threat
engine
.sh
Back
·
··:··
Home
/
Product
/
1password
Product
1password
13 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2024-42219
>= 8.0 and < 8.10.36
1Password 8 before 8.10.36 for macOS allows local attackers to exfiltrate vault items because XPC inter-process communication vali
7.8
HIGH
CVE-2024-42218
>= 8.0 and < 8.10.38
1Password 8 before 8.10.38 for macOS allows local attackers to exfiltrate vault items by bypassing macOS-specific security mechani
4.7
MEDIUM
CVE-2022-32550
>= 7.0 and < 7.9.3
An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connec
4.8
MEDIUM
CVE-2022-29868
>= 7.2.4 and < 7.9.3
1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass. Malicious software running on the
5.5
MEDIUM
CVE-2021-41795
>= 7.7.0 and < 7.8.7
The Safari app extension bundled with 1Password for Mac 7.7.0 through 7.8.x before 7.8.7 is vulnerable to authorization bypass. By
6.5
MEDIUM
CVE-2020-18173
all versions
A DLL injection vulnerability in 1password.dll of 1Password 7.3.712 allows attackers to execute arbitrary code.
7.8
HIGH
CVE-2021-36758
< 1.2
1Password Connect server before 1.2 is missing validation checks, permitting users to create Secrets Automation access tokens that
5.4
MEDIUM
CVE-2021-26905
>= 1.0.0 and < 1.6.2
1Password SCIM Bridge before 1.6.2 mishandles validation of authenticated requests for log files, leading to disclosure of a TLS p
6.5
MEDIUM
CVE-2020-10256
< 0.5.5
An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password S
9.8
CRITICAL
CVE-2014-3753
<= 1.0.9.340
AgileBits 1Password through 1.0.9.340 allows security feature bypass
5.5
MEDIUM
CVE-2018-19863
all versions
An issue was discovered in 1Password 7.2.3.BETA before 7.2.3.BETA-3 on macOS. A mistake in error logging resulted in instances whe
5.5
MEDIUM
CVE-2018-13042
all versions
The 1Password application 6.8 for Android is affected by a Denial Of Service vulnerability. By starting the activity com.agilebits
5.9
MEDIUM
CVE-2012-6369
all versions
Cross-site scripting (XSS) vulnerability in the Troubleshooting Reporting System feature in AgileBits 1Password 3.9.9 might allow
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin