1password-secrets (>=0.0.1.dev107 <=0.4.0), 42towels (>=0.1.1001 <=0.1.1011) +2464 more potentially affected by CVE-2026-28684 via python-dotenv (>=1.0.0 <=1.2.1)

python-dotenv PYPI version =1.0.0, =0.0.1.dev107, =0.1.1001, =0.0.1, =2.3.0, =0.15.1, =0.1.0, =0.1.0, =1.0.0, =2.3.9, =1.18.8, =0.1.0b0, =0.0.1, =0.4.0, =0.0.0, =0.0.9 and more Source cves: CVE-2026-28684 Source advisory: SNYK:PYTHON-PYTHONDOTENV-16115271...

PleaseFix Flaw Lets Hackers Access 1Password Vault via Comet AI Browser

Researchers at Zenity Labs uncover PleaseFix flaws in Perplexity’s Comet browser. See how zero-click calendar invites allow AI agents to steal 1Password credentials and personal files...

Malicious code in 1password-sdk-examples (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain...

Malicious code in 1password-sdk-exapmles (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 98366c77213b87d7622472828c95aa7590386458d140ad0a0b31a86afde5b6ee Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-42219

1Password 8 before 8.10.36 for macOS allows local attackers to exfiltrate vault items because XPC inter-process communication validation is insufficient...

CVE-2022-32550

An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connections to the 1Password service. In specific circumstances, this issue allowed a malicious server to convince a 1Password app or integration it is communicating with th...

CVE-2022-29868

1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass. Malicious software running on the same computer can exfiltrate secrets from 1Password provided that 1Password is running and is unlocked. Affected secrets include vault items and derived values used f...

Apple Safari 安全漏洞

Apple Safari is a web browser from Apple Inc. and is the default browser that comes with the Mac OS X and iOS operating systems. A security vulnerability exists in the Apple Safari extension 1Password, which stems from the ease with which authorizations in the software can be bypassed.By targetin...

CVE-2020-18173

A DLL injection vulnerability in 1password.dll of 1Password 7.3.712 allows attackers to execute arbitrary code...

AgileBits 1Password 代码问题漏洞

Agilebits AgileBits 1Password is a cross-platform account and password management tool from AgileBits Canada. A security vulnerability exists in 1Password version 7.3.712, which can be exploited by an attacker to execute arbitrary code via a DLL injection vulnerability in 1password.dll...

CVE-2021-36758

1Password Connect server before 1.2 is missing validation checks, permitting users to create Secrets Automation access tokens that can be used to perform privilege escalation. Malicious users authorized to create Secrets Automation access tokens can create tokens that have access beyond what the...

AgileBits 1Password 访问控制错误漏洞

Agilebits AgileBits 1Password is a cross-platform account and password management tool from AgileBits Canada. An access control error vulnerability exists in the 1Password Connect server, which stems from a failure to add validation to the Secrets Automation token creation feature, allowing an...

PT-2020-12009 · 1Password · 1Password Scim Bridge +1

Name of the Vulnerable Software and Affected Versions: 1Password command-line tool versions prior to 0.5.5 1Password SCIM bridge versions prior to 0.7.3 Description: An issue was discovered where an insecure random number generator was used to generate various keys. This could allow an attacker...

CVE-2018-13042

The 1Password application 6.8 for Android is affected by a Denial Of Service vulnerability. By starting the activity com.agilebits.onepassword.filling.openyolo.OpenYoloDeleteActivity or com.agilebits.onepassword.filling.openyolo.OpenYoloRetrieveActivity from an external application since they are...