VYPR
Vendor

Nilsteampassnet

Products
2
CVEs
41
Across products
41
Status
Private

Products

2

Recent CVEs

41
View all 41 CVEs →
  • CVE-2017-9436CriJun 5, 2017
    risk 0.64cvss 9.8epss 0.01

    TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.queries.php.

  • CVE-2015-7564CriApr 12, 2017
    risk 0.60cvss 9.8epss 0.03

    Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b)…

  • CVE-2015-7563HigApr 12, 2017
    risk 0.53cvss 8.8epss 0.03

    Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user.

  • CVE-2017-15055HigNov 27, 2017
    risk 0.46cvss 8.1epss 0.01

    TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. It is then possible to copy any arbitrary item into a directory controlled by the attacker, edit any item within a read-only directory, delete an arbitrary item, delete the…

  • CVE-2017-15054HigNov 27, 2017
    risk 0.42cvss 7.5epss 0.04

    An arbitrary file upload vulnerability, present in TeamPass before 2.1.27.9, allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. To exploit this vulnerability, an authenticated attacker has to tamper with parameters of a request to…

  • CVE-2015-7562MedApr 12, 2017
    risk 0.36cvss 6.1epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role.

  • CVE-2026-3107MedMar 31, 2026
    risk 0.35cvss 5.4epss 0.00

    Stored Cross-Site Scripting (XSS) in Teampass versions prior to 3.1.5.16, affecting the password manager's password import functionality at the endpoint 'redacted/index.php?page=items'. The application fails to properly sanitize and encode user-input data during the import…

  • CVE-2026-3106MedMar 31, 2026
    risk 0.35cvss 5.4epss 0.00

    Blind Cross-Site Scripting (XSS) in Teampass, versions prior to 3.1.5.16, within the password manager login functionality in the 'contraseña' parameter of the login form 'redacted/index.php'. During failed authentication attempts, the application does not properly clean or…

  • CVE-2017-15051MedNov 27, 2017
    risk 0.28cvss 5.4epss 0.01

    Multiple stored cross-site scripting (XSS) vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the (1) URL value of an item or (2) user log history. To exploit the vulnerability, the attacker must be first…

  • CVE-2017-15278MedOct 12, 2017
    risk 0.28cvss 5.4epss 0.01

    Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. The vulnerability exists due to insufficient filtration of data (in /sources/folders.queries.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable…

  • CVE-2017-15053MedNov 27, 2017
    risk 0.25cvss 4.9epss 0.01

    TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. It is then possible for a manager user to modify any arbitrary roles within the application, or delete any arbitrary role. To exploit the vulnerability, an authenticated…

  • CVE-2017-15052MedNov 27, 2017
    risk 0.25cvss 4.9epss 0.01

    TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. It is then possible for a manager user to delete an arbitrary user (including admin), or modify attributes of any arbitrary user except administrator. To exploit the…

  • CVE-2012-2234Apr 22, 2012
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in sources/users.queries.php in TeamPass before 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the login parameter in an add_new_user action.

  • CVE-2024-50703Dec 30, 2024
    risk 0.00cvss epss 0.00

    TeamPass before 3.1.3.1 does not properly prevent a user from acting with the privileges of a different user_id.

  • CVE-2024-50702Dec 30, 2024
    risk 0.00cvss epss 0.00

    TeamPass before 3.1.3.1 does not properly check whether a mail_me (aka action_mail) operation is on behalf of an administrator or manager.

  • CVE-2024-50701Dec 30, 2024
    risk 0.00cvss epss 0.00

    TeamPass before 3.1.3.1, when retrieving information about access rights for a folder, does not properly check whether a folder is in a user's allowed folders list that has been defined by an admin.

  • CVE-2023-3565Jul 8, 2023
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) - Generic in GitHub repository nilsteampassnet/teampass prior to 3.0.10.

  • CVE-2023-3553Jul 8, 2023
    risk 0.00cvss epss 0.01

    Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository nilsteampassnet/teampass prior to 3.0.10.

  • CVE-2023-3552Jul 8, 2023
    risk 0.00cvss epss 0.00

    Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.10.

  • CVE-2023-3551Jul 8, 2023
    risk 0.00cvss epss 0.01

    Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.10.