Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

CVE
CVEadded 2026/05/11 5:14 p.m.21 views

CVE-2026-43639

Bitwarden Server prior to v2026.4.0 is affected by a missing authorization vulnerability that allows a provider service user to add an arbitrary organization to their provider via POST /providers/{providerId}/clients/existing, resulting in takeover of the target organization. The issue is restric...

9.1CVSS5.9AI score0.00043EPSS
Exploits1References5Affected Software1
CNNVD
CNNVDadded 2026/05/11 12:0 a.m.4 views

bitwarden 安全漏洞

Bitwarden is an open-source password management backend service developed by Bitwarden. Versions of Bitwarden prior to 2026.4.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authorization checks, allowing users of the provider service to add any organization a...

9.1CVSS5.8AI score0.00043EPSS
Exploits1References1
OSV
OSVadded 2026/02/21 4:35 a.m.5 views

CVE-2026-27197 Sentry: Improper Authentication on SAML SSO process allows user identity linking

Sentry is a developer-first error tracking and performance monitoring tool. Versions 21.12.0 through 26.1.0 have a critical vulnerability in its SAML SSO implementation which allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on t...

9.1CVSS5.7AI score0.00058EPSS
Exploits0References3
CNNVD
CNNVDadded 2024/06/11 12:0 a.m.2 views

Amazon AWS Deployment Framework Security Vulnerability

Amazon AWS Deployment Framework is a broad and flexible framework from Amazon.com, Inc. for managing and deploying resources across multiple AWS accounts and regions within an AWS organization. A security vulnerability exists in Amazon AWS Deployment Framework versions prior to 4.0.0 that stems...

7.8CVSS6.8AI score0.00152EPSS
Exploits0References6
Hacker One
Hacker Oneadded 2020/03/31 2:5 a.m.24 views

Helium: Organization Takeover via invitation API

Hello @helium, today I would like to show you how a malicious user could exploit an IDOR affecting the /invitations resource to gain Administrator privileges inside an organization of which he's part of as a reader. Steps to reproduce the bug Setup Let's assume that three accounts exist: -...

0.5AI score
Exploits0
Hacker One
Hacker Oneadded 2020/03/08 1:50 p.m.18 views

Helium: Cleartext Transmission of Sensitive Information Leads to administrator access

The weakness of the program is Cleartext Transmission of Sensitive Information through URL Leads to administrator access. This program is having one feature like we can add users like administrator and read-only, these are roles, into organizations. Here I get the administrator role at same...

0.7AI score
Exploits0
Hacker One
Hacker Oneadded 2020/03/03 6:24 p.m.21 views

Helium: Organization Takeover

Hello @helium, The console.helium.com application doesn't correctly manage the /membership/ resources and allows a user to privilege escalate an organization of which he's part of just modifying it's role. Steps to reproduce the bug 1 Let's make two user accounts: - [email protected] A...

0.6AI score
Exploits0
Rows per page
Query Builder