Cross-site scripting (XSS) vulnerability in Cyber-Ark Password Vault Web Access (PVWA) 5.0 and earlier, 5.5 through 5.5 patch 4, and 6.0 through 6.0 patch 2 allows remote attackers to inject arbitrary web script or HTML via unspecified...
5.8AI Score
0.002EPSS
The ThreatTrack VIPRE Password Vault app through 1.100.1090 for iOS has Missing SSL Certificate...
5.9CVSS
5.5AI Score
0.001EPSS
KEYNTO Team Password Manager 1.5.0 allows XSS because data saved from websites is mishandled in the online...
6.1CVSS
5.9AI Score
0.001EPSS
An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication...
9.8CVSS
9.3AI Score
0.068EPSS
The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute arbitrary code via a serialized .NET object in an Authorization HTTP...
9.8CVSS
9.6AI Score
0.715EPSS
CyberArk Password Vault before 9.7 allows remote attackers to obtain sensitive information from process memory by replaying a logon...
5.3CVSS
4.9AI Score
0.155EPSS