A new Bitdefender vulnerability has been discovered in its Safepay browser component. The vulnerability is called CVE-2020-8102 and affects versions prior to 24.0.20.116. A security blogger demonstrated the vulnerability via a PoC in which he had a locally running web server presenting a valid SSL certificate on the first request but switching to an invalid one right after. This tricks the application into sharing security tokens between that (potentially malicious) page and any other website hosted on the same server.
Source: https://www.bleepingcomputer.com/news/security/bitdefender-fixes-bug-allowing-attackers-to-run-commands-remotely/