Skip to main content

Keepass

5 CVEs product

Monthly

CVE-2023-32784 HIGH POC This Week

In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Keepass
NVD GitHub
CVSS 3.1
7.5
EPSS
4.4%
CVE-2023-24055 MEDIUM PATCH This Month

KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Keepass
NVD
CVSS 3.1
5.5
EPSS
3.7%
CVE-2022-0725 HIGH This Week

A flaw was found in keepass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Keepass Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2017-1000066 HIGH This Week

The entry details view function in KeePass version 1.32 inadvertently decrypts certain database entries into memory, which may result in the disclosure of sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Keepass
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2016-5119 HIGH POC PATCH This Week

The automatic update feature in KeePass 2.33 and earlier allows man-in-the-middle attackers to execute arbitrary code by spoofing the version check response and supplying a crafted update. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

RCE Keepass
NVD VulDB
CVSS 3.0
7.5
EPSS
0.3%
EPSS 4% CVSS 7.5
HIGH POC This Week

In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Keepass
NVD GitHub
EPSS 4% CVSS 5.5
MEDIUM PATCH This Month

KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Keepass
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A flaw was found in keepass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Keepass Extra Packages For Enterprise Linux +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The entry details view function in KeePass version 1.32 inadvertently decrypts certain database entries into memory, which may result in the disclosure of sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Keepass
NVD
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

The automatic update feature in KeePass 2.33 and earlier allows man-in-the-middle attackers to execute arbitrary code by spoofing the version check response and supplying a crafted update. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

RCE Keepass
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy