1269 matches found
Zoho ManageEngine - Access Control Bypass
Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize via the ../RestAPI...
Astra Linux – Vulnerability in Chromium
The use of “after free” in the Password Manager in Google Chrome before version 143.0.7499.110 allowed a remote attacker to potentially perform a sandbox escape through a crafted HTML page. Chromium security severity: Medium...
Zoho ManageEngine - Remote Code Execution
Zoho ManageEngine Password Manager Pro, PAM 360, and Access Manager Plus are susceptible to unauthenticated remote code execution via XML-RPC. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary...
CVE-2026-10839
CVE-2026-10839 describes an open redirect in the Password Manager authentication system. The vulnerability arises from manipulation of the X-Forwarded-Host header to alter generated URLs, potentially redirecting authenticated users to malicious sites after login. Impact is limited to confidential...
CVE-2026-10837
CVE-2026-10837 describes an open redirection vulnerability in a Password Manager caused by insufficient validation of the X-Forwarded-Host header. The issue allows an attacker to craft links that, when clicked by a victim, redirect to attacker-controlled domains, enabling phishing or deception wh...
CVE-2026-10836
The CVE-2026-10836 entry concerns a vulnerability in Password Manager where improper neutralization of HTTP headers allows an attacker to manipulate the Host header via crafted requests. This can lead to generation of manipulated links or responses and potentially cause limited information disclo...
CVE-2026-12320
Information disclosure in the Password Manager component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...
UBUNTU-CVE-2026-12320
Information disclosure in the Password Manager component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...
CVE-2026-12320 Information disclosure in the Password Manager component
Information disclosure in the Password Manager component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...
CVE-2026-12320
Information disclosure in the Password Manager component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...
CVE-2026-12320 Information disclosure in the Password Manager component
Information disclosure in the Password Manager component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...
EUVD-2026-37111
Information disclosure in the Password Manager component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...
CVE-2026-12320
CVE-2026-12320 affects the Password Manager component in Firefox and Thunderbird. The vulnerability enables information disclosure and is documented with a CVSS v3.1 base score of 4.3 (Medium) with network attack vector, low attack complexity, no privileges required, but user interaction is requi...
PT-2026-49689
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 152 Thunderbird versions prior to 152 Description Information disclosure occurs within the Password Manager component. Recommendations Update Firefox to version 152. Update Thunderbird to version 152...
EUVD-2026-36632
Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the parent web page via incorrect autofill field selection. This issue affects Avira Password Manager when...
CVE-2026-12068
Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the parent web page via incorrect autofill field selection. This issue affects Avira Password Manager when...
CVE-2026-12068 Avira Password Manager credential disclosure via cross-origin autofill in Firefox
Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the parent web page via incorrect autofill field selection. This issue affects Avira Password Manager when...
CVE-2026-12068
CVE-2026-12068 describes an information disclosure in Avira Password Manager when used with Mozilla Firefox across Windows, macOS, and Linux. A remote attacker in a cross-origin iframe can cause incorrect autofill field selection to reveal credentials autofilled on the parent page. Affected compo...
CVE-2026-12068 Avira Password Manager credential disclosure via cross-origin autofill in Firefox
Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the parent web page via incorrect autofill field selection. This issue affects Avira Password Manager when...
PT-2026-49049
Name of the Vulnerable Software and Affected Versions Avira Password Manager affected versions not specified Description An information disclosure issue exists in Avira Password Manager when used with Mozilla Firefox on Windows, macOS, and Linux. A remote attacker operating a cross-origin iframe...