Filtered by vendor Bitwarden
Subscriptions
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-5138 | 1 Bitwarden | 1 Bitwarden | 2025-06-20 | 3.5 Low |
| A vulnerability was found in Bitwarden up to 2.25.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component PDF File Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-27706 | 1 Bitwarden | 1 Bitwarden | 2025-01-06 | 7.1 High |
| Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes. | ||||
| CVE-2023-38840 | 1 Bitwarden | 1 Bitwarden | 2024-11-21 | 5.5 Medium |
| Bitwarden Desktop 2023.7.0 and below allows an attacker with local access to obtain sensitive information via the Bitwarden.exe process. | ||||
| CVE-2023-27974 | 1 Bitwarden | 1 Bitwarden | 2024-11-21 | 7.5 High |
| Bitwarden through 2023.2.1 offers password auto-fill when the second-level domain matches, e.g., a password stored for an example.com hosting provider when customer-website.example.com is visited. NOTE: the vendor's position is that "Auto-fill on page load" is not enabled by default. | ||||
| CVE-2020-15879 | 1 Bitwarden | 1 Server | 2024-11-21 | 7.5 High |
| Bitwarden Server 1.35.1 allows SSRF because it does not consider certain IPv6 addresses (ones beginning with fc, fd, fe, or ff, and the :: address) and certain IPv4 addresses (0.0.0.0/8, 127.0.0.0/8, and 169.254.0.0/16). | ||||
| CVE-2019-19766 | 1 Bitwarden | 1 Server | 2024-11-21 | 7.5 High |
| The Bitwarden server through 1.32.0 has a potentially unwanted KDF. | ||||
| CVE-2018-25081 | 1 Bitwarden | 1 Bitwarden | 2024-11-21 | 7.5 High |
| Bitwarden through 2023.2.1 offers password auto-fill within a cross-domain IFRAME element. NOTE: the vendor's position is that there have been important legitimate cross-domain configurations (e.g., an apple.com IFRAME element on the icloud.com website) and that "Auto-fill on page load" is not enabled by default. | ||||
Page 1 of 1.