VYPR
Vendor

Keepass

Products
2
CVEs
14
Across products
14
Status
Private

Products

2

Recent CVEs

14
  • CVE-2019-20184HigJan 9, 2020
    risk 0.51cvss 7.8epss 0.02

    KeePass 2.4.1 allows CSV injection in the title field of a CSV export.

  • CVE-2020-37178HigFeb 11, 2026
    risk 0.49cvss 7.5epss 0.00

    KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can trigger the vulnerability by dragging and dropping malicious HTML files into the help area, potentially causing application instability or crash.

  • CVE-2023-32784HigMay 15, 2023
    risk 0.49cvss 7.5epss 0.05

    In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of…

  • CVE-2022-0725HigMar 10, 2022
    risk 0.49cvss 7.5epss 0.02

    A flaw was found in keepass. The vulnerability occurs due to logging the plain text passwords in system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs.

  • CVE-2017-1000066HigJul 17, 2017
    risk 0.49cvss 7.5epss 0.01

    The entry details view function in KeePass version 1.32 inadvertently decrypts certain database entries into memory, which may result in the disclosure of sensitive information.

  • CVE-2015-8378HigApr 10, 2017
    risk 0.49cvss 7.5epss 0.01

    In KeePassX before 0.4.4, a cleartext copy of password data is created upon a cancel of an XML export action. This allows context-dependent attackers to obtain sensitive information by reading the .xml dotfile.

  • CVE-2016-5119HigJan 23, 2017
    risk 0.49cvss 7.5epss 0.02

    The automatic update feature in KeePass 2.33 and earlier allows man-in-the-middle attackers to execute arbitrary code by spoofing the version check response and supplying a crafted update.

  • CVE-2026-4158HigApr 11, 2026
    risk 0.47cvss 7.3epss 0.00

    KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of KeePassXC. An attacker must first obtain the ability to execute low-privileged…

  • CVE-2024-33901MedMay 20, 2024
    risk 0.42cvss 6.5epss 0.01

    Issue in KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover some passwords stored in the .kdbx database via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other…

  • CVE-2024-33900MedMay 20, 2024
    risk 0.42cvss 6.5epss 0.00

    KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover cleartext credentials via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs.

  • CVE-2023-35866MedJun 19, 2023
    risk 0.36cvss 5.5epss 0.00

    In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the…

  • CVE-2023-24055MedJan 22, 2023
    risk 0.36cvss 5.5epss 0.04

    KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be secure against…

  • CVE-2010-5200Sep 6, 2012
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in KeePass Password Safe before 1.18 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .kdb file. NOTE: some of these details are obtained from third…

  • CVE-2010-5196Sep 6, 2012
    risk 0.00cvss epss 0.01

    Untrusted search path vulnerability in KeePass Password Safe before 2.13 allows local users to gain privileges via a Trojan horse DwmApi.dll file in the current working directory, as demonstrated by a directory that contains a .kdbx file. NOTE: some of these details are…