142 matches found
CVE-2025-59453
CVE-2025-59453 affects Click Studios Passwordstate before 9.9 Build 9972. A crafted URL during the Emergency Access page can bypass authentication and grant access to the Passwordstate Administration section. Root cause: likely an authentication bypass in the Emergency Access workflow. Affected p...
PT-2025-37865
Name of the Vulnerable Software and Affected Versions: Passwordstate versions prior to 9.9 Build 9972 Description: Passwordstate emergency access may be bypassed by using a crafted URL while on the Emergency Access web page, potentially granting unauthorized access to the Administration section...
CVE-2025-59453
Click Studios Passwordstate before 9.9 Build 9972 has a potential authentication bypass for Passwordstate emergency access. By using a crafted URL while on the Emergency Access web page, an unauthorized person can gain access to the Passwordstate Administration section...
Click Studios Patches Passwordstate Authentication Bypass Vulnerability in Emergency Access Page
Click Studios, the developer of enterprise-focused password management solution Passwordstate, said it has released security updates to address an authentication bypass vulnerability in its software. The high-severity issue, which is yet to be assigned a CVE identifier, has been addressed in...
CVE-2024-54124
In Click Studios Passwordstate before build 9920, there is a potential permission escalation on the edit folder screen...
CVE-2023-47801
An issue was discovered in Click Studios Passwordstate before 9811. Existing users Security Administrators could use the System Wide API Key to read or delete private password records when specifically used with the PasswordHistory API endpoint. It is also possible to use the Copy/Move Password...
CVE-2022-25570
In Click Studios SA Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has write permissions to a password list in one folder with the default permission model can extend his...
CVE-2022-4612
A vulnerability has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome and classified as problematic. This vulnerability affects unknown code. The manipulation leads to insufficiently protected credentials. The attack can be initiated remotely. The exploit has be...
CVE-2022-4610
A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Affected by this issue is some unknown functionality. The manipulation leads to risky cryptographic algorithm. Local access is required to approach this...
CVE-2022-4613
A vulnerability was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome and classified as critical. This issue affects some unknown processing of the component Browser Extension Provisioning. The manipulation leads to improper authorization. The attack may be initiated...
CVE-2022-4611
A vulnerability, which was classified as problematic, was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This affects an unknown part. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed...
CVE-2022-3877
A vulnerability, which was classified as problematic, was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Affected is an unknown function of the component URL Field Handler. The manipulation leads to cross site scripting. It is possible to launch the attack...
CVE-2022-3876
A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This issue affects some unknown processing of the file /api/browserextension/UpdatePassword/ of the component API. The manipulation of the argument...
CVE-2020-27747
An issue was discovered in Click Studios Passwordstate 8.9 Build 8973.If the user of the system has assigned himself a PIN code for entering from a mobile device using the built-in generator 4 digits, a remote attacker has the opportunity to conduct a brute force attack on this PIN code. As resul...
CVE-2018-14776
Click Studios Passwordstate before 8.3 Build 8397 allows XSS by authenticated users via an uploaded HTML document...
CVE-2022-3875
A vulnerability classified as critical was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This vulnerability affects unknown code of the component API. The manipulation leads to authentication bypass by assumed-immutable data. The attack can be initiated remotely...
CVE-2024-54124
In Click Studios Passwordstate before build 9920, there is a potential permission escalation on the edit folder screen...
CVE-2024-54124
In Click Studios Passwordstate before build 9920, there is a potential permission escalation on the edit folder screen...
Click Studios Passwordstate 安全漏洞
Click Studios Passwordstate passwordstate is a password management software from the Click Studios team in Australia. The program provides users with the ability to save their passwords, record their accounts and passwords, and keep them safe. This program offers you the possibility to keep a...
CVE-2024-54124
In Click Studios Passwordstate before build 9920, there is a potential permission escalation on the edit folder screen...