CVE-2026-43640 Bitwarden Server < 2026.4.1 Authentication Bypass via SCIM API Key

Bitwarden Server prior to v2026.4.1 does not require master-password re-authentication when retrieving or rotating an organization's SCIM API key, allowing an authenticated user with SCIM management privileges to obtain the key using only a valid session...

PT-2022-20545 · Wire · Wire

Name of the Vulnerable Software and Affected Versions: Wire versions prior to 2022-07-12/Chart 4.19.0 Description: The issue allows an attacker to delete all SAML authenticated accounts of a targeted team, authenticate as a user of the attacked team, and create arbitrary accounts in the context o...