EUVD-2026-29170

Bitwarden Server prior to v2026.4.0 contains a missing authorization vulnerability that allows a provider service user to add an arbitrary organization to their provider via POST /providers/providerId/clients/existing, resulting in takeover of the target organization; self-hosted installations ar...

CVE-2026-43639

Bitwarden Server prior to v2026.4.0 contains a missing authorization vulnerability that allows a provider service user to add an arbitrary organization to their provider via POST /providers/providerId/clients/existing, resulting in takeover of the target organization; self-hosted installations ar...

Dell PowerStore 安全漏洞

Dell PowerStore is an expandable flash-based storage array provided by the American company Dell. There is a security vulnerability present in Dell PowerStore. This vulnerability stems from a path traversal issue within the service users, which may allow low-privilege attackers with local access ...

MAL-2026-2069 Malicious code in eslint-config-service-users (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e4e2d9cbfd1dc174c6898b4375b8d4417da80c535833d43c5a4ae977252e9269 The package eslint-config-service-users was found to contain malicious code. Source: ghsa-malware...

Malicious code in eslint-config-service-users (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e4e2d9cbfd1dc174c6898b4375b8d4417da80c535833d43c5a4ae977252e9269 The package eslint-config-service-users was found to contain malicious code. Source: ghsa-malware...

Virtuozzo Hybrid Infrastructure 7.2 (7.2.0-246)

In this release, Virtuozzo Hybrid Infrastructure introduces support for two-factor authentication 2FA for system administrators and self-service users, along with several other new features and improvements. Additionally, this release delivers stability fixes and addresses issues found in previou...

EUVD-2019-8901

Malware in sbrugna...

CVE-2019-19277

A vulnerability has been identified in SIPORT MP All versions 3.1.4. Vulnerable versions of the device allow the creation of special accounts "service users" with administrative privileges that could enable a remote authenticated attacker to perform actions that are not visible to other users of...

GO-2024-3139 ZITADEL's Service Users Deactivation not Working in github.com/zitadel/zitadel

ZITADEL's Service Users Deactivation not Working in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, plea...

GHSA-HR2C-P8RH-238H Apache Axis Improper Input Validation vulnerability

UNSUPPORTED WHEN ASSIGNED Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF. This issue affects Apache Axis through 1.3. As Axis 1 has been EOL, we recommend you migrate to a different SOAP engine, such as Apache Axis...

InsightVM Scanning: Demystifying SSH Credential Elevation

Written in collaboration with Jimmy Cancilla The credentials to log into the assets on the network are one of the most critical inputs that can be provided to a vulnerability assessment. In order to capture and report on the full risk of an asset, the scan engine must be able to access the asset ...

CVE-2022-22832

An issue was discovered in Servisnet Tessa 0.0.2. Authorization data is available via an unauthenticated /data-service/users/ request...

CVE-2022-22832

An issue was discovered in Servisnet Tessa 0.0.2. Authorization data is available via an unauthenticated /data-service/users/ request...

PT-2022-15700 · Servisnet · Servisnet Tessa

Name of the Vulnerable Software and Affected Versions: Servisnet Tessa version 0.0.2 Description: An issue was discovered where authorization data is available via an unauthenticated request to the "/data-service/users/" API endpoint. Recommendations: For Servisnet Tessa version 0.0.2, consider...

PT-2021-22737 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 14.1.1 and above Description: The issue allows bypassing 2FA for LDAP users and accessing specific pages using Basic Authentication. Recommendations: For GitLab versions 14.1.1 and above, at the moment, there is no information...

CVE-2019-19277

A vulnerability has been identified in SIPORT MP All versions 3.1.4. Vulnerable versions of the device allow the creation of special accounts "service users" with administrative privileges that could enable a remote authenticated attacker to perform actions that are not visible to other users of...