Sanjok Karki

#8489of 53,633
32.4Total CVSS
Vulnerabilities · 4
Medium
1
High
1
Critical
2
PT-2026-39662
5.4
2026-05-11
Bitwarden · Bitwarden Server · CVE-2026-43638
**Name of the Vulnerable Software and Affected Versions** Bitwarden Server versions prior to 2026.4.1 **Description** A missing authorization issue allows any authenticated user to write ciphers into an arbitrary organization. This occurs when submitting an empty `collections` array to the 'POST /ciphers/import-organization' endpoint, which causes the server-side permission check to be skipped. **Recommendations** Update to version 2026.4.1 or later. Avoid using the `collections` parameter with an empty array in the 'POST /ciphers/import-organization' endpoint until the update is applied.
PT-2026-39716
9.1
2026-05-11
Bitwarden · Bitwarden Server · CVE-2026-43639
**Name of the Vulnerable Software and Affected Versions** Bitwarden Server versions prior to 2026.4.0 **Description** A missing authorization issue allows a provider service user to add an arbitrary organization to their provider. This is possible through the 'POST /providers/{providerId}/clients/existing' endpoint, where the `providerId` variable is used. Successful exploitation can result in the takeover of the target organization. This issue specifically affects Cloud installations, as the endpoint is restricted and not available in self-hosted environments. **Recommendations** Update to version 2026.4.0 or later.
PT-2026-39717
8.1
2026-05-11
Bitwarden · Bitwarden Server · CVE-2026-43640
**Name of the Vulnerable Software and Affected Versions** Bitwarden Server versions prior to 2026.4.1 **Description** An issue exists where master-password re-authentication is not required when retrieving or rotating an organization's SCIM API key. This allows an authenticated user with SCIM management privileges to obtain the key using only a valid session. **Recommendations** Update to version 2026.4.1 or later.
PT-2022-11636
9.8
2022-08-23
D Link · Dir-615 · CVE-2021-42627
**Name of the Vulnerable Software and Affected Versions** D-Link DIR-615 version 20.06 **Description** The issue allows unauthorized access to the WAN configuration page "wan.htm" without authentication, potentially disclosing WAN settings information and enabling attackers to modify data fields on the page. **Recommendations** For version 20.06, consider restricting access to the "wan.htm" page until a patch is available. As a temporary workaround, limit access to the device's configuration interface to minimize the risk of exploitation.