CVE-2025-5138
- EPSS 0.05%
- Veröffentlicht 25.05.2025 00:31:04
- Zuletzt bearbeitet 20.06.2025 05:15:29
A vulnerability was found in Bitwarden up to 2.25.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component PDF File Handler. The manipulation leads to cross site scripting. The attack can be ...
CVE-2023-38840
- EPSS 2.48%
- Veröffentlicht 15.08.2023 17:15:10
- Zuletzt bearbeitet 21.11.2024 08:14:15
Bitwarden Desktop 2023.7.0 and below allows an attacker with local access to obtain sensitive information via the Bitwarden.exe process.
CVE-2023-27706
- EPSS 0.02%
- Veröffentlicht 09.06.2023 19:15:09
- Zuletzt bearbeitet 06.01.2025 18:15:11
Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes.
CVE-2018-25081
- EPSS 0.26%
- Veröffentlicht 09.03.2023 00:15:09
- Zuletzt bearbeitet 21.11.2024 04:03:30
Bitwarden through 2023.2.1 offers password auto-fill within a cross-domain IFRAME element. NOTE: the vendor's position is that there have been important legitimate cross-domain configurations (e.g., an apple.com IFRAME element on the icloud.com websi...
CVE-2023-27974
- EPSS 0.17%
- Veröffentlicht 09.03.2023 00:15:09
- Zuletzt bearbeitet 21.11.2024 07:53:50
Bitwarden through 2023.2.1 offers password auto-fill when the second-level domain matches, e.g., a password stored for an example.com hosting provider when customer-website.example.com is visited. NOTE: the vendor's position is that "Auto-fill on pag...