1082 matches found
Zoho ManageEngine - Access Control Bypass
Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize via the ../RestAPI...
MAL-2026-5143 Malicious code in @redhat-cloud-services/javascript-clients-shared (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
Zoho ManageEngine - Remote Code Execution
Zoho ManageEngine Password Manager Pro, PAM 360, and Access Manager Plus are susceptible to unauthenticated remote code execution via XML-RPC. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary...
CVE-2026-47782
Android App "RoboForm Password Manager" provided by Siber Systems, Inc. handles Android intents without sufficient URL validation, user confirmation nor notification. If a URL to some malicious web page is given through an intent, RoboForm may silently download files without user confirmation nor...
CVE-2026-47782
Technical details about CVE-2026-47782 are not publicly provided in the supplied documents; monitor for updates.
CVE-2026-47782
Android App "RoboForm Password Manager" provided by Siber Systems, Inc. handles Android intents without sufficient URL validation, user confirmation nor notification. If a URL to some malicious web page is given through an intent, RoboForm may silently download files without user confirmation nor...
CVE-2026-47782
Android App "RoboForm Password Manager" provided by Siber Systems, Inc. handles Android intents without sufficient URL validation, user confirmation nor notification. If a URL to some malicious web page is given through an intent, RoboForm may silently download files without user confirmation nor...
Astra Linux - уязвимость в chromium
The use of “after free” in the Password Manager in Google Chrome before version 143.0.7499.110 allowed a remote attacker to potentially perform a sandbox escape through a crafted HTML page. Chromium security severity: Medium...
PT-2026-42271
Android App "RoboForm Password Manager" provided by Siber Systems, Inc. handles Android intents without sufficient URL validation, user confirmation nor notification. If a URL to some malicious web page is given through an intent, RoboForm may silently download files without user confirmation nor...
Siber Systems RoboForm Password Manager 安全漏洞
Siber Systems RoboForm Password Manager is a password manager offered by Siber Systems. There is a security vulnerability in Siber Systems RoboForm Password Manager. This vulnerability arises from insufficient URL validation, user confirmation, or notification when processing Android intentions. ...
Astra Linux - уязвимость в firefox
The login credentials saved by Firefox should be managed by the Password Manager component, which uses encryption to store files on disk. However, the username not the password was saved by the Form Manager to an unencrypted file on disk. This vulnerability affects Firefox versions earlier than 1...
EUVD-2026-23239
Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module...
CVE-2026-5785
Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module...
CVE-2026-5785
Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module...
CVE-2026-5785
The CVE-2026-5785 issue affects Zohocorp ManageEngine PAM360 (versions before 8531) and ManageEngine Password Manager Pro (versions 8600 to 13230). The vulnerability is an Authenticated SQL injection in the query report module, allowing an attacker with LOW privileges and no user interaction to t...
CVE-2026-5785 SQL Injection
Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module...
CVE-2026-5785 SQL Injection
Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module...
ZOHO ManageEngine Password Manager Pro和ZOHO ManageEngine PAM360 安全漏洞
ZOHO ManageEngine Password Manager Pro and ZOHO ManageEngine PAM360 are both products of ZOHO Corporation in the United States. ZOHO ManageEngine Password Manager Pro is a password manager. ZOHO ManageEngine PAM360 is a complete PAM software solution. It provides full privilege access security fo...
PT-2026-33319
Name of the Vulnerable Software and Affected Versions ManageEngine PAM360 versions prior to 8531 ManageEngine Password Manager Pro versions 8600 through 13230 Description An authenticated SQL injection exists in the query report module. SQL injection is a type of flaw that allows an attacker to...
EUVD-2026-17345
Blind Cross-Site Scripting XSS in Teampass, versions prior to 3.1.5.16, within the password manager login functionality in the 'contraseña' parameter of the login form 'redacted/index.php'. During failed authentication attempts, the application does not properly clean or encode the information...