Vulnerabilities in dani-garcia
14 resultsCVE-2025-24364HIGHvaultwarden allows RCE in the admin panelEPSS 1.0%CVE-2025-24365HIGHvaultwarden allows escalation of privilege via variable confusion in OrgHeaders traitEPSS 0.7%CVE-2024-56335HIGHPrivilege escalation allows organization groups to be updated/deleted if their UUID is known in vaultwardenEPSS 0.3%CVE-2026-26012MEDIUMvaultwarden has Full Cipher Enumeration Ignoring Organization Collection PermissionsEPSS 0.3%CVE-2026-27802HIGHVaultwarden: Privilege Escalation via Bulk Permission Update to Unauthorized Collections by ManagerEPSS 0.3%CVE-2026-43912HIGHVaultwarden: Cross-Org Group Binding Enables Unauthorized Read And Write Access Into Another OrganizationEPSS 0.3%CVE-2026-43914HIGHVaultwarden: Brute-force protection bypass vulnerabilityEPSS 0.3%CVE-2026-27803HIGHVaultwarden: Collection Management Operations Allowed Without `manage` Verification for Manager RoleEPSS 0.3%CVE-2026-43913HIGHVaultwarden: Unconfirmed Owner Can Purge Entire Organization VaultEPSS 0.3%CVE-2026-27801MEDIUMVaultwarden: 2FA Bypass on Protected Actions due to Faulty Rate Limit EnforcementEPSS 0.3%CVE-2026-43911MEDIUMVaultwarden: Refresh tokens not invalidated on security stamp rotationEPSS 0.2%CVE-2026-33420MEDIUMVaultwarden missing authorization check allows Manager-role users to enumerate all collectionsEPSS 0.2%CVE-2026-27898MEDIUMVaultwarden: Unauthorized Access via Partial Update API on Another User’s CipherEPSS 0.2%CVE-2026-31835MEDIUMVaultwarden WebAuthn credential metadata tampered before signature verificationEPSS 0.2%