Lucene search
K

10 matches found

Cvelist
Cvelist
added 2026/06/25 7:8 p.m.21 views

CVE-2026-57520 Bitwarden Server < 2026.5.0 Privilege Escalation via Bulk User Remove Endpoint

Bitwarden Server before 2026.5.0 contains a privilege escalation vulnerability that allows authenticated Custom users with ManageUsers permission to remove Admin accounts from an organization by exploiting a missing role hierarchy check in the bulk user-remove endpoint. Attackers can supply Admin...

7.1CVSS0.00354EPSS
Exploits1References5
CVE
CVE
added 2026/06/25 7:8 p.m.27 views

CVE-2026-57520

Bitwarden Server prior to 2026.5.0 is affected by a privilege-escalation vulnerability in the bulk user-remove endpoint. The issue arises from a missing role hierarchy check, allowing authenticated Custom users with ManageUsers permission to remove Admin accounts from an organization by supplying...

7.1CVSS5.9AI score0.00354EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/06/25 7:8 p.m.3 views

CVE-2026-57520 Bitwarden Server < 2026.5.0 Privilege Escalation via Bulk User Remove Endpoint

Bitwarden Server before 2026.5.0 contains a privilege escalation vulnerability that allows authenticated Custom users with ManageUsers permission to remove Admin accounts from an organization by exploiting a missing role hierarchy check in the bulk user-remove endpoint. Attackers can supply Admin...

7.1CVSS6AI score0.00354EPSS
Exploits1References8
NVD
NVD
added 2026/04/05 1:17 p.m.7 views

CVE-2026-5599

A user with API access and "manage users" permission in any venueless world is able to trigger deletion of user accounts in other worlds...

7.3CVSS0.00247EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/05 12:36 p.m.4 views

EUVD-2026-19085

A user with API access and "manage users" permission in any venueless world is able to trigger deletion of user accounts in other worlds...

7.3CVSS5.9AI score0.00247EPSS
Exploits0References1
CVE
CVE
added 2026/04/05 12:36 p.m.13 views

CVE-2026-5599

CVE-2026-5599 affects the venueless platform: a user with API access and the "manage users" permission can trigger deletion of user accounts in other worlds. This cross-world impact can compromise account availability and integrity. The CVSS 4.0 base score is 7.3 (HIGH); attack vector is NETWORK ...

7.3CVSS5.9AI score0.00247EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.10 views

PT-2026-30436

A user with API access and "manage users" permission in any venueless world is able to trigger deletion of user accounts in other worlds...

7.3CVSS5.9AI score0.00247EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/27 7:30 a.m.27 views

CVE-2026-0871 Org.keycloak/keycloak-services: keycloak: unauthorized modification of unmanaged user attributes by administrators

A flaw was found in Keycloak. An administrator with manage-users permission can bypass the "Only administrators can view" setting for unmanaged attributes, allowing them to modify these attributes. This improper access control can lead to unauthorized changes to user profiles, even when the syste...

4.9CVSS0.00307EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.11 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from improper access control. This vulnerability could allow administrators with the manage-users permission to bypass settings and modify unmanaged...

4.9CVSS5.8AI score0.00307EPSS
Exploits0References4
OSV
OSV
added 2016/08/05 8:59 p.m.7 views

UBUNTU-CVE-2016-3833

The Shell component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not properly manage the MANAGEUSERS and CREATEUSERS permissions, which allows attackers to bypass intended access restrictions via a crafted application, aka internal bug 29189712...

7.8CVSS7.1AI score0.00476EPSS
Exploits0References5
Rows per page
Query Builder