CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

151 matches found

EUVD•added 2026/05/01 4:6 a.m.•3 views

EUVD-2026-26474

Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident...

8.8CVSS5.2AI score0.00306EPSS

Exploits0References1

Cvelist•added 2026/05/01 4:6 a.m.•35 views

CVE-2026-42994

Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident...

8.8CVSS0.00306EPSS

Exploits0References1

ATTACKERKB•added 2026/05/01 4:6 a.m.•1 views

CVE-2026-42994

Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident...

8.8CVSS5.2AI score0.00306EPSS

Exploits0References2Affected Software1

CNNVD•added 2026/05/01 12:0 a.m.•7 views

Bitwarden CLI 操作系统命令注入漏洞

Bitwarden CLI is a command-line password management tool provided by Bitwarden Corporation. Version 2026.4.0 of Bitwarden CLI contains a vulnerability related to operating system command injection, which stems from the embedding of malicious code when retrieving it via npm...

9.8CVSS5.9AI score0.00306EPSS

Exploits0References1

Positive Technologies•added 2026/05/01 12:0 a.m.•4 views

PT-2026-36295

Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident...

8.8CVSS5.8AI score0.00306EPSS

Exploits0References2

HackRead•added 2026/04/24 1:58 p.m.•2 views

TeamPCP Hijacks Bitwarden CLI, Uses Dependabot to Deploy Shai-Hulud Malware

GitGuardian uncovers TeamPCP attack on Bitwarden CLI, abusing GitHub Dependabot to spread Shai-Hulud and poison AI coding tools...

5.3AI score

Exploits0

OSSF Malicious Packages•added 2026/04/23 5:7 p.m.•11 views

Malicious code in @bitwarden/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6fb2336936a86f37fc2018f8e68dc9989ffc3e79aa23297bf470de178201f50 The package @bitwarden/cli was found to contain malicious code. Source: ghsa-malware 8a8c7958926d5ec3795102e9114dfaa649ae3160afb9159ec2c46f044018b776...

5.7AI score

Exploits0References1

OSV•added 2026/04/23 5:7 p.m.•3 views

MAL-2026-3020 Malicious code in @bitwarden/cli (npm)

5.7AI score

Exploits0References1

The Hacker News•added 2026/04/23 1:42 p.m.•8 views

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden CLI, the command-line interface for the password manager Bitwarden, has reportedly been compromised as part of a newly discovered and ongoing Checkmarx supply chain campaign, according to findings from JFrog and Socket. "The affected package version appears to be @bitwarden/[email protected]...

6.2AI score

Exploits0

Snyk•added 2026/04/22 10:0 p.m.•4 views

Embedded Malicious Code

Overview @bitwarden/cli is an A secure and free password manager for all of your devices. Affected versions of this package are vulnerable to Embedded Malicious Code included in a compromised release that is suspected to be part of the Checkmarx April compromise. The payload is delivered via...

9.8CVSS5.4AI score

Exploits0References2

Positive Technologies•added 2026/03/04 12:0 a.m.•3 views

PT-2026-23072

Name of the Vulnerable Software and Affected Versions Vaultwarden versions prior to 1.35.4 Description Vaultwarden, a Bitwarden compatible server, had a flaw where a Manager with limited permissions manage=false for a specific collection could still perform management operations like updating...

8.3CVSS5.9AI score0.00287EPSS

Exploits0References11

Positive Technologies•added 2026/03/04 12:0 a.m.•5 views

PT-2026-23071

Name of the Vulnerable Software and Affected Versions Vaultwarden versions prior to 1.35.4 Description A Manager account with limited permissions was able to gain elevated privileges by using the bulk-access API to modify permissions on collections they were not originally authorized to access. T...

8.3CVSS6AI score0.00293EPSS

Exploits0References7

CNNVD•added 2026/03/04 12:0 a.m.•3 views

Vaultwarden 安全漏洞

Vaultwarden is an alternative implementation of the Bitwarden server API, developed by Daniel García. Versions of Vaultwarden prior to 1.35.4 contained security vulnerabilities. These vulnerabilities stemmed from the Manager’s ability to execute multiple management operations even when the...

8.3CVSS5.9AI score0.00287EPSS

Exploits0References2

Packet Storm News•added 2026/02/17 12:0 a.m.•22 views

Zero Knowledge (About) Encryption: A Comparative Security Analysis of Three Cloud-based Password Managers

Zero Knowledge Encryption is a term widely used by vendors of cloud-based password managers. Although it has no strict technical meaning, the term conveys the idea that the server, who stores encrypted password vaults on behalf of users, is unable to learn anything about the contents of those...

5.5AI score

Exploits0

The Hacker News•added 2026/02/16 6:6 p.m.•10 views

Study Uncovers 25 Password Recovery Attacks in Major Cloud Password Managers

A new study has found that multiple cloud-based password managers, including Bitwarden, Dashlane, and LastPass, are susceptible to password recovery attacks under certain conditions. "The attacks range in severity from integrity violations to the complete compromise of all vaults in an...

6.2AI score

Exploits0