10 matches found
CVE-2026-57520 Bitwarden Server < 2026.5.0 Privilege Escalation via Bulk User Remove Endpoint
Bitwarden Server before 2026.5.0 contains a privilege escalation vulnerability that allows authenticated Custom users with ManageUsers permission to remove Admin accounts from an organization by exploiting a missing role hierarchy check in the bulk user-remove endpoint. Attackers can supply Admin...
CVE-2026-57520
Bitwarden Server prior to 2026.5.0 is affected by a privilege-escalation vulnerability in the bulk user-remove endpoint. The issue arises from a missing role hierarchy check, allowing authenticated Custom users with ManageUsers permission to remove Admin accounts from an organization by supplying...
CVE-2026-57520 Bitwarden Server < 2026.5.0 Privilege Escalation via Bulk User Remove Endpoint
Bitwarden Server before 2026.5.0 contains a privilege escalation vulnerability that allows authenticated Custom users with ManageUsers permission to remove Admin accounts from an organization by exploiting a missing role hierarchy check in the bulk user-remove endpoint. Attackers can supply Admin...
CVE-2026-5599
A user with API access and "manage users" permission in any venueless world is able to trigger deletion of user accounts in other worlds...
EUVD-2026-19085
A user with API access and "manage users" permission in any venueless world is able to trigger deletion of user accounts in other worlds...
CVE-2026-5599
CVE-2026-5599 affects the venueless platform: a user with API access and the "manage users" permission can trigger deletion of user accounts in other worlds. This cross-world impact can compromise account availability and integrity. The CVSS 4.0 base score is 7.3 (HIGH); attack vector is NETWORK ...
PT-2026-30436
A user with API access and "manage users" permission in any venueless world is able to trigger deletion of user accounts in other worlds...
CVE-2026-0871 Org.keycloak/keycloak-services: keycloak: unauthorized modification of unmanaged user attributes by administrators
A flaw was found in Keycloak. An administrator with manage-users permission can bypass the "Only administrators can view" setting for unmanaged attributes, allowing them to modify these attributes. This improper access control can lead to unauthorized changes to user profiles, even when the syste...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from improper access control. This vulnerability could allow administrators with the manage-users permission to bypass settings and modify unmanaged...
UBUNTU-CVE-2016-3833
The Shell component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not properly manage the MANAGEUSERS and CREATEUSERS permissions, which allows attackers to bypass intended access restrictions via a crafted application, aka internal bug 29189712...