2546 matches found
CVE-2026-27801
Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Vaultwarden versions 1.34.3 and prior are susceptible to a 2FA bypass when performing protected actions. An attacker who gains authenticated access to a user’s account can exploit this bypass ...
CVE-2026-27801 Vaultwarden: 2FA Bypass on Protected Actions due to Faulty Rate Limit Enforcement
Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Vaultwarden versions 1.34.3 and prior are susceptible to a 2FA bypass when performing protected actions. An attacker who gains authenticated access to a user’s account can exploit this bypass ...
CVE-2026-27801
Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Vaultwarden versions 1.34.3 and prior are susceptible to a 2FA bypass when performing protected actions. An attacker who gains authenticated access to a user’s account can exploit this bypass ...
CVE-2026-27801 Vaultwarden: 2FA Bypass on Protected Actions due to Faulty Rate Limit Enforcement
Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Vaultwarden versions 1.34.3 and prior are susceptible to a 2FA bypass when performing protected actions. An attacker who gains authenticated access to a user’s account can exploit this bypass ...
CVE-2026-27801
Vaultwarden (unofficial Bitwarden server) is affected by CVE-2026-27801 where versions 1.34.3 and earlier permit a 2FA bypass on protected actions due to faulty rate-limit enforcement. An authenticated attacker can perform protected actions (e.g., access a user’s API key or delete vaults and orga...
CVE-2026-27801 Vaultwarden: 2FA Bypass on Protected Actions due to Faulty Rate Limit Enforcement
Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Vaultwarden versions 1.34.3 and prior are susceptible to a 2FA bypass when performing protected actions. An attacker who gains authenticated access to a user’s account can exploit this bypass ...
IRRd: web UI host header injection allows password reset poisoning via attacker-controlled email links
Impact An attacker can manipulate the HTTP Host header on a password reset or account creation request. The confirmation link in the resulting email can then point to an attacker-controlled domain. Opening the link in the email is sufficient to pass the token to the attacker, who can then use it ...
GHSA-22M3-C7VP-49FJ IRRd: web UI host header injection allows password reset poisoning via attacker-controlled email links
Impact An attacker can manipulate the HTTP Host header on a password reset or account creation request. The confirmation link in the resulting email can then point to an attacker-controlled domain. Opening the link in the email is sufficient to pass the token to the attacker, who can then use it ...
EUVD-2026-9501
Vaultwarden has 2FA Bypass on Protected Actions due to Faulty Rate Limit Enforcement...
Vaultwarden has 2FA Bypass on Protected Actions due to Faulty Rate Limit Enforcement
Summary Vaultwarden v1.34.3 and prior are susceptible to a 2FA bypass when performing protected actions. An attacker who gains authenticated access to a users account can exploit this bypass to perform protected actions such as accessing the user's API key or deleting the user's vault and...
GHSA-V6PG-V89R-W8WR Vaultwarden has 2FA Bypass on Protected Actions due to Faulty Rate Limit Enforcement
Summary Vaultwarden v1.34.3 and prior are susceptible to a 2FA bypass when performing protected actions. An attacker who gains authenticated access to a users account can exploit this bypass to perform protected actions such as accessing the user's API key or deleting the user's vault and...
PT-2026-23064
Name of the Vulnerable Software and Affected Versions Vaultwarden versions 1.34.3 and prior Description Vaultwarden, a Bitwarden compatible server, is susceptible to a 2FA bypass when performing protected actions. An attacker who gains authenticated access to a user’s account can exploit this...
Vaultwarden 安全漏洞
Vaultwarden is an alternative implementation of the Bitwarden server API, developed by Daniel García. Versions of Vaultwarden 1.34.3 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the ability to bypass two-factor authentication when performing protected...
PT-2026-23087
Name of the Vulnerable Software and Affected Versions Internet Routing Registry daemon versions 4.4.0 through 4.4.5 Internet Routing Registry daemon versions 4.5.0 through 4.5.1 Description The Internet Routing Registry daemon IRRD is susceptible to a manipulation issue affecting password reset a...
Europol, Microsoft, TrendAI™ and Collaborators Halt Tycoon 2FA Operations
Tycoon 2FA was dismantled this week by law enforcement and industry partners including TrendAI™. The phishing-as-a-service platform offered MFA bypass services using adversary-in-the-middle AitM proxying...
GHSA-GJJC-PCWP-C74M OneUptime has WebAuthn 2FA bypass: server accepts client-supplied challenge instead of server-stored value, allowing credential replay
Summary The WebAuthn authentication implementation does not store the challenge on the server side. Instead, the challenge is returned to the client and accepted back from the client request body during verification. This violates the WebAuthn specification W3C Web Authentication Level 2, §13.4.3...
This Week in Spring - February 24th, 2026
Hi, Spring fans! Welcome to another awesome and oh-so-agentic week in Spring! We've got a ton to look into, and I've got even more to prepare for next week's DevNexus event in Atlanta, GA, so let's dive right into it! Be sure to say "hi" if you're going to be there, though! You've heard of Agent...
Vulnerabilities fixed in Splunk Enterprise and Splunk Cloud Platform
Splunk has fixed vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. The vulnerabilities are in several versions of Splunk Enterprise and Splunk Cloud Platform. They allow low-privileged users to bypass protections, view sensitive information, and abuse the REST API for user...
CVE-2026-27197
Sentry is a developer-first error tracking and performance monitoring tool. Versions 21.12.0 through 26.1.0 have a critical vulnerability in its SAML SSO implementation which allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on t...
User Impersonation
Overview Affected versions of this package are vulnerable to User Impersonation in the SAML SSO authentication process. An attacker can gain unauthorized access to user accounts by leveraging a malicious SAML Identity Provider and another organization configured on the same instance. Notes: - Thi...