Keepass
Products
2- 12 CVEs
- 2 CVEs
Recent CVEs
14| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-20184 | Hig | 0.51 | 7.8 | 0.02 | Jan 9, 2020 | KeePass 2.4.1 allows CSV injection in the title field of a CSV export. | ||
| CVE-2020-37178 | Hig | 0.49 | 7.5 | 0.00 | Feb 11, 2026 | KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can trigger the vulnerability by dragging and dropping malicious HTML files into the help area, potentially causing application instability or crash. | ||
| CVE-2023-32784 | Hig | 0.49 | 7.5 | 0.05 | May 15, 2023 | In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of… | ||
| CVE-2022-0725 | Hig | 0.49 | 7.5 | 0.02 | Mar 10, 2022 | A flaw was found in keepass. The vulnerability occurs due to logging the plain text passwords in system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs. | ||
| CVE-2017-1000066 | Hig | 0.49 | 7.5 | 0.01 | Jul 17, 2017 | The entry details view function in KeePass version 1.32 inadvertently decrypts certain database entries into memory, which may result in the disclosure of sensitive information. | ||
| CVE-2015-8378 | Hig | 0.49 | 7.5 | 0.01 | Apr 10, 2017 | In KeePassX before 0.4.4, a cleartext copy of password data is created upon a cancel of an XML export action. This allows context-dependent attackers to obtain sensitive information by reading the .xml dotfile. | ||
| CVE-2016-5119 | Hig | 0.49 | 7.5 | 0.02 | Jan 23, 2017 | The automatic update feature in KeePass 2.33 and earlier allows man-in-the-middle attackers to execute arbitrary code by spoofing the version check response and supplying a crafted update. | ||
| CVE-2026-4158 | Hig | 0.47 | 7.3 | 0.00 | Apr 11, 2026 | KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of KeePassXC. An attacker must first obtain the ability to execute low-privileged… | ||
| CVE-2024-33901 | Med | 0.42 | 6.5 | 0.01 | May 20, 2024 | Issue in KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover some passwords stored in the .kdbx database via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other… | ||
| CVE-2024-33900 | Med | 0.42 | 6.5 | 0.00 | May 20, 2024 | KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover cleartext credentials via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs. | ||
| CVE-2023-35866 | Med | 0.36 | 5.5 | 0.00 | Jun 19, 2023 | In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the… | ||
| CVE-2023-24055 | Med | 0.36 | 5.5 | 0.04 | Jan 22, 2023 | KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be secure against… | ||
| CVE-2010-5200 | 0.00 | — | 0.00 | Sep 6, 2012 | Untrusted search path vulnerability in KeePass Password Safe before 1.18 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .kdb file. NOTE: some of these details are obtained from third… | |||
| CVE-2010-5196 | 0.00 | — | 0.01 | Sep 6, 2012 | Untrusted search path vulnerability in KeePass Password Safe before 2.13 allows local users to gain privileges via a Trojan horse DwmApi.dll file in the current working directory, as demonstrated by a directory that contains a .kdbx file. NOTE: some of these details are… |
- risk 0.51cvss 7.8epss 0.02
KeePass 2.4.1 allows CSV injection in the title field of a CSV export.
- risk 0.49cvss 7.5epss 0.00
KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can trigger the vulnerability by dragging and dropping malicious HTML files into the help area, potentially causing application instability or crash.
- risk 0.49cvss 7.5epss 0.05
In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of…
- risk 0.49cvss 7.5epss 0.02
A flaw was found in keepass. The vulnerability occurs due to logging the plain text passwords in system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs.
- risk 0.49cvss 7.5epss 0.01
The entry details view function in KeePass version 1.32 inadvertently decrypts certain database entries into memory, which may result in the disclosure of sensitive information.
- risk 0.49cvss 7.5epss 0.01
In KeePassX before 0.4.4, a cleartext copy of password data is created upon a cancel of an XML export action. This allows context-dependent attackers to obtain sensitive information by reading the .xml dotfile.
- risk 0.49cvss 7.5epss 0.02
The automatic update feature in KeePass 2.33 and earlier allows man-in-the-middle attackers to execute arbitrary code by spoofing the version check response and supplying a crafted update.
- risk 0.47cvss 7.3epss 0.00
KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of KeePassXC. An attacker must first obtain the ability to execute low-privileged…
- risk 0.42cvss 6.5epss 0.01
Issue in KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover some passwords stored in the .kdbx database via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other…
- risk 0.42cvss 6.5epss 0.00
KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover cleartext credentials via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs.
- risk 0.36cvss 5.5epss 0.00
In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the…
- risk 0.36cvss 5.5epss 0.04
KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be secure against…
- CVE-2010-5200Sep 6, 2012risk 0.00cvss —epss 0.00
Untrusted search path vulnerability in KeePass Password Safe before 1.18 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .kdb file. NOTE: some of these details are obtained from third…
- CVE-2010-5196Sep 6, 2012risk 0.00cvss —epss 0.01
Untrusted search path vulnerability in KeePass Password Safe before 2.13 allows local users to gain privileges via a Trojan horse DwmApi.dll file in the current working directory, as demonstrated by a directory that contains a .kdbx file. NOTE: some of these details are…