5 matches found
CVE-2026-43640 Bitwarden Server < 2026.4.1 Authentication Bypass via SCIM API Key
Bitwarden Server prior to v2026.4.1 does not require master-password re-authentication when retrieving or rotating an organization's SCIM API key, allowing an authenticated user with SCIM management privileges to obtain the key using only a valid session...
CVE-2026-6848
Summary: CVE-2026-6848 affects Red Hat Quay. The vulnerability allows bypassing the re-authentication prompt for password‑reverification during sensitive operations (e.g., token generation, robot account creation) when a user has a timed‑out session or idle authenticated browser session. This can...
CVE-2025-47272
CVE-2025-47272 affects CE Phoenix eCommerce (PhoenixCart) platforms versions 1.0.9.7 through 1.1.0.3, where logged-in users could delete their accounts without password re-authentication (session-based acceptance). Root cause: lack of re-auth for account deletion. Impact: potential permanent acco...
PT-2025-15072 · Zammad · Zammad
Name of the Vulnerable Software and Affected Versions: Zammad versions 6.4.0 through 6.4.1 Description: The issue concerns client-side enforcement of server-side security in Zammad. Specifically, when users change their two-factor authentication configuration, they are required to re-authenticate...
Unverified Password Change
Overview OctoPrint is a snappy web interface for your 3D printer Affected versions of this package are vulnerable to Unverified Password Change due to improper authentication in the settings interface. An attacker can gain unauthorized access to API keys and potentially disrupt system operations ...