14 matches found
CVE-2026-27802
Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Prior to version 1.35.4, there is a privilege escalation vulnerability via bulk permission update to unauthorized collections by Manager. This issue has been patched in version 1.35.4...
CVE-2026-27802
CVE-2026-27802 concerns Vaultwarden (unofficial Bitwarden-compatible server in Rust). A Privilege Escalation flaw allows a Manager (authorized user with access_all=false) to perform a bulk permission update that grants themselves access to collections they should not control. Multiple sources des...
CVE-2026-27802 Vaultwarden: Privilege Escalation via Bulk Permission Update to Unauthorized Collections by Manager
Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Prior to version 1.35.4, there is a privilege escalation vulnerability via bulk permission update to unauthorized collections by Manager. This issue has been patched in version 1.35.4...
CVE-2026-27802
Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Prior to version 1.35.4, there is a privilege escalation vulnerability via bulk permission update to unauthorized collections by Manager. This issue has been patched in version 1.35.4...
CVE-2026-27802 Vaultwarden: Privilege Escalation via Bulk Permission Update to Unauthorized Collections by Manager
Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Prior to version 1.35.4, there is a privilege escalation vulnerability via bulk permission update to unauthorized collections by Manager. This issue has been patched in version 1.35.4...
PT-2026-23071
Name of the Vulnerable Software and Affected Versions Vaultwarden versions prior to 1.35.4 Description A Manager account with limited permissions was able to gain elevated privileges by using the bulk-access API to modify permissions on collections they were not originally authorized to access. T...
EUVD-2020-5527
Malware in sbrugna...
CVE-2024-12247 Improper propagation of permission scheme updates across cluster nodes
Mattermost versions 9.7.x = 9.7.5, 9.8.x = 9.8.2 and 9.9.x = 9.9.2 fail to properly propagate permission scheme updates across cluster nodes which allows a user to keep old permissions, even if the permission scheme has been updated...
PT-2024-17506 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.7.x through 9.7.5 Mattermost versions 9.8.x through 9.8.2 Mattermost versions 9.9.x through 9.9.2 Description: The issue arises from the failure to properly propagate permission scheme updates across cluster nodes. This...
CVE-2020-24028
ForLogic Qualiex v1 and v3 allows any authenticated customer to achieve privilege escalation via user creations, password changes, or user permission updates. NOTE: as of 2025-10-14, the Supplier's perspective is that this "does not allow administrative privilege gain. Authorization is enforced...
CVE-2020-24028
ForLogic Qualiex v1 and v3 allows any authenticated customer to achieve privilege escalation via user creations, password changes, or user permission updates. NOTE: as of 2025-10-14, the Supplier's perspective is that this "does not allow administrative privilege gain. Authorization is enforced...
CVE-2020-24028
The CVE-2020-24028 entry concerns ForLogic Qualiex v1 and v3. It states that an authenticated customer can achieve privilege escalation via actions such as creating users, changing passwords, or updating user permissions, within the user’s own permission scope. The supplier‑provided note (as of 2...
CVE-2020-24028
ForLogic Qualiex v1 and v3 allows any authenticated customer to achieve privilege escalation via user creations, password changes, or user permission updates. NOTE: as of 2025-10-14, the Supplier's perspective is that this "does not allow administrative privilege gain. Authorization is enforced...
THC-HYDRA v6.1 brute force tool Released !
One of the most famous network logon cracker - THC-HYDRA, has been updated! We now have THC-HYDRA version 6.1 in less than a fortnight! "THC-HYDRA is a very fast network logon cracker which support many different services. This tool is a proof of concept code, to give researchers and security...