| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-27898 | Vaultwarden: Unauthorized Access via Partial Update API on Another User’s Cipher | dani-garcia | vaultwarden | Medium | 5.4 | 2026-03-04 21:44:45 | Deep Dive |
| CVE-2026-27803 | Vaultwarden: Collection Management Operations Allowed Without `manage` Verification for Manager Role | dani-garcia | vaultwarden | High | 8.3 | 2026-03-04 21:40:33 | Deep Dive |
| CVE-2026-27802 | Vaultwarden: Privilege Escalation via Bulk Permission Update to Unauthorized Collections by Manager | dani-garcia | vaultwarden | High | 8.3 | 2026-03-04 21:34:35 | Deep Dive |
| CVE-2026-27801 | Vaultwarden: 2FA Bypass on Protected Actions due to Faulty Rate Limit Enforcement | dani-garcia | vaultwarden | - | - | 2026-03-04 21:32:15 | Deep Dive |
| CVE-2026-26012 | vaultwarden has Full Cipher Enumeration Ignoring Organization Collection Permissions | dani-garcia | vaultwarden | Medium | 6.5 | 2026-02-11 21:14:58 | Deep Dive |
| CVE-2025-24365 | vaultwarden allows escalation of privilege via variable confusion in OrgHeaders trait | dani-garcia | vaultwarden | High | 8.1 | 2025-01-27 17:49:58 | Deep Dive |
| CVE-2025-24364 | vaultwarden allows RCE in the admin panel | dani-garcia | vaultwarden | High | 7.2 | 2025-01-27 17:46:15 | Deep Dive |
| CVE-2024-56335 | Privilege escalation allows organization groups to be updated/deleted if their UUID is known in vaultwarden | dani-garcia | vaultwarden | High | 7.6 | 2024-12-20 20:15:36 | Deep Dive |