Vendor
PasswordPusher versions prior to 2.8.1 contain a client-side vulnerability (CVE-2026-59802) due to insufficient validation of URL push payloads, allowing attackers to embed malicious data URI schemes that execute arbitrary JavaScript in victims' browsers when clicked, enabling phishing and credential theft under the trusted PasswordPusher domain.