10 matches found
CVE-2026-26012
vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Prior to 1.35.3, a regular organization member can retrieve all ciphers within an organization, regardless of collection permissions. The endpoint /ciphers/organization-details is accessible t...
CVE-2026-26012
vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Prior to 1.35.3, a regular organization member can retrieve all ciphers within an organization, regardless of collection permissions. The endpoint /ciphers/organization-details is accessible t...
CVE-2026-26012 vaultwarden has Full Cipher Enumeration Ignoring Organization Collection Permissions
vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Prior to 1.35.3, a regular organization member can retrieve all ciphers within an organization, regardless of collection permissions. The endpoint /ciphers/organization-details is accessible t...
CVE-2026-26012
vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Prior to 1.35.3, a regular organization member can retrieve all ciphers within an organization, regardless of collection permissions. The endpoint /ciphers/organization-details is accessible t...
PT-2026-7721
Name of the Vulnerable Software and Affected Versions vaultwarden versions prior to 1.35.3 Description vaultwarden, an unofficial Bitwarden compatible server written in Rust, previously known as bitwarden rs, had a flaw where a standard organization member could access all ciphers within an...
EUVD-2025-32013
Malicious code in bioql PyPI...
CVE-2025-59687
IMPAQTR Aurora before 1.36 allows Insecure Direct Object Reference attacks against the users list, organization details, bookmarks, and notifications of an arbitrary organization...
CVE-2025-59687
The CVE describes an Insecure Direct Object Reference vulnerability in IMPAQTR Aurora pre-1.36. Affected product: IMPAQTR Aurora. Vulnerable component: the data access to users list, organization details, bookmarks, and notifications for an arbitrary organization due to improper access control of...
CVE-2019-4622
CVE-2019-4622 is an IBM cross-site scripting vulnerability affecting multiple IBM Financial Transaction Manager modules (e.g., FTM CPS, FTM ACH, FTM CHK, FTM DP, and Digital Payments variants). The flaw allows embedding arbitrary JavaScript in the Web UI, potentially leading to credential disclos...
CVE-2018-1278
Apps Manager included in Pivotal Application Service, versions 1.12.x prior to 1.12.22, 2.0.x prior to 2.0.13, and 2.1.x prior to 2.1.4 contains an authorization enforcement vulnerability. A member of any org is able to create invitations to any org for which the org GUID can be discovered...