Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bitwarden bitwarden vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-27974
Bitwarden up to and including 2023.2.1 offers password auto-fill when the second-level domain matches, e.g., a password stored for an example.com hosting provider when customer-website.example.com is visited. NOTE: the vendor's position is that "Auto-fill on page load&q...
Bitwarden Bitwarden
7.1
CVSSv3
CVE-2023-27706
Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes.
Bitwarden Bitwarden
1 Github repository
7.5
CVSSv3
CVE-2018-25081
Bitwarden up to and including 2023.2.1 offers password auto-fill within a cross-domain IFRAME element. NOTE: the vendor's position is that there have been important legitimate cross-domain configurations (e.g., an apple.com IFRAME element on the icloud.com website) and that ...
Bitwarden Bitwarden
5.5
CVSSv3
CVE-2023-38840
Bitwarden Desktop 2023.7.0 and below allows an attacker with local access to obtain sensitive information via the Bitwarden.exe process.
Bitwarden Bitwarden
1 Github repository
7.5
CVSSv3
CVE-2019-19766
The Bitwarden server up to and including 1.32.0 has a potentially unwanted KDF.
Bitwarden Server
7.5
CVSSv3
CVE-2020-15879
Bitwarden Server 1.35.1 allows SSRF because it does not consider certain IPv6 addresses (ones beginning with fc, fd, fe, or ff, and the :: address) and certain IPv4 addresses (0.0.0.0/8, 127.0.0.0/8, and 169.254.0.0/16).
Bitwarden Server 1.35.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started