CVE-2026-43639

Bitwarden Server prior to v2026.4.0 contains a missing authorization vulnerability that allows a provider service user to add an arbitrary organization to their provider via POST /providers/providerId/clients/existing, resulting in takeover of the target organization; self-hosted installations ar...

CVE-2025-64400 Insufficient permission checks when pre-enrolling users Summary

Control Panel provides an API for pre-registering into an enrollment and organization prior to a user's first login. The API for creating users checks that the account requesting a user creation has edit on the enrollment-level user directory, but is missing a separate check that the enrollment...

PT-2025-52292

Name of the Vulnerable Software and Affected Versions Control Panel affected versions not specified Description The Control Panel software has an issue with its API for pre-registering users into an enrollment and organization before their initial login. The API used for user creation verifies th...

OSINT Gathering Tool: Inquisitor

OSINT Gathering Tool Inquisitor is a simple for gathering information on companies and organizations through the use of Open Source Intelligence OSINT sources. The key features of Inquisitor include: 1. The ability to cascade the ownership label of an asset e.g. if a Registrant Name is known to...