Lucene search
K

2546 matches found

NVD
NVD
added 2026/03/04 10:16 p.m.5 views

CVE-2026-27801

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Vaultwarden versions 1.34.3 and prior are susceptible to a 2FA bypass when performing protected actions. An attacker who gains authenticated access to a user’s account can exploit this bypass ...

6CVSS0.0026EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/04 9:32 p.m.4 views

CVE-2026-27801 Vaultwarden: 2FA Bypass on Protected Actions due to Faulty Rate Limit Enforcement

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Vaultwarden versions 1.34.3 and prior are susceptible to a 2FA bypass when performing protected actions. An attacker who gains authenticated access to a user’s account can exploit this bypass ...

6CVSS5.9AI score0.0026EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/04 9:32 p.m.4 views

CVE-2026-27801

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Vaultwarden versions 1.34.3 and prior are susceptible to a 2FA bypass when performing protected actions. An attacker who gains authenticated access to a user’s account can exploit this bypass ...

6CVSS5.9AI score0.0026EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/04 9:32 p.m.28 views

CVE-2026-27801 Vaultwarden: 2FA Bypass on Protected Actions due to Faulty Rate Limit Enforcement

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Vaultwarden versions 1.34.3 and prior are susceptible to a 2FA bypass when performing protected actions. An attacker who gains authenticated access to a user’s account can exploit this bypass ...

6CVSS0.0026EPSS
Exploits1References1
CVE
CVE
added 2026/03/04 9:32 p.m.31 views

CVE-2026-27801

Vaultwarden (unofficial Bitwarden server) is affected by CVE-2026-27801 where versions 1.34.3 and earlier permit a 2FA bypass on protected actions due to faulty rate-limit enforcement. An authenticated attacker can perform protected actions (e.g., access a user’s API key or delete vaults and orga...

6CVSS5.9AI score0.0026EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/03/04 9:32 p.m.2 views

CVE-2026-27801 Vaultwarden: 2FA Bypass on Protected Actions due to Faulty Rate Limit Enforcement

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Vaultwarden versions 1.34.3 and prior are susceptible to a 2FA bypass when performing protected actions. An attacker who gains authenticated access to a user’s account can exploit this bypass ...

6CVSS5.7AI score0.0026EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/04 8:33 p.m.8 views

IRRd: web UI host header injection allows password reset poisoning via attacker-controlled email links

Impact An attacker can manipulate the HTTP Host header on a password reset or account creation request. The confirmation link in the resulting email can then point to an attacker-controlled domain. Opening the link in the email is sufficient to pass the token to the attacker, who can then use it ...

8.1CVSS5.9AI score0.00427EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/03/04 8:33 p.m.3 views

GHSA-22M3-C7VP-49FJ IRRd: web UI host header injection allows password reset poisoning via attacker-controlled email links

Impact An attacker can manipulate the HTTP Host header on a password reset or account creation request. The confirmation link in the resulting email can then point to an attacker-controlled domain. Opening the link in the email is sufficient to pass the token to the attacker, who can then use it ...

8.1CVSS5.9AI score0.00427EPSS
Exploits0References7
EUVD
EUVD
added 2026/03/04 8:6 p.m.6 views

EUVD-2026-9501

Vaultwarden has 2FA Bypass on Protected Actions due to Faulty Rate Limit Enforcement...

6CVSS5.9AI score0.0026EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/03/04 8:6 p.m.7 views

Vaultwarden has 2FA Bypass on Protected Actions due to Faulty Rate Limit Enforcement

Summary Vaultwarden v1.34.3 and prior are susceptible to a 2FA bypass when performing protected actions. An attacker who gains authenticated access to a users account can exploit this bypass to perform protected actions such as accessing the user's API key or deleting the user's vault and...

6CVSS5.9AI score0.0026EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/04 8:6 p.m.3 views

GHSA-V6PG-V89R-W8WR Vaultwarden has 2FA Bypass on Protected Actions due to Faulty Rate Limit Enforcement

Summary Vaultwarden v1.34.3 and prior are susceptible to a 2FA bypass when performing protected actions. An attacker who gains authenticated access to a users account can exploit this bypass to perform protected actions such as accessing the user's API key or deleting the user's vault and...

6CVSS5.9AI score0.0026EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.4 views

PT-2026-23064

Name of the Vulnerable Software and Affected Versions Vaultwarden versions 1.34.3 and prior Description Vaultwarden, a Bitwarden compatible server, is susceptible to a 2FA bypass when performing protected actions. An attacker who gains authenticated access to a user’s account can exploit this...

6CVSS5.2AI score0.0026EPSS
Exploits1References11
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.6 views

Vaultwarden 安全漏洞

Vaultwarden is an alternative implementation of the Bitwarden server API, developed by Daniel García. Versions of Vaultwarden 1.34.3 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the ability to bypass two-factor authentication when performing protected...

6CVSS5.9AI score0.0026EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.7 views

PT-2026-23087

Name of the Vulnerable Software and Affected Versions Internet Routing Registry daemon versions 4.4.0 through 4.4.5 Internet Routing Registry daemon versions 4.5.0 through 4.5.1 Description The Internet Routing Registry daemon IRRD is susceptible to a manipulation issue affecting password reset a...

8.1CVSS5.8AI score0.00427EPSS
Exploits0References13
Trend Micro Simply Security
Trend Micro Simply Security
added 2026/03/04 12:0 a.m.6 views

Europol, Microsoft, TrendAI™ and Collaborators Halt Tycoon 2FA Operations

Tycoon 2FA was dismantled this week by law enforcement and industry partners including TrendAI™. The phishing-as-a-service platform offered MFA bypass services using adversary-in-the-middle AitM proxying...

5.9AI score
Exploits0
OSV
OSV
added 2026/03/02 9:40 p.m.6 views

GHSA-GJJC-PCWP-C74M OneUptime has WebAuthn 2FA bypass: server accepts client-supplied challenge instead of server-stored value, allowing credential replay

Summary The WebAuthn authentication implementation does not store the challenge on the server side. Instead, the challenge is returned to the client and accepted back from the client request body during verification. This violates the WebAuthn specification W3C Web Authentication Level 2, §13.4.3...

8.2CVSS6AI score0.00276EPSS
Exploits1References3
Spring Security Advisories
Spring Security Advisories
added 2026/02/24 12:0 a.m.7 views

This Week in Spring - February 24th, 2026

Hi, Spring fans! Welcome to another awesome and oh-so-agentic week in Spring! We've got a ton to look into, and I've got even more to prepare for next week's DevNexus event in Atlanta, GA, so let's dive right into it! Be sure to say "hi" if you're going to be there, though! You've heard of Agent...

5.5AI score
Exploits0
NCSC
NCSC
added 2026/02/23 2:27 p.m.44 views

Vulnerabilities fixed in Splunk Enterprise and Splunk Cloud Platform

Splunk has fixed vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. The vulnerabilities are in several versions of Splunk Enterprise and Splunk Cloud Platform. They allow low-privileged users to bypass protections, view sensitive information, and abuse the REST API for user...

6.8CVSS8.4AI score0.05145EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/02/23 7:26 a.m.6 views

CVE-2026-27197

Sentry is a developer-first error tracking and performance monitoring tool. Versions 21.12.0 through 26.1.0 have a critical vulnerability in its SAML SSO implementation which allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on t...

9.1CVSS5.6AI score0.00435EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/21 6:51 a.m.4 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation in the SAML SSO authentication process. An attacker can gain unauthorized access to user accounts by leveraging a malicious SAML Identity Provider and another organization configured on the same instance. Notes: - Thi...

9.1CVSS5.7AI score0.00435EPSS
Exploits0References2
Rows per page
Query Builder