Google Chrome marks people's self-hosted password manager's vaults as 'unsafe'. Mostly bitwarden and it seems if your subdomain is vault. Obviously immediate mitigation: dump Chrome.

German gov assessment of password managers: only 1Password, Keepass2 Android, KeePassXC get full marks.