bitwarden 安全漏洞

Bitwarden is an open-source password management backend service developed by Bitwarden. Versions of Bitwarden prior to 2026.4.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of a master password re-authentication requirement when retrieving or rotating organizati...

PT-2026-39717

Name of the Vulnerable Software and Affected Versions Bitwarden Server versions prior to 2026.4.1 Description An issue exists where master-password re-authentication is not required when retrieving or rotating an organization's SCIM API key. This allows an authenticated user with SCIM management...

CVE-2026-6848 Quay: red hat quay: authentication bypass allows privileged actions without valid credentials

A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive operations, such as token generation or robot account creation, the re-authentication prompt can be bypassed. This allows a user with a timed-out session, or an attacker with access to an idle...

CVE-2026-6848

A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive operations, such as token generation or robot account creation, the re-authentication prompt can be bypassed. This allows a user with a timed-out session, or an attacker with access to an idle...

CVE-2019-12468

An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover...

Revive Adserver: Authorization bypass allows changing email address of other users

The Revive Adserver 6.0.0 was found to have an authorization bypass vulnerability that allowed changing the email address of other users without requiring the account password. The vulnerability was present in the admin panel endpoint /admin/agency-user.php, which accepted a POST request that...

EUVD-2020-29671

Malware in sbrugna...

EUVD-2019-17833

Malware in sbrugna...

EUVD-2002-0484

Malware in sbrugna...

EUVD-2021-0724

Malware in sbrugna...

EUVD-2023-2397

Malicious code in bioql PyPI...

EUVD-2024-1185

Malicious code in bioql PyPI...

SUSE-SU-2025:02230-1 Security update for samba

This update for samba fixes the following issues: - CVE-2025-0620: smbd doesn't pick up group membership changes when re-authenticating an expired SMB session bsc1244136. Other bugfixes: - net ad join fails with 'Failed to join domain: failed to create kerberos keytab' bsc1238063...

MediaWiki Security Breach

MediaWiki is a set of free and freely available web-based Wiki engines from the American Wikimedia Wikimedia Foundation. The product can be used to deploy internal knowledge management and content management systems. MediaWiki has a security vulnerability that stems from the fact that MediaWiki i...

CVE-2025-24332

Nokia Single RAN AirScale baseband prior to 23R4-SR 3.0 MP is affected. An authenticated administrative user can move laterally across baseband boards via the internal bsoc SSH over the baseband backplane, using an SSH private key on the baseband system board, without re-authentication. This effe...

ALPINE-CVE-2025-0620

A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again...

CVE-2025-0620

A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again...

SUSE CVE-2025-0620

A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again...

CVE-2025-47272

The CE Phoenix eCommerce platform, starting in version 1.0.9.7 and prior to version 1.1.0.3, allowed logged-in users to delete their accounts without requiring password re-authentication. An attacker with temporary access to an authenticated session e.g., on a shared/public machine could...

UBUNTU-CVE-2025-0620

A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again...