Lucene search
K

10 matches found

NVD
NVD
added 2026/02/11 10:15 p.m.8 views

CVE-2026-26012

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Prior to 1.35.3, a regular organization member can retrieve all ciphers within an organization, regardless of collection permissions. The endpoint /ciphers/organization-details is accessible t...

6.5CVSS0.00331EPSS
Exploits2References2
AlpineLinux
AlpineLinux
added 2026/02/11 9:14 p.m.4 views

CVE-2026-26012

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Prior to 1.35.3, a regular organization member can retrieve all ciphers within an organization, regardless of collection permissions. The endpoint /ciphers/organization-details is accessible t...

6.5CVSS5.5AI score0.00331EPSS
Exploits2References2
OSV
OSV
added 2026/02/11 9:14 p.m.6 views

CVE-2026-26012 vaultwarden has Full Cipher Enumeration Ignoring Organization Collection Permissions

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Prior to 1.35.3, a regular organization member can retrieve all ciphers within an organization, regardless of collection permissions. The endpoint /ciphers/organization-details is accessible t...

6.5CVSS5.5AI score0.00331EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2026/02/11 9:14 p.m.5 views

CVE-2026-26012

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Prior to 1.35.3, a regular organization member can retrieve all ciphers within an organization, regardless of collection permissions. The endpoint /ciphers/organization-details is accessible t...

6.5CVSS5.5AI score0.00331EPSS
Exploits2References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.8 views

PT-2026-7721

Name of the Vulnerable Software and Affected Versions vaultwarden versions prior to 1.35.3 Description vaultwarden, an unofficial Bitwarden compatible server written in Rust, previously known as bitwarden rs, had a flaw where a standard organization member could access all ciphers within an...

6.5CVSS5.4AI score0.00331EPSS
Exploits2References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-32013

Malicious code in bioql PyPI...

6.6AI score0.002EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/02 12:17 a.m.12 views

CVE-2025-59687

IMPAQTR Aurora before 1.36 allows Insecure Direct Object Reference attacks against the users list, organization details, bookmarks, and notifications of an arbitrary organization...

7AI score0.002EPSS
Exploits0References1
CVE
CVE
added 2025/10/01 12:0 a.m.16 views

CVE-2025-59687

The CVE describes an Insecure Direct Object Reference vulnerability in IMPAQTR Aurora pre-1.36. Affected product: IMPAQTR Aurora. Vulnerable component: the data access to users list, organization details, bookmarks, and notifications for an arbitrary organization due to improper access control of...

4.3CVSS6.6AI score0.002EPSS
Exploits0References2
CVE
CVE
added 2022/09/26 2:8 p.m.27 views

CVE-2019-4622

CVE-2019-4622 is an IBM cross-site scripting vulnerability affecting multiple IBM Financial Transaction Manager modules (e.g., FTM CPS, FTM ACH, FTM CHK, FTM DP, and Digital Payments variants). The flaw allows embedding arbitrary JavaScript in the Web UI, potentially leading to credential disclos...

7.1AI score
Exploits0
OSV
OSV
added 2018/05/11 8:29 p.m.5 views

CVE-2018-1278

Apps Manager included in Pivotal Application Service, versions 1.12.x prior to 1.12.22, 2.0.x prior to 2.0.13, and 2.1.x prior to 2.1.4 contains an authorization enforcement vulnerability. A member of any org is able to create invitations to any org for which the org GUID can be discovered...

6.5CVSS5.8AI score0.01298EPSS
Exploits0References2
Rows per page
Query Builder