, dblink is applied on the collections:create and...
EUVD-2026-26280
Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/savecollection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection rules parameters. Attackers can inject malicious PHP...
@nocobase/plugin-collection-sql: SQL Validation Bypass Through Missing `checkSQL` Call
Summary The checkSQL validation function that blocks dangerous SQL keywords e.g., pgreadfile, LOADFILE, dblink is applied on the collections:create and sqlCollection:execute endpoints but is entirely missing on the sqlCollection:update endpoint. An attacker with collection management permissions...
CVE-2026-27803
Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Prior to version 1.35.4, when a Manager has manage=false for a given collection, they can still perform several management operations as long as they have access to the collection. This issue...
CVE-2026-27803
Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Prior to version 1.35.4, when a Manager has manage=false for a given collection, they can still perform several management operations as long as they have access to the collection. This issue...
CVE-2026-27803 Vaultwarden: Collection Management Operations Allowed Without `manage` Verification for Manager Role
Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Prior to version 1.35.4, when a Manager has manage=false for a given collection, they can still perform several management operations as long as they have access to the collection. This issue...
CVE-2026-27803 Vaultwarden: Collection Management Operations Allowed Without `manage` Verification for Manager Role
Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Prior to version 1.35.4, when a Manager has manage=false for a given collection, they can still perform several management operations as long as they have access to the collection. This issue...
CVE-2026-27803 Vaultwarden: Collection Management Operations Allowed Without `manage` Verification for Manager Role
Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Prior to version 1.35.4, when a Manager has manage=false for a given collection, they can still perform several management operations as long as they have access to the collection. This issue...
CVE-2026-27803
Vaultwarden (Rust-based Bitwarden-compatible server) contains an access-control flaw prior to version 1.35.4: an authenticated Manager with manage=false for a collection can still perform various management operations on that collection. The issue stems from the authorization check using can_acce...
EUVD-2026-9503
Vaultwarden's Collection Management Operations Allowed Without manage Verification for Manager Role...
Vaultwarden's Collection Management Operations Allowed Without `manage` Verification for Manager Role
Summary Testing confirmed that even when a Manager has manage=false for a given collection, they can still perform the following management operations as long as they have access to the collection: PUT /api/organizations//collections/ succeeds HTTP 200 PUT /api/organizations//collections//users...
PT-2026-23072
Name of the Vulnerable Software and Affected Versions Vaultwarden versions prior to 1.35.4 Description Vaultwarden, a Bitwarden compatible server, had a flaw where a Manager with limited permissions manage=false for a specific collection could still perform management operations like updating...
CVE-2026-28354 ClipBucket v5 has IDOR in Collection Item Management
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 59, collection item operations are vulnerable to authorization flaws, allowing a normal authenticated user to modify another user’s collection items. This affects both add item /actions/addtocollection.php due to missi...
EUVD-2021-26971
Malware in sbrugna...
EUVD-2022-32858
Malicious code in bioql PyPI...
EUVD-2022-32859
Malicious code in bioql PyPI...
EUVD-2022-32563
Malicious code in bioql PyPI...
EUVD-2022-29858
Malicious code in bioql PyPI...
EUVD-2022-32860
Malicious code in bioql PyPI...
EUVD-2022-29762
Malicious code in bioql PyPI...