Find a vulnerability
Search criteria
7 vulnerabilities by Password Manager
CVE-2026-10839 (GCVE-0-2026-10839)
Vulnerability from nvd – Published: 2026-06-17 11:11 – Updated: 2026-06-17 14:57- CWE-601 - URL redirection to untrusted site ('open redirect')
| URL | Tags |
|---|---|
| https://www.incibe.es/en/incibe-cert/notices/avis… | patch |
| Vendor | Product | Version | |
|---|---|---|---|
| Password Manager | Password Manager |
Affected:
0 , < 08/07/2025
(date)
Unaffected: 08/07/2025 (date) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10839",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-17T14:57:30.908194Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T14:57:50.529Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Password Manager",
"vendor": "Password Manager",
"versions": [
{
"lessThan": "08/07/2025",
"status": "affected",
"version": "0",
"versionType": "date"
},
{
"status": "unaffected",
"version": "08/07/2025",
"versionType": "date"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:password_manager:password_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "08_07_2025",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:password_manager:password_manager:08_07_2025:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"datePublic": "2026-06-17T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Open redirection vulnerability in the authentication system allows an attacker to use manipulated values in the X-Forwarded-Host header to alter the URLs generated by the application. A successful exploit could redirect authenticated users to malicious sites following login procedures or interaction with the interface, resulting in limited impact on confidentiality and integrity."
}
],
"value": "Open redirection vulnerability in the authentication system allows an attacker to use manipulated values in the X-Forwarded-Host header to alter the URLs generated by the application. A successful exploit could redirect authenticated users to malicious sites following login procedures or interaction with the interface, resulting in limited impact on confidentiality and integrity."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL redirection to untrusted site (\u0027open redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T11:11:56.686Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-password-manager"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnearbility has been fixed by the Password Manager team on 08/07/2025. It is recommend to update to the latest available version."
}
],
"value": "The vulnearbility has been fixed by the Password Manager team on 08/07/2025. It is recommend to update to the latest available version."
}
],
"source": {
"defect": [
"Julen Garrido Est\u00e9vez"
],
"discovery": "EXTERNAL"
},
"title": "Open redirection vulnerability in Password Manager",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2026-10839",
"datePublished": "2026-06-17T11:11:56.686Z",
"dateReserved": "2026-06-04T11:17:20.822Z",
"dateUpdated": "2026-06-17T14:57:50.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10837 (GCVE-0-2026-10837)
Vulnerability from nvd – Published: 2026-06-17 11:11 – Updated: 2026-06-17 14:58- CWE-601 - URL redirection to untrusted site ('open redirect')
| URL | Tags |
|---|---|
| https://www.incibe.es/en/incibe-cert/notices/avis… | patch |
| Vendor | Product | Version | |
|---|---|---|---|
| Password Manager | Password Manager |
Affected:
0 , < 08/07/2025
(date)
Unaffected: 08/07/2025 (date) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10837",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-17T14:58:11.611214Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T14:58:21.458Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Password Manager",
"vendor": "Password Manager",
"versions": [
{
"lessThan": "08/07/2025",
"status": "affected",
"version": "0",
"versionType": "date"
},
{
"status": "unaffected",
"version": "08/07/2025",
"versionType": "date"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:password_manager:password_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "08_07_2025",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:password_manager:password_manager:08_07_2025:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"datePublic": "2026-06-17T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Open redirection vulnerability due to insufficient validation of the X-Forwarded-Host HTTP header. An attacker could create manipulated links that, when opened by a victim, cause the victim to be redirected to domains controlled by the attacker, enabling phishing or deception attacks with limited impact on confidentiality and integrity."
}
],
"value": "Open redirection vulnerability due to insufficient validation of the X-Forwarded-Host HTTP header. An attacker could create manipulated links that, when opened by a victim, cause the victim to be redirected to domains controlled by the attacker, enabling phishing or deception attacks with limited impact on confidentiality and integrity."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL redirection to untrusted site (\u0027open redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T11:11:32.917Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-password-manager"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnearbility has been fixed by the Password Manager team on 08/07/2025. It is recommend to update to the latest available version."
}
],
"value": "The vulnearbility has been fixed by the Password Manager team on 08/07/2025. It is recommend to update to the latest available version."
}
],
"source": {
"defect": [
"Julen Garrido Est\u00e9vez"
],
"discovery": "EXTERNAL"
},
"title": "Open redirection vulnerability in Password Manager",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2026-10837",
"datePublished": "2026-06-17T11:11:32.917Z",
"dateReserved": "2026-06-04T11:16:43.717Z",
"dateUpdated": "2026-06-17T14:58:21.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10836 (GCVE-0-2026-10836)
Vulnerability from nvd – Published: 2026-06-17 11:10 – Updated: 2026-06-17 14:58- CWE-644 - Improper neutralization of HTTP headers for scripting syntax
| URL | Tags |
|---|---|
| https://www.incibe.es/en/incibe-cert/notices/avis… | patch |
| Vendor | Product | Version | |
|---|---|---|---|
| Password Manager | Password Manager |
Affected:
0 , < 08/07/2025
(date)
Unaffected: 08/07/2025 (date) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10836",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-17T14:58:47.703092Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T14:58:57.262Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Password Manager",
"vendor": "Password Manager",
"versions": [
{
"lessThan": "08/07/2025",
"status": "affected",
"version": "0",
"versionType": "date"
},
{
"status": "unaffected",
"version": "08/07/2025",
"versionType": "date"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:password_manager:password_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "08_07_2025",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:password_manager:password_manager:08_07_2025:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"datePublic": "2026-06-17T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper handling of HTTP headers that allows a remote attacker to manipulate the value of the Host header using specially crafted requests. A successful exploit could result in the generation of manipulated links or responses, potentially leading to limited information disclosure or compromising the integrity of dependent services."
}
],
"value": "Improper handling of HTTP headers that allows a remote attacker to manipulate the value of the Host header using specially crafted requests. A successful exploit could result in the generation of manipulated links or responses, potentially leading to limited information disclosure or compromising the integrity of dependent services."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-644",
"description": "CWE-644 Improper neutralization of HTTP headers for scripting syntax",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T11:10:49.015Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-password-manager"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnearbility has been fixed by the Password Manager team on 08/07/2025. It is recommend to update to the latest available version."
}
],
"value": "The vulnearbility has been fixed by the Password Manager team on 08/07/2025. It is recommend to update to the latest available version."
}
],
"source": {
"defect": [
"Julen Garrido Est\u00e9vez"
],
"discovery": "EXTERNAL"
},
"title": "Improper neutralization of HTTP headers in Password Manager",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2026-10836",
"datePublished": "2026-06-17T11:10:49.015Z",
"dateReserved": "2026-06-04T11:16:42.790Z",
"dateUpdated": "2026-06-17T14:58:57.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10839 (GCVE-0-2026-10839)
Vulnerability from cvelistv5 – Published: 2026-06-17 11:11 – Updated: 2026-06-17 14:57- CWE-601 - URL redirection to untrusted site ('open redirect')
| URL | Tags |
|---|---|
| https://www.incibe.es/en/incibe-cert/notices/avis… | patch |
| Vendor | Product | Version | |
|---|---|---|---|
| Password Manager | Password Manager |
Affected:
0 , < 08/07/2025
(date)
Unaffected: 08/07/2025 (date) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10839",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-17T14:57:30.908194Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T14:57:50.529Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Password Manager",
"vendor": "Password Manager",
"versions": [
{
"lessThan": "08/07/2025",
"status": "affected",
"version": "0",
"versionType": "date"
},
{
"status": "unaffected",
"version": "08/07/2025",
"versionType": "date"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:password_manager:password_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "08_07_2025",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:password_manager:password_manager:08_07_2025:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"datePublic": "2026-06-17T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Open redirection vulnerability in the authentication system allows an attacker to use manipulated values in the X-Forwarded-Host header to alter the URLs generated by the application. A successful exploit could redirect authenticated users to malicious sites following login procedures or interaction with the interface, resulting in limited impact on confidentiality and integrity."
}
],
"value": "Open redirection vulnerability in the authentication system allows an attacker to use manipulated values in the X-Forwarded-Host header to alter the URLs generated by the application. A successful exploit could redirect authenticated users to malicious sites following login procedures or interaction with the interface, resulting in limited impact on confidentiality and integrity."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL redirection to untrusted site (\u0027open redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T11:11:56.686Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-password-manager"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnearbility has been fixed by the Password Manager team on 08/07/2025. It is recommend to update to the latest available version."
}
],
"value": "The vulnearbility has been fixed by the Password Manager team on 08/07/2025. It is recommend to update to the latest available version."
}
],
"source": {
"defect": [
"Julen Garrido Est\u00e9vez"
],
"discovery": "EXTERNAL"
},
"title": "Open redirection vulnerability in Password Manager",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2026-10839",
"datePublished": "2026-06-17T11:11:56.686Z",
"dateReserved": "2026-06-04T11:17:20.822Z",
"dateUpdated": "2026-06-17T14:57:50.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10837 (GCVE-0-2026-10837)
Vulnerability from cvelistv5 – Published: 2026-06-17 11:11 – Updated: 2026-06-17 14:58- CWE-601 - URL redirection to untrusted site ('open redirect')
| URL | Tags |
|---|---|
| https://www.incibe.es/en/incibe-cert/notices/avis… | patch |
| Vendor | Product | Version | |
|---|---|---|---|
| Password Manager | Password Manager |
Affected:
0 , < 08/07/2025
(date)
Unaffected: 08/07/2025 (date) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10837",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-17T14:58:11.611214Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T14:58:21.458Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Password Manager",
"vendor": "Password Manager",
"versions": [
{
"lessThan": "08/07/2025",
"status": "affected",
"version": "0",
"versionType": "date"
},
{
"status": "unaffected",
"version": "08/07/2025",
"versionType": "date"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:password_manager:password_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "08_07_2025",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:password_manager:password_manager:08_07_2025:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"datePublic": "2026-06-17T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Open redirection vulnerability due to insufficient validation of the X-Forwarded-Host HTTP header. An attacker could create manipulated links that, when opened by a victim, cause the victim to be redirected to domains controlled by the attacker, enabling phishing or deception attacks with limited impact on confidentiality and integrity."
}
],
"value": "Open redirection vulnerability due to insufficient validation of the X-Forwarded-Host HTTP header. An attacker could create manipulated links that, when opened by a victim, cause the victim to be redirected to domains controlled by the attacker, enabling phishing or deception attacks with limited impact on confidentiality and integrity."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL redirection to untrusted site (\u0027open redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T11:11:32.917Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-password-manager"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnearbility has been fixed by the Password Manager team on 08/07/2025. It is recommend to update to the latest available version."
}
],
"value": "The vulnearbility has been fixed by the Password Manager team on 08/07/2025. It is recommend to update to the latest available version."
}
],
"source": {
"defect": [
"Julen Garrido Est\u00e9vez"
],
"discovery": "EXTERNAL"
},
"title": "Open redirection vulnerability in Password Manager",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2026-10837",
"datePublished": "2026-06-17T11:11:32.917Z",
"dateReserved": "2026-06-04T11:16:43.717Z",
"dateUpdated": "2026-06-17T14:58:21.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10836 (GCVE-0-2026-10836)
Vulnerability from cvelistv5 – Published: 2026-06-17 11:10 – Updated: 2026-06-17 14:58- CWE-644 - Improper neutralization of HTTP headers for scripting syntax
| URL | Tags |
|---|---|
| https://www.incibe.es/en/incibe-cert/notices/avis… | patch |
| Vendor | Product | Version | |
|---|---|---|---|
| Password Manager | Password Manager |
Affected:
0 , < 08/07/2025
(date)
Unaffected: 08/07/2025 (date) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10836",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-17T14:58:47.703092Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T14:58:57.262Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Password Manager",
"vendor": "Password Manager",
"versions": [
{
"lessThan": "08/07/2025",
"status": "affected",
"version": "0",
"versionType": "date"
},
{
"status": "unaffected",
"version": "08/07/2025",
"versionType": "date"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:password_manager:password_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "08_07_2025",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:password_manager:password_manager:08_07_2025:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"datePublic": "2026-06-17T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper handling of HTTP headers that allows a remote attacker to manipulate the value of the Host header using specially crafted requests. A successful exploit could result in the generation of manipulated links or responses, potentially leading to limited information disclosure or compromising the integrity of dependent services."
}
],
"value": "Improper handling of HTTP headers that allows a remote attacker to manipulate the value of the Host header using specially crafted requests. A successful exploit could result in the generation of manipulated links or responses, potentially leading to limited information disclosure or compromising the integrity of dependent services."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-644",
"description": "CWE-644 Improper neutralization of HTTP headers for scripting syntax",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T11:10:49.015Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-password-manager"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnearbility has been fixed by the Password Manager team on 08/07/2025. It is recommend to update to the latest available version."
}
],
"value": "The vulnearbility has been fixed by the Password Manager team on 08/07/2025. It is recommend to update to the latest available version."
}
],
"source": {
"defect": [
"Julen Garrido Est\u00e9vez"
],
"discovery": "EXTERNAL"
},
"title": "Improper neutralization of HTTP headers in Password Manager",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2026-10836",
"datePublished": "2026-06-17T11:10:49.015Z",
"dateReserved": "2026-06-04T11:16:42.790Z",
"dateUpdated": "2026-06-17T14:58:57.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
VAR-201604-0114
Vulnerability from variot - Updated: 2025-04-13 23:39The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. Trend Micro is a global leader in network security software and services, leading the trend from desktop anti-virus to web server and gateway anti-virus with superior forward-looking and technological innovation. It demonstrates the forward-looking trend of Trend Micro with the unique service concept. And leadership. There is a default password management software installed when the user installs Trend Micro anti-virus software on the Windows version, and it is self-starting. There is a loophole in the execution code when multiple http rpc ports of node.js process API requests in the java environment. Allows an attacker to exploit this vulnerability to execute arbitrary code. The program helps users easily access all of their online accounts, and supports the simultaneous management of online credentials across multiple devices in the cloud and more. Attackers can use these vulnerabilities to execute arbitrary commands in the context of an affected application or to leak sensitive information. It has proved the industry's foresight with unique service concepts And leadership
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0114",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "password manager",
"scope": null,
"trust": 2.0,
"vendor": "trend micro",
"version": null
},
{
"model": "password manager",
"scope": "eq",
"trust": 1.0,
"vendor": "trendmicro",
"version": null
},
{
"model": "trend micro",
"scope": null,
"trust": 0.6,
"vendor": "trend micro",
"version": null
},
{
"model": "password manager",
"scope": "eq",
"trust": 0.6,
"vendor": "trend micro",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "password manager",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "trend micro",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e06590a6-1e3b-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "215a3f74-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "bc0981ba-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02208"
},
{
"db": "CNVD",
"id": "CNVD-2016-00272"
},
{
"db": "CNVD",
"id": "CNVD-2016-00228"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002096"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-205"
},
{
"db": "NVD",
"id": "CVE-2016-3987"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:trendmicro:password_manager",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002096"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tavis Ormandy of Google.",
"sources": [
{
"db": "BID",
"id": "80260"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-276"
}
],
"trust": 0.9
},
"cve": "CVE-2016-3987",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-3987",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-02208",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-00272",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2016-00228",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e06590a6-1e3b-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "215a3f74-1e4d-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "bc0981ba-1e4d-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-3987",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-3987",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-3987",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-3987",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2016-02208",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-00272",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-00228",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-205",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e06590a6-1e3b-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "215a3f74-1e4d-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "bc0981ba-1e4d-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-3987",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e06590a6-1e3b-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "215a3f74-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "bc0981ba-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02208"
},
{
"db": "CNVD",
"id": "CNVD-2016-00272"
},
{
"db": "CNVD",
"id": "CNVD-2016-00228"
},
{
"db": "VULMON",
"id": "CVE-2016-3987"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002096"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-205"
},
{
"db": "NVD",
"id": "CVE-2016-3987"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. Trend Micro is a global leader in network security software and services, leading the trend from desktop anti-virus to web server and gateway anti-virus with superior forward-looking and technological innovation. It demonstrates the forward-looking trend of Trend Micro with the unique service concept. And leadership. There is a default password management software installed when the user installs Trend Micro anti-virus software on the Windows version, and it is self-starting. There is a loophole in the execution code when multiple http rpc ports of node.js process API requests in the java environment. Allows an attacker to exploit this vulnerability to execute arbitrary code. The program helps users easily access all of their online accounts, and supports the simultaneous management of online credentials across multiple devices in the cloud and more. Attackers can use these vulnerabilities to execute arbitrary commands in the context of an affected application or to leak sensitive information. It has proved the industry\u0027s foresight with unique service concepts And leadership",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-3987"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002096"
},
{
"db": "CNVD",
"id": "CNVD-2016-02208"
},
{
"db": "CNVD",
"id": "CNVD-2016-00272"
},
{
"db": "CNVD",
"id": "CNVD-2016-00228"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-276"
},
{
"db": "BID",
"id": "80260"
},
{
"db": "IVD",
"id": "e06590a6-1e3b-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "215a3f74-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "bc0981ba-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "VULMON",
"id": "CVE-2016-3987"
}
],
"trust": 4.68
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=39218",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-3987"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-3987",
"trust": 3.8
},
{
"db": "EXPLOIT-DB",
"id": "39218",
"trust": 2.9
},
{
"db": "PACKETSTORM",
"id": "135222",
"trust": 2.3
},
{
"db": "SECTRACK",
"id": "1034662",
"trust": 1.7
},
{
"db": "BID",
"id": "80260",
"trust": 1.6
},
{
"db": "EXPLOITDB",
"id": "39218",
"trust": 1.2
},
{
"db": "CNNVD",
"id": "CNNVD-201604-205",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2016-02208",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2016-00272",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2016-00228",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002096",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201601-276",
"trust": 0.6
},
{
"db": "IVD",
"id": "E06590A6-1E3B-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "215A3F74-1E4D-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "BC0981BA-1E4D-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2016-3987",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e06590a6-1e3b-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "215a3f74-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "bc0981ba-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02208"
},
{
"db": "CNVD",
"id": "CNVD-2016-00272"
},
{
"db": "CNVD",
"id": "CNVD-2016-00228"
},
{
"db": "VULMON",
"id": "CVE-2016-3987"
},
{
"db": "BID",
"id": "80260"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002096"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-276"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-205"
},
{
"db": "NVD",
"id": "CVE-2016-3987"
}
]
},
"id": "VAR-201604-0114",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e06590a6-1e3b-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "215a3f74-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "bc0981ba-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02208"
},
{
"db": "CNVD",
"id": "CNVD-2016-00272"
},
{
"db": "CNVD",
"id": "CNVD-2016-00228"
}
],
"trust": 0.24
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 2.4
}
],
"sources": [
{
"db": "IVD",
"id": "e06590a6-1e3b-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "215a3f74-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "bc0981ba-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02208"
},
{
"db": "CNVD",
"id": "CNVD-2016-00272"
},
{
"db": "CNVD",
"id": "CNVD-2016-00228"
}
]
},
"last_update_date": "2025-04-13T23:39:32.282000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Issue 693",
"trust": 0.8,
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=693\u0026redir=1"
},
{
"title": "Information on Reported Vulnerabilities in Trend Micro Password Manager",
"trust": 0.8,
"url": "http://blog.trendmicro.com/information-on-reported-vulnerabilities-in-trend-micro-password-manager/"
},
{
"title": "Trend Micro Password Manager HTTP server arbitrary command execution vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/74080"
},
{
"title": "Trend Micro Password Manager has multiple vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/70202"
},
{
"title": "TrendMicro node.js http server arbitrary command execution vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/70044"
},
{
"title": "Trend Micro Password Manager HTTP Repair measures for server arbitrary command execution vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60893"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02208"
},
{
"db": "CNVD",
"id": "CNVD-2016-00272"
},
{
"db": "CNVD",
"id": "CNVD-2016-00228"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002096"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-205"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002096"
},
{
"db": "NVD",
"id": "CVE-2016-3987"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://www.exploit-db.com/exploits/39218/"
},
{
"trust": 2.3,
"url": "http://blog.trendmicro.com/information-on-reported-vulnerabilities-in-trend-micro-password-manager/"
},
{
"trust": 2.3,
"url": "https://code.google.com/p/google-security-research/issues/detail?id=693"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/135222/trendmicro-node.js-http-server-command-execution.html"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1034662"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/80260"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3987"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3987"
},
{
"trust": 0.3,
"url": "http://www.trend.com"
},
{
"trust": 0.3,
"url": "http://www.trendmicro.com/us/home/products/software/password-manager/index.html"
},
{
"trust": 0.3,
"url": "https://code.google.com/p/google-security-research/issues/detail?id=693\u0026can=1\u0026sort=-id"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/284.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02208"
},
{
"db": "CNVD",
"id": "CNVD-2016-00272"
},
{
"db": "CNVD",
"id": "CNVD-2016-00228"
},
{
"db": "VULMON",
"id": "CVE-2016-3987"
},
{
"db": "BID",
"id": "80260"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002096"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-276"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-205"
},
{
"db": "NVD",
"id": "CVE-2016-3987"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e06590a6-1e3b-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "215a3f74-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "bc0981ba-1e4d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02208"
},
{
"db": "CNVD",
"id": "CNVD-2016-00272"
},
{
"db": "CNVD",
"id": "CNVD-2016-00228"
},
{
"db": "VULMON",
"id": "CVE-2016-3987"
},
{
"db": "BID",
"id": "80260"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002096"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-276"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-205"
},
{
"db": "NVD",
"id": "CVE-2016-3987"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-15T00:00:00",
"db": "IVD",
"id": "e06590a6-1e3b-11e6-abef-000c29c66e3d"
},
{
"date": "2016-01-19T00:00:00",
"db": "IVD",
"id": "215a3f74-1e4d-11e6-abef-000c29c66e3d"
},
{
"date": "2016-01-15T00:00:00",
"db": "IVD",
"id": "bc0981ba-1e4d-11e6-abef-000c29c66e3d"
},
{
"date": "2016-04-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02208"
},
{
"date": "2016-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00272"
},
{
"date": "2016-01-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00228"
},
{
"date": "2016-04-12T00:00:00",
"db": "VULMON",
"id": "CVE-2016-3987"
},
{
"date": "2016-01-11T00:00:00",
"db": "BID",
"id": "80260"
},
{
"date": "2016-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002096"
},
{
"date": "2016-01-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-276"
},
{
"date": "2016-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-205"
},
{
"date": "2016-04-12T02:00:10.430000",
"db": "NVD",
"id": "CVE-2016-3987"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02208"
},
{
"date": "2016-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00272"
},
{
"date": "2016-01-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00228"
},
{
"date": "2016-04-18T00:00:00",
"db": "VULMON",
"id": "CVE-2016-3987"
},
{
"date": "2016-07-06T14:23:00",
"db": "BID",
"id": "80260"
},
{
"date": "2016-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002096"
},
{
"date": "2016-01-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-276"
},
{
"date": "2021-09-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-205"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-3987"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-276"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-205"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trend Micro Password Manager HTTP Server arbitrary command execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "e06590a6-1e3b-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-02208"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-205"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-276"
}
],
"trust": 0.6
}
}