CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/27 6:16 p.m.•9 views

CVE-2026-46425

Budibase is an open-source low-code platform. Prior to 3.38.2, packages/worker/src/api/routes/global/scim.ts attaches only two middlewares to the SCIM router: requireSCIM checks the Enterprise feature flag and SCIM config and doInScimContext sets the SCIM request context. There is no role check...

9.9CVSS0.00044EPSS

EUVD•added 2026/05/27 5:6 p.m.•5 views

EUVD-2026-32598

9.9CVSS5.8AI score0.00044EPSS

CNNVD•added 2026/05/27 12:0 a.m.•4 views

Budibase 安全漏洞

Budibase is an open-source low-code platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.38.2 contained security vulnerabilities. These vulnerabilities stemmed from a lack of...

9.9CVSS5.9AI score0.00044EPSS

Positive Technologies•added 2026/05/20 12:0 a.m.•5 views

PT-2026-42120

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.38.2 Description An authorization bypass exists in the SCIM router within packages/worker/src/api/routes/global/scim.ts. The router only utilizes the requireSCIM and doInScimContext middlewares, failing to implemen...

9.9CVSS5.8AI score0.00044EPSS

Exploits0References4

NVD•added 2026/05/11 6:16 p.m.•6 views

CVE-2026-43640

Bitwarden Server prior to v2026.4.1 does not require master-password re-authentication when retrieving or rotating an organization's SCIM API key, allowing an authenticated user with SCIM management privileges to obtain the key using only a valid session...

8.6CVSS0.00134EPSS

Exploits0References5

Cvelist•added 2026/05/11 5:14 p.m.•24 views

CVE-2026-43640 Bitwarden Server < 2026.4.1 Authentication Bypass via SCIM API Key

8.6CVSS0.00134EPSS

Exploits0References5

CVE•added 2026/05/11 5:14 p.m.•7 views

CVE-2026-43640

Bitwarden Server (affected: v2026.4.1 and earlier) contains an authentication bypass for SCIM API key retrieval/rotation. A logged-in user with SCIM management privileges can obtain the organization's SCIM API key without re-authenticating the master password, exposing sensitive credentials. Root...

8.6CVSS5.8AI score0.00134EPSS

Exploits0References5Affected Software1

Vulnrichment•added 2026/05/11 5:14 p.m.•2 views

CVE-2026-43640 Bitwarden Server < 2026.4.1 Authentication Bypass via SCIM API Key

8.6CVSS5.8AI score0.00134EPSS

Exploits0References5

Positive Technologies•added 2026/05/11 12:0 a.m.•5 views

PT-2026-39717

Name of the Vulnerable Software and Affected Versions Bitwarden Server versions prior to 2026.4.1 Description An issue exists where master-password re-authentication is not required when retrieving or rotating an organization's SCIM API key. This allows an authenticated user with SCIM management...

8.6CVSS5.8AI score0.00134EPSS

Exploits0References10

Github Security Blog•added 2026/05/06 11:38 p.m.•3 views

scim_proton and kanidm_proto have an authenticated process abort via SCIM filter stack exhaustion

Summary A single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query string of a few thousand nested parentheses ≈ 4–12 KB drives the recursive-descent PEG parser past the worker thread's stack guard page. Rust responds to stack overflow with std::process::abort — the entire...

5.9AI score

Exploits0References2Affected Software2

OSV•added 2026/05/06 11:38 p.m.•1 views

GHSA-R5FR-9GMV-JGGH scim_proton and kanidm_proto have an authenticated process abort via SCIM filter stack exhaustion

8.7CVSS5.9AI score

EUVD•added 2026/03/27 3:30 p.m.•0 views

EUVD-2024-55508

Insertion of Sensitive Information into Log File vulnerability in the SCIM Driver module in OpenText IDM Driver and Extensions on Windows, Linux, 64 bit allows authenticated local users to obtain sensitive information via access to log files. This issue affects IDM SCIM Driver: 1.0.0.0000 through...

NVD•added 2026/03/27 3:16 p.m.•1 views

CVE-2024-11604

7.3CVSS0.00019EPSS

Vulnrichment•added 2026/03/27 2:8 p.m.•1 views

CVE-2024-11604 Insertion of Sensitive Information into Log File

CVE•added 2026/03/27 2:8 p.m.•2 views

CVE-2024-11604

CVE-2024-11604 concerns an issue in the OpenText IDM Driver and Extensions SCIM Driver module (Windows, Linux, 64-bit). The vulnerability arises from the insertion of sensitive information into log files, allowing authenticated local users to access sensitive data via log file contents. Affected ...

Positive Technologies•added 2026/03/27 12:0 a.m.•1 views

PT-2026-28268

Snyk•added 2026/03/12 12:36 a.m.•1 views

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the SCIM API when URL-encoded path values are used. An attacker can access sensitive user information, including names, email addresses, phone numbers, addresses, external IDs,...

8.7CVSS5.8AI score0.00255EPSS

Positive Technologies•added 2026/03/11 12:0 a.m.•0 views

PT-2026-24853

🚨 CVE-2026-32130 ZITADEL is an open source identity management platform. From 2.68.0 to before 3.4.8 and 4.12.2, Zitadel provides a System for Cross-domain Identity Management SCIM API to provision users from external providers into Zitadel. Request to the API with URL-encoded path values were...

7.5CVSS5.8AI score0.00255EPSS

Exploits0References8

CNNVD•added 2026/03/11 12:0 a.m.•3 views

ZITADEL 安全漏洞

ZITADEL is an open-source identity and access management platform developed by ZITADEL in Switzerland. Versions of ZITADEL from 2.68.0 to 3.4.8, as well as version 4.12.2, have security vulnerabilities. These vulnerabilities stem from improper handling of URL-encoded path values by the SCIM API...

7.5CVSS5.8AI score0.00255EPSS