Lucene search
+L

138 matches found

Nuclei
Nuclei
added yesterday17 views

Casdoor - Authorization Bypass

Casdoor up to 1.811.0 contains an authorization bypass caused by manipulation in HandleScim function in controllers/scim.go, letting remote attackers bypass authorization, exploit requires remote access. id: CVE-2025-4210 info: name: Casdoor - Authorization Bypass author: theamanrawat severity:...

7.5CVSS6.9AI score0.01813EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/22 10:57 p.m.5 views

Prototype Pollution

Overview scim-patch is a SCIM Patch operation rfc7644. Affected versions of this package are vulnerable to Prototype Pollution via the scimPatch function. An attacker can modify the Object.prototype by supplying specially crafted keys in a patch operation, which can lead to privilege escalation,...

9.1CVSS6.5AI score
Exploits0References2
NVD
NVD
added 2026/06/10 10:17 p.m.11 views

CVE-2026-46689

Kanidm is an identity management platform. Prior to version 1.9.3, a single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query string of a few thousand nested parentheses ≈ 4–12 KB drives the recursive-descent PEG parser past the worker thread's stack guard page. Rust responds...

8.7CVSS0.00317EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 8:28 p.m.10 views

EUVD-2026-36133

Kanidm is an identity management platform. Prior to version 1.9.3, a single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query string of a few thousand nested parentheses ≈ 4–12 KB drives the recursive-descent PEG parser past the worker thread's stack guard page. Rust responds...

8.7CVSS5.4AI score0.00317EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/10 8:28 p.m.28 views

CVE-2026-46689 Kanidm: Unauthenticated process abort via SCIM filter stack exhaustion

Kanidm is an identity management platform. Prior to version 1.9.3, a single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query string of a few thousand nested parentheses ≈ 4–12 KB drives the recursive-descent PEG parser past the worker thread's stack guard page. Rust responds...

8.7CVSS0.00317EPSS
Exploits0References2
CVE
CVE
added 2026/06/10 8:28 p.m.25 views

CVE-2026-46689

Kanidm vuln CVE-2026-46689: An unauthenticated GET to any /scim/v1/... endpoint with a crafted ?filter= (thousands of nested parentheses, ~4–12 KB) can exhaust the parser’s stack due to an unbounded depth in the SCIM filter grammar. This causes a stack overflow and std::process::abort(), terminat...

8.7CVSS5.4AI score0.00317EPSS
Exploits0References2
OSV
OSV
added 2026/06/10 8:28 p.m.2 views

CVE-2026-46689 Kanidm: Unauthenticated process abort via SCIM filter stack exhaustion

Kanidm is an identity management platform. Prior to version 1.9.3, a single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query string of a few thousand nested parentheses ≈ 4–12 KB drives the recursive-descent PEG parser past the worker thread's stack guard page. Rust responds...

8.7CVSS5.9AI score0.00317EPSS
Exploits0References4
NVD
NVD
added 2026/05/27 6:16 p.m.18 views

CVE-2026-46425

Budibase is an open-source low-code platform. Prior to 3.38.2, packages/worker/src/api/routes/global/scim.ts attaches only two middlewares to the SCIM router: requireSCIM checks the Enterprise feature flag and SCIM config and doInScimContext sets the SCIM request context. There is no role check...

9.9CVSS0.00286EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/27 5:6 p.m.14 views

EUVD-2026-32598

Budibase is an open-source low-code platform. Prior to 3.38.2, packages/worker/src/api/routes/global/scim.ts attaches only two middlewares to the SCIM router: requireSCIM checks the Enterprise feature flag and SCIM config and doInScimContext sets the SCIM request context. There is no role check...

9.9CVSS5.8AI score0.00286EPSS
Exploits0References2
OSV
OSV
added 2026/05/27 5:6 p.m.3 views

CVE-2026-46425 Budibase: SCIM endpoints lack role-based authorization, BASIC users CRUD tenant users

Budibase is an open-source low-code platform. Prior to 3.38.2, packages/worker/src/api/routes/global/scim.ts attaches only two middlewares to the SCIM router: requireSCIM checks the Enterprise feature flag and SCIM config and doInScimContext sets the SCIM request context. There is no role check...

9.9CVSS5.9AI score0.00286EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

Budibase 安全漏洞

Budibase is an open-source low-code platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.38.2 contained security vulnerabilities. These vulnerabilities stemmed from a lack of...

9.9CVSS5.9AI score0.00286EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.17 views

PT-2026-42120

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.38.2 Description An authorization bypass exists in the SCIM router within packages/worker/src/api/routes/global/scim.ts. The router only utilizes the requireSCIM and doInScimContext middlewares, failing to implemen...

9.9CVSS5.8AI score0.00286EPSS
Exploits0References4
NVD
NVD
added 2026/05/11 6:16 p.m.21 views

CVE-2026-43640

Bitwarden Server prior to v2026.4.1 does not require master-password re-authentication when retrieving or rotating an organization's SCIM API key, allowing an authenticated user with SCIM management privileges to obtain the key using only a valid session...

8.6CVSS0.00504EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/05/11 5:14 p.m.7 views

CVE-2026-43640 Bitwarden Server < 2026.4.1 Authentication Bypass via SCIM API Key

Bitwarden Server prior to v2026.4.1 does not require master-password re-authentication when retrieving or rotating an organization's SCIM API key, allowing an authenticated user with SCIM management privileges to obtain the key using only a valid session...

8.6CVSS5.8AI score0.00504EPSS
Exploits1References5
CVE
CVE
added 2026/05/11 5:14 p.m.28 views

CVE-2026-43640

Bitwarden Server (affected: v2026.4.1 and earlier) contains an authentication bypass for SCIM API key retrieval/rotation. A logged-in user with SCIM management privileges can obtain the organization's SCIM API key without re-authenticating the master password, exposing sensitive credentials. Root...

8.6CVSS5.8AI score0.00504EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/05/11 5:14 p.m.35 views

CVE-2026-43640 Bitwarden Server < 2026.4.1 Authentication Bypass via SCIM API Key

Bitwarden Server prior to v2026.4.1 does not require master-password re-authentication when retrieving or rotating an organization's SCIM API key, allowing an authenticated user with SCIM management privileges to obtain the key using only a valid session...

8.6CVSS0.00504EPSS
Exploits1References5
OSV
OSV
added 2026/05/11 5:14 p.m.4 views

CVE-2026-43640 Bitwarden Server < 2026.4.1 Authentication Bypass via SCIM API Key

Bitwarden Server prior to v2026.4.1 does not require master-password re-authentication when retrieving or rotating an organization's SCIM API key, allowing an authenticated user with SCIM management privileges to obtain the key using only a valid session...

8.6CVSS6AI score0.00504EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.22 views

PT-2026-39717

Name of the Vulnerable Software and Affected Versions Bitwarden Server versions prior to 2026.4.1 Description An issue exists where master-password re-authentication is not required when retrieving or rotating an organization's SCIM API key. This allows an authenticated user with SCIM management...

8.6CVSS5.8AI score0.00504EPSS
Exploits1References10
OSV
OSV
added 2026/05/06 11:38 p.m.9 views

GHSA-R5FR-9GMV-JGGH scim_proto and kanidm_proto have an authenticated process abort via SCIM filter stack exhaustion

Summary A single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query string of a few thousand nested parentheses ≈ 4–12 KB drives the recursive-descent PEG parser past the worker thread's stack guard page. Rust responds to stack overflow with std::process::abort — the entire...

8.7CVSS5.9AI score0.00317EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/06 11:38 p.m.10 views

scim_proto and kanidm_proto have an authenticated process abort via SCIM filter stack exhaustion

Summary A single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query string of a few thousand nested parentheses ≈ 4–12 KB drives the recursive-descent PEG parser past the worker thread's stack guard page. Rust responds to stack overflow with std::process::abort — the entire...

8.7CVSS5.9AI score0.00317EPSS
Exploits0References4Affected Software2
Rows per page
Query Builder