Lucene search
+L

166 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 2:24 a.m.9 views

CVE-2010-5200

Untrusted search path vulnerability in KeePass Password Safe before 1.18 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .kdb file. NOTE: some of these details are obtained from third party information...

6.9CVSS6.8AI score0.00399EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:22 a.m.12 views

CVE-2010-5196

Untrusted search path vulnerability in KeePass Password Safe before 2.13 allows local users to gain privileges via a Trojan horse DwmApi.dll file in the current working directory, as demonstrated by a directory that contains a .kdbx file. NOTE: some of these details are obtained from third party...

6.9CVSS6.8AI score0.00581EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2024/09/27 11:11 a.m.16 views

Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks

The threat actor known as Storm-0501 has targeted government, manufacturing, transportation, and law enforcement sectors in the U.S. to stage ransomware attacks. The multi-stage attack campaign is designed to compromise hybrid cloud environments and perform lateral movement from on-premises to...

8.4AI score
Exploits0
Redos
Redos
added 2024/09/02 12:0 a.m.21 views

ROS-20240902-20

A vulnerability in the KeePass password manager is related to unencrypted storage of critical information. Exploitation of the vulnerability could allow an attacker to obtain passwords in clear form...

5.5CVSS6.9AI score0.03691EPSS
Exploits2
The Hacker News
The Hacker News
added 2024/08/19 12:37 p.m.28 views

Cybercriminals Exploit Popular Software Searches to Spread FakeBat Malware

Cybersecurity researchers have uncovered a surge in malware infections stemming from malvertising campaigns distributing a loader called FakeBat. "These attacks are opportunistic in nature, targeting users seeking popular business software," the Mandiant Managed Defense team said in a technical...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/08/02 12:0 a.m.3 views

PT-2024-12340 · Keepass · Keepass

Name of the Vulnerable Software and Affected Versions: KeePass affected versions not specified Description: The issue concerns a vulnerability in KeePass, which can be exploited by attackers. The vulnerability is related to XOR encryption and can be used to gain unauthorized access. There have be...

7.3AI score
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2024/07/25 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-32784

In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file pagefile.sys, hibernation file hiberfil.sys, or RAM dump of the entire system...

7.5CVSS7.3AI score0.04397EPSS
Exploits5References1
OSV
OSV
added 2024/06/15 12:0 a.m.8 views

OPENSUSE-SU-2024:12982-1 keepass-2.54-1.1 on GA media

These are all security issues fixed in the keepass-2.54-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS7.7AI score0.04397EPSS
Exploits5References1
Kitploit
Kitploit
added 2024/04/30 12:30 p.m.82 views

ThievingFox - Remotely Retrieving Credentials From Password Managers And Windows Utilities

ThievingFox is a collection of post-exploitation tools to gather credentials from various password managers and windows utilities. Each module leverages a specific method of injecting into the target process, and then hooks internals functions to gather crendentials. The accompanying blog post ca...

8.2AI score
Exploits0References1
OpenVAS
OpenVAS
added 2024/03/04 12:0 a.m.13 views

openSUSE: Security Advisory for keepass (openSUSE-SU-2023:0157-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.04397EPSS
Exploits5References2
BDU FSTEC
BDU FSTEC
added 2023/11/11 12:0 a.m.10 views

The vulnerability of the KeePass password manager, related to the unencrypted storage of critical information, allows attackers to obtain passwords in an open form.

The vulnerability of the KeePass password manager is related to the unencrypted storage of critical information. Exploiting this vulnerability can allow an attacker to obtain passwords in their raw form...

5.5CVSS6.3AI score0.03691EPSS
Exploits2References7Affected Software2
The Hacker News
The Hacker News
added 2023/10/20 1:49 p.m.33 views

Malvertisers Using Google Ads to Target Users Searching for Popular Software

Details have emerged about a malvertising campaign that leverages Google Ads to direct users searching for popular software to fictitious landing pages and distribute next-stage payloads. Malwarebytes, which discovered the activity, said it's "unique in its way to fingerprint users and distribute...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/09/20 12:0 a.m.40 views

Keepass < 2.54 Information disclosure

In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file pagefile.sys, hibernation file hiberfil.sys, or RAM dump of the entire system. The...

7.5CVSS7.2AI score0.04397EPSS
Exploits5References3
Redos
Redos
added 2023/09/12 12:0 a.m.25 views

ROS-20230911-02

Vulnerability of the KeePass password manager password text field is related to storing credentials in unencrypted form. Exploitation of the vulnerability could allow an attacker acting remotely, to recover the master password in plaintext...

7.5CVSS7AI score0.04397EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2023/09/11 12:0 a.m.9 views

KeePass Installed (Windows)

Binary data keepasswininstalled.nbin...

7.3AI score
Exploits0References1
GithubExploit
GithubExploit
added 2023/08/30 4:42 p.m.359 views

Exploit for Cleartext Transmission of Sensitive Information in Keepass

keepass-dump-masterkey Usage python3 poc.py Previe...

7.5CVSS7.5AI score0.04397EPSS
Exploits5
OpenVAS
OpenVAS
added 2023/07/10 12:0 a.m.19 views

Mageia: Security Advisory (MGASA-2023-0221)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.04397EPSS
Exploits7References4
OSV
OSV
added 2023/07/07 5:54 a.m.5 views

MGASA-2023-0221 Updated keepass packages fix security vulnerability

Allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. Disputed by vendor due to level of access required. CVE-2023-24055 Possible to recover the cleartext master password from a memory dump, even when a workspace is...

7.5CVSS7.6AI score0.04397EPSS
Exploits7References3
Mageia
Mageia
added 2023/07/07 5:54 a.m.39 views

Updated keepass packages fix security vulnerability

Allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. Disputed by vendor due to level of access required. CVE-2023-24055 Possible to recover the cleartext master password from a memory dump, even when a workspace is...

7.5CVSS7.1AI score0.04397EPSS
Exploits7References2
OSV
OSV
added 2023/06/30 7:32 a.m.3 views

OPENSUSE-SU-2023:0163-1 Security update for keepass

This update for keepass fixes the following issues: - Update to 2.54 Security: + Improved process memory protection of secure edit controls CVE-2023-32784, boo1211397. New Features: + Triggers, global URL overrides, password generator profiles and a few more settings are now stored in the enforce...

7.5CVSS7.8AI score0.04397EPSS
Exploits5References3
Rows per page
Query Builder