Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/25 7:9 p.m.6 views

CVE-2026-57521

Bitwarden Server before 2026.5.0 contains a broken access control vulnerability that allows any authenticated user to access arbitrary organization billing data by supplying an arbitrary organizationId to the PreviewInvoiceController endpoints without membership or authorization checks. Attackers...

5.3CVSS6AI score0.00248EPSS
Exploits1References6
EUVD
EUVD
added 2026/06/24 11:53 a.m.11 views

EUVD-2026-38747

Flowise before 3.1.0 versions 3.0.13 and earlier contains a missing authentication vulnerability in the /api/v1/loginmethod endpoint that allows unauthenticated users to retrieve an organization's complete SSO configuration, including OAuth client secrets in cleartext, by providing an...

8.7CVSS5.9AI score0.00383EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2024/09/13 12:0 a.m.29 views

CVE-2024-39925

An issue was discovered in Vaultwarden formerly BitwardenRS 1.30.3. It lacks an offboarding process for members who leave an organization. As a result, the shared organization key is not rotated when a member departs. Consequently, the departing member, whose access should be revoked, retains a...

6.5CVSS6.3AI score0.00573EPSS
Exploits0
Atlassian
Atlassian
added 2013/03/19 12:45 a.m.26 views

XSS in organisationId in /secure/admin/UpdateBitbucketCredentials.jspa

OrganisationId is passed unfiltered into the results page. Contents of the field persist through the "missing XSRF token" screen, so exploitation is trivial - just get your victim to click on the link. noformat GET...

6.9AI score
Exploits0Affected Software1
Rows per page
Query Builder