Vulnerabilities > Teampass > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-08 | CVE-2023-3551 | Unspecified vulnerability in Teampass Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.10. | 7.2 |
| 2023-07-08 | CVE-2023-3553 | Unspecified vulnerability in Teampass Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository nilsteampassnet/teampass prior to 3.0.10. | 7.5 |
| 2023-06-03 | CVE-2023-3084 | Unspecified vulnerability in Teampass Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | 8.1 |
| 2023-06-03 | CVE-2023-3083 | Unspecified vulnerability in Teampass Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | 8.7 |
| 2023-05-24 | CVE-2023-2859 | Unspecified vulnerability in Teampass Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | 8.8 |
| 2023-03-21 | CVE-2023-1545 | SQL Injection vulnerability in Teampass SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23. | 7.5 |
| 2023-02-27 | CVE-2023-1070 | Unspecified vulnerability in Teampass External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22. | 7.1 |
| 2020-05-04 | CVE-2020-11671 | Missing Authorization vulnerability in Teampass Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. | 8.1 |
| 2020-04-29 | CVE-2020-12479 | Path Traversal vulnerability in Teampass 2.1.27.36 TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal. | 8.8 |
| 2020-04-29 | CVE-2020-12478 | Missing Authentication for Critical Function vulnerability in Teampass 2.1.27.36 TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. | 7.5 |