Lucene search
K

28 matches found

Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.13 views

PT-2026-39863

Name of the Vulnerable Software and Affected Versions Vaultwarden versions prior to 1.35.5 Description Vaultwarden allows an unconfirmed organization owner to purge the entire organization vault. The issue exists because the 'POST /api/ciphers/purge' endpoint verifies that a user has the Owner...

8.1CVSS5.8AI score0.00267EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/04 9:32 p.m.4 views

CVE-2026-27801

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Vaultwarden versions 1.34.3 and prior are susceptible to a 2FA bypass when performing protected actions. An attacker who gains authenticated access to a user’s account can exploit this bypass ...

6CVSS5.9AI score0.0026EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 9:33 a.m.10 views

CVE-2024-39924

An issue was discovered in Vaultwarden formerly BitwardenRS 1.30.3. A vulnerability has been identified in the authentication and authorization process of the endpoint responsible for altering the metadata of an emergency access. It permits an attacker with granted emergency access to escalate...

8.8CVSS7.3AI score0.13064EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:33 a.m.6 views

CVE-2024-39926

An issue was discovered in Vaultwarden formerly BitwardenRS 1.30.3. A stored cross-site scripting XSS or, due to the default CSP, HTML injection vulnerability has been discovered in the admin dashboard. This potentially allows an authenticated attacker to inject malicious code into the dashboard,...

5.4CVSS5.5AI score0.0043EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-53116

Malicious code in bioql PyPI...

7.6CVSS6.3AI score0.00333EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-38303

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.13064EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2025/06/02 4:5 p.m.586 views

Exploit for Incorrect Default Permissions in Dani-Garcia Vaultwarden

PoC-CVE-2024-39924 PoC and lab setup for CVE-2024-39924 De...

8.8CVSS6.8AI score0.13064EPSS
Exploits1
NVD
NVD
added 2025/01/27 6:15 p.m.13 views

CVE-2025-24365

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Attacker can obtain owner rights of other organization. Hacker should know the ID of victim organization in real case the user can be a part of the organization as an unprivileged user and be...

8.1CVSS0.00654EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/01/27 5:49 p.m.20 views

CVE-2025-24365 vaultwarden allows escalation of privilege via variable confusion in OrgHeaders trait

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Attacker can obtain owner rights of other organization. Hacker should know the ID of victim organization in real case the user can be a part of the organization as an unprivileged user and be...

8.1CVSS0.00654EPSS
Exploits1References2
CVE
CVE
added 2025/01/27 5:46 p.m.252 views

CVE-2025-24364

CVE-2025-24364 affects vaultwarden (Unofficial Bitwarden server) written in Rust. The vuln requires authenticated access to the vaultwarden admin panel and allows arbitrary code execution by manipulating mail settings to trigger shell commands, with a specially crafted favicon used to embed comma...

7.2CVSS7.6AI score0.00996EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2025/01/09 9:31 p.m.22 views

Vaultwarden HTML injection vulnerability

An HTML injection vulnerability in Vaultwarden prior to v1.32.5 allows attackers to execute arbitrary code via injecting a crafted payload into the username field of an e-mail message...

9.6CVSS8AI score0.00812EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2025/01/09 9:15 p.m.8 views

CVE-2024-55224

An HTML injection vulnerability in Vaultwarden prior to v1.32.5 allows attackers to execute arbitrary code via injecting a crafted payload into the username field of an e-mail message...

9.6CVSS0.00812EPSS
Exploits1References3
NVD
NVD
added 2025/01/09 9:15 p.m.13 views

CVE-2024-55225

An issue in the component src/api/identity.rs of Vaultwarden prior to v1.32.5 allows attackers to impersonate users, including Administrators, via a crafted authorization request...

9.8CVSS0.00587EPSS
Exploits0References3
NVD
NVD
added 2025/01/09 9:15 p.m.13 views

CVE-2024-55226

Vaultwarden v1.32.5 was discovered to contain an authenticated reflected cross-site scripting XSS vulnerability via the component /api/core/mod.rs...

5.4CVSS0.00366EPSS
Exploits1References3
OSV
OSV
added 2025/01/09 9:15 p.m.4 views

CVE-2024-55225

An issue in the component src/api/identity.rs of Vaultwarden prior to v1.32.5 allows attackers to impersonate users, including Administrators, via a crafted authorization request...

9.8CVSS6.9AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/01/09 12:0 a.m.8 views

CVE-2024-55224

An HTML injection vulnerability in Vaultwarden prior to v1.32.5 allows attackers to execute arbitrary code via injecting a crafted payload into the username field of an e-mail message...

8AI score0.00812EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/01/09 12:0 a.m.5 views

PT-2025-3104 · Unknown · Vaultwarden

Name of the Vulnerable Software and Affected Versions: Vaultwarden version 1.32.5 Description: The issue is related to an authenticated reflected Cross-Site Scripting XSS vulnerability. This vulnerability is present in the /api/core/mod.rs component. Recommendations: For Vaultwarden version 1.32....

5.4CVSS5.2AI score0.00366EPSS
Exploits1References11
Vulnrichment
Vulnrichment
added 2025/01/09 12:0 a.m.9 views

CVE-2024-55226

Vaultwarden v1.32.5 was discovered to contain an authenticated reflected cross-site scripting XSS vulnerability via the component /api/core/mod.rs...

6.2AI score0.00366EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/01/09 12:0 a.m.12 views

CVE-2024-55224

An HTML injection vulnerability in Vaultwarden prior to v1.32.5 allows attackers to execute arbitrary code via injecting a crafted payload into the username field of an e-mail message...

0.00812EPSS
Exploits1References3
CVE
CVE
added 2025/01/09 12:0 a.m.58 views

CVE-2024-55224

Vaultwarden (before 1.32.5) is affected by an HTML injection vulnerability that could allow an attacker to execute arbitrary code by injecting a crafted payload into the username field of an e‑mail message. The issue is described across multiple sources (including GHSA and OSV) as a Vaultwarden H...

9.6CVSS8AI score0.00812EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder