CVE-2026-26012

CVE-2026-26012 affects vaultwarden (unofficial Bitwarden server in Rust). Prior to 1.35.3, a regular organization member could retrieve all ciphers within an organization via the /ciphers/organization-details endpoint, which internally uses Cipher::find_by_org and returns ciphers with CipherSyncT...

CVE-2025-66460

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, Lookyloo passed improperly escaped values to cells rendered in datatables using the orthogonal-data feature. It is definitely exploitable from the popu...

Lookyloo 跨站脚本漏洞

Lookyloo is a website capture tool from Lookyloo open source. A cross-site scripting vulnerability exists in Lookyloo versions prior to 1.35.3, which stems from an unfiltered URL in an error message and could lead to a cross-site scripting attack...

SpiceDB 安全漏洞

SpiceDB is a fine-grained permissions database from the Authzed team. A security vulnerability exists in SpiceDB versions prior to 1.35.3 that stems from the fact that setting multiple warnings for the same indirect subject type on the same relationship may result in no permissions being returned...