📦 Vaultwarden
by Dani Garcia
🔍 What is Vaultwarden?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
An HTML injection vulnerability in Vaultwarden allows attackers to inject malicious HTML/JavaScript into the username field of email messages. This could lead to arbitrary code execution when the emai...
This vulnerability allows managers in Vaultwarden to escalate their privileges by modifying permissions for collections they shouldn't have access to. It affects all Vaultwarden instances running vers...
Authenticated attackers with admin panel access to vaultwarden can execute arbitrary system commands through a crafted favicon image when using sendmail configuration. This affects all vaultwarden ins...
This vulnerability in vaultwarden allows an attacker who is an owner/admin of one organization to gain owner rights over another organization by knowing the victim organization's ID. This affects vaul...
This vulnerability allows authenticated attackers with admin/owner permissions in one organization to modify or delete groups in other organizations if they know the target organization and group UUID...
This vulnerability allows an attacker with emergency access to a Vaultwarden vault to escalate privileges from read-only to full control. By exploiting a missing authentication check in the emergency ...
This vulnerability allows authenticated regular users in Vaultwarden to access other users' encrypted password vault entries by exploiting an authorization bypass in the partial update API endpoint. A...
In vaultwarden versions before 1.35.3, any organization member can access all ciphers (password entries) within their organization, bypassing collection-based permission controls. This affects all vau...
Vaultwarden v1.32.5 contains an authenticated reflected cross-site scripting (XSS) vulnerability in the /api/core/mod.rs component. This allows authenticated attackers to inject malicious scripts that...
This CVE describes a stored cross-site scripting (XSS) or HTML injection vulnerability in Vaultwarden's admin dashboard. Authenticated attackers can inject malicious code that executes in administrato...