Lucene search
K

5 matches found

Cvelist
Cvelist
added 2026/06/25 7:9 p.m.18 views

CVE-2026-57521 Bitwarden Server < 2026.5.0 Broken Access Control via PreviewInvoiceController

Bitwarden Server before 2026.5.0 contains a broken access control vulnerability that allows any authenticated user to access arbitrary organization billing data by supplying an arbitrary organizationId to the PreviewInvoiceController endpoints without membership or authorization checks. Attackers...

5.3CVSS0.00211EPSS
Exploits1References5
CVE
CVE
added 2026/06/25 7:9 p.m.11 views

CVE-2026-57521

Bitwarden Server (pre-2026.5.0) has a broken access control in PreviewInvoiceController: any authenticated user can supply an arbitrary organizationId to access that organization’s billing data without membership checks. The issue stems from the missing ManageOrganizationBillingRequirement on the...

5.3CVSS6AI score0.00211EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/06/25 7:9 p.m.7 views

EUVD-2026-39542

Bitwarden Server before 2026.5.0 contains a broken access control vulnerability that allows any authenticated user to access arbitrary organization billing data by supplying an arbitrary organizationId to the PreviewInvoiceController endpoints without membership or authorization checks. Attackers...

5.3CVSS6AI score0.00211EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.7 views

PT-2026-52575

Name of the Vulnerable Software and Affected Versions Bitwarden Server versions prior to 2026.5.0 Description Broken access control allows any authenticated user to access arbitrary organization billing data. By supplying an arbitrary organizationId to the PreviewInvoiceController endpoints, an...

5.3CVSS5.9AI score0.00211EPSS
Exploits1References9
Hacker One
Hacker One
added 2020/08/28 11:56 a.m.36 views

Mail.ru: Пользователь может изменить способ оплаты указав чужой corporation ID

IDOR vulnerability in city-mobil.ru allowed arbitrary organization to be billed for a taxi ride...

2.2AI score
Exploits0
Rows per page
Query Builder