Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

RedhatCVE
RedhatCVEadded 2026/05/12 12:42 p.m.13 views

CVE-2026-43913

A flaw was found in Vaultwarden, a Bitwarden-compatible server. An authenticated user, who has been invited as an organization owner and accepted the invitation but has not yet been confirmed by an existing owner, can exploit this vulnerability. By calling a specific API endpoint, this user can...

8.1CVSS5.7AI score0.00267EPSS
Exploits1References2
CVE
CVEadded 2026/05/11 10:1 p.m.64 views

CVE-2026-43913

Vaultwarden (Rust) prior to 1.35.5 exposes a data-loss risk where an authenticated user who is an unconfirmed organization owner can purge the entire organization vault via POST /api/ciphers/purge. The purge check incorrectly validates only membership type Owner, not Confirmed status, allowing a ...

8.1CVSS5.8AI score0.00267EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/11 10:1 p.m.9 views

CVE-2026-43913 Vaultwarden: Unconfirmed Owner Can Purge Entire Organization Vault

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden allows an unconfirmed organization owner to purge the entire organization vault. The organization invite flow uses a two-step process: accepting an invite transitions membership from Invited to Accepted, an...

8.1CVSS5.8AI score0.00267EPSS
Exploits1References1
Rows per page
Query Builder