Lucene search
K

5 matches found

Vulnrichment
Vulnrichment
added 2026/05/11 5:14 p.m.6 views

CVE-2026-43640 Bitwarden Server < 2026.4.1 Authentication Bypass via SCIM API Key

Bitwarden Server prior to v2026.4.1 does not require master-password re-authentication when retrieving or rotating an organization's SCIM API key, allowing an authenticated user with SCIM management privileges to obtain the key using only a valid session...

8.6CVSS5.8AI score0.00504EPSS
Exploits1References5
CVE
CVE
added 2026/04/22 9:6 a.m.8 views

CVE-2026-6848

Summary: CVE-2026-6848 affects Red Hat Quay. The vulnerability allows bypassing the re-authentication prompt for password‑reverification during sensitive operations (e.g., token generation, robot account creation) when a user has a timed‑out session or idle authenticated browser session. This can...

8.1CVSS5.9AI score0.00263EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/06/02 10:47 a.m.45 views

CVE-2025-47272

CVE-2025-47272 affects CE Phoenix eCommerce (PhoenixCart) platforms versions 1.0.9.7 through 1.1.0.3, where logged-in users could delete their accounts without password re-authentication (session-based acceptance). Root cause: lack of re-auth for account deletion. Impact: potential permanent acco...

5.5CVSS5.4AI score0.00142EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/05 12:0 a.m.4 views

PT-2025-15072 · Zammad · Zammad

Name of the Vulnerable Software and Affected Versions: Zammad versions 6.4.0 through 6.4.1 Description: The issue concerns client-side enforcement of server-side security in Zammad. Specifically, when users change their two-factor authentication configuration, they are required to re-authenticate...

8.8CVSS7.7AI score0.00264EPSS
Exploits0References7
Snyk
Snyk
added 2024/11/05 3:8 p.m.2 views

Unverified Password Change

Overview OctoPrint is a snappy web interface for your 3D printer Affected versions of this package are vulnerable to Unverified Password Change due to improper authentication in the settings interface. An attacker can gain unauthorized access to API keys and potentially disrupt system operations ...

6.5CVSS7.1AI score0.00282EPSS
Exploits0References2
Rows per page
Query Builder