Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NVD
NVDadded 2026/05/01 5:16 a.m.0 views

CVE-2026-42994

Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident...

9.8CVSS0.00066EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/01 4:6 a.m.0 views

CVE-2026-42994

Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident...

8.8CVSS5.2AI score0.00066EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/05/01 4:6 a.m.30 views

CVE-2026-42994

Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident...

8.8CVSS0.00066EPSS
Exploits0References1
CVE
CVEadded 2026/05/01 4:6 a.m.7 views

CVE-2026-42994

CVE-2026-42994 concerns Bitwarden CLI 2026.4.0 (released around 2026-04-22) when obtained from npm, which reportedly contained embedded malicious code as part of a Checkmarx supply chain incident. Public documents identify the affected software and the malicious supply chain context, but do not p...

9.8CVSS5.2AI score0.00066EPSS
Exploits0References1Affected Software1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/04/23 5:7 p.m.4 views

Malicious code in @bitwarden/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6fb2336936a86f37fc2018f8e68dc9989ffc3e79aa23297bf470de178201f50 The package @bitwarden/cli was found to contain malicious code. Source: ghsa-malware 8a8c7958926d5ec3795102e9114dfaa649ae3160afb9159ec2c46f044018b776...

5.7AI score
Exploits0References1
vulnersOsv
vulnersOsvadded 2026/04/23 5:7 p.m.4 views

@btld/cli (>=0.0.1 <=1.1.0), @icoretech/warden-mcp (>=0.1.0 <=0.2.13) potentially affected by unknown CVE via @bitwarden/cli (>=2026.1.0 <=2026.3.0)

@bitwarden/cli NPM version =2026.1.0, =0.0.1, =0.1.0, =0.2.13 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3020...

5.8AI score
Exploits0
OSV
OSVadded 2026/04/23 5:7 p.m.0 views

MAL-2026-3020 Malicious code in @bitwarden/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6fb2336936a86f37fc2018f8e68dc9989ffc3e79aa23297bf470de178201f50 The package @bitwarden/cli was found to contain malicious code. Source: ghsa-malware 8a8c7958926d5ec3795102e9114dfaa649ae3160afb9159ec2c46f044018b776...

5.7AI score
Exploits0References1
Snyk
Snykadded 2026/04/22 10:0 p.m.3 views

Embedded Malicious Code

Overview @bitwarden/cli is an A secure and free password manager for all of your devices. Affected versions of this package are vulnerable to Embedded Malicious Code included in a compromised release that is suspected to be part of the Checkmarx April compromise. The payload is delivered via...

9.8CVSS5.4AI score
Exploits0References2
Rows per page
Query Builder