CVE-2022-3989

The Motors WordPress plugin before 1.4.4 does not properly validate uploaded files for dangerous file types such as .php in an AJAX action, allowing an attacker to sign up on a victim's WordPress instance, upload a malicious PHP file and attempt to launch a brute-force attack to discover the...

CVE-2024-56335 Privilege escalation allows organization groups to be updated/deleted if their UUID is known in vaultwarden

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. In affected versions an attacker is capable of updating or deleting groups from an organization given a few conditions: 1. The attacker has a user account in the server. 2. The attacker's...

PT-2024-36796 · Unknown +1 · Vaultwarden +1

Name of the Vulnerable Software and Affected Versions: vaultwarden versions 1.32.6 and earlier Description: vaultwarden, an unofficial Bitwarden compatible server written in Rust, is susceptible to a manipulation issue affecting group management. An attacker with a user account on the server,...