CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

RedhatCVE•added 2025/05/23 5:2 a.m.•5 views

CVE-2023-27974

Bitwarden through 2023.2.1 offers password auto-fill when the second-level domain matches, e.g., a password stored for an example.com hosting provider when customer-website.example.com is visited. NOTE: the vendor's position is that "Auto-fill on page load" is not enabled by default...

7.5CVSS6.9AI score0.00359EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 3:34 a.m.•6 views

CVE-2018-25081

Bitwarden through 2023.2.1 offers password auto-fill within a cross-domain IFRAME element. NOTE: the vendor's position is that there have been important legitimate cross-domain configurations e.g., an apple.com IFRAME element on the icloud.com website and that "Auto-fill on page load" is not...

7.5CVSS7.2AI score0.00343EPSS

Exploits1References1

OSV•added 2023/03/09 12:15 a.m.•5 views

CVE-2023-27974

7.5CVSS6.8AI score

Exploits0References3

NVD•added 2023/03/09 12:15 a.m.•27 views

CVE-2018-25081

7.5CVSS7.8AI score0.00343EPSS

Exploits1References4

NVD•added 2023/03/09 12:15 a.m.•8 views

CVE-2023-27974

7.5CVSS7.7AI score0.00359EPSS

Exploits1References3

OSV•added 2023/03/09 12:15 a.m.•3 views

CVE-2018-25081

7.5CVSS7.1AI score

Exploits0References4

Prion•added 2023/03/09 12:15 a.m.•12 views

Design/Logic Flaw

DISPUTED Bitwarden through 2023.2.1 offers password auto-fill within a cross-domain IFRAME element. NOTE: the vendor's position is that there have been important legitimate cross-domain configurations e.g., an apple.com IFRAME element on the icloud.com website and that "Auto-fill on page load" is...

5CVSS7.8AI score0.00343EPSS

Exploits1References4Affected Software1

Vulnrichment•added 2023/03/08 12:0 a.m.•12 views

CVE-2023-27974

6.9AI score0.00359EPSS

Exploits1References3

Cvelist•added 2023/03/08 12:0 a.m.•17 views

CVE-2018-25081

7.8AI score0.00343EPSS

Exploits1References4

Positive Technologies•added 2023/03/08 12:0 a.m.•3 views

PT-2023-21465 · Bitwarden · Bitwarden

Name of the Vulnerable Software and Affected Versions: Bitwarden versions through 2023.2.1 Description: The issue allows password auto-fill when the second-level domain matches. For example, a password stored for an example.com hosting provider will be auto-filled when visiting...

7.5CVSS7.1AI score0.00359EPSS

Exploits1References9

Vulnrichment•added 2023/03/08 12:0 a.m.•12 views

CVE-2018-25081

7.2AI score0.00343EPSS

Exploits1References4

CVE•added 2023/03/08 12:0 a.m.•84 views

CVE-2018-25081

CVE-2018-25081 concerns Bitwarden up to version 2023.2.1, where password auto-fill can occur within a cross-domain IFRAME element. The issue is described across multiple records as a cross-domain auto-fill risk, with the vendor noting legitimate use cases (e.g., apple.com in an icloud.com IFRAME)...

7.5CVSS7.7AI score0.00343EPSS

Exploits1References4Affected Software1

Cvelist•added 2023/03/08 12:0 a.m.•9 views

CVE-2023-27974

7.8AI score0.00359EPSS

Exploits1References3

CVE•added 2023/03/08 12:0 a.m.•48 views

CVE-2023-27974

Bitwarden (versions up to 2023.2.1) is affected by a domain-matching password autofill issue: when visiting a subdomain like customer-website.example.com, a stored password for example.com may be auto-filled due to second-level domain matching. The vendor notes that “Auto-fill on page load” is no...

7.5CVSS7.6AI score0.00359EPSS

Exploits1References3Affected Software1

CNNVD•added 2021/07/14 12:0 a.m.•2 views

Hitachi ABB Power Grids eSOMS 安全漏洞

Hitachi ABB Power Grids eSOMS is an application from Hitachi ABB Power Grids. a shift operations management system for the power generation industry. A security vulnerability exists in Hitachi ABB Power Grids eSOMS that stems from a password auto-fill vulnerability in the password field of the...

7.5CVSS7.3AI score0.00276EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by