Known Vulnerabilities for products from Teampass

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Teampass".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-3107 Not Provided 2026-03-31 2026-03-31
CVE-2026-3106 Not Provided 2026-03-31 2026-03-31
CVE-2020-12479 TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP requ... 8.8 - HIGH 2020-04-29 2020-05-01
CVE-2020-12478 TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups ... 7.5 - HIGH 2020-04-29 2021-07-21
CVE-2020-12477 The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restriction... 7.5 - HIGH 2020-04-29 2021-07-21
CVE-2020-11671 Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API ... 8.1 - HIGH 2020-05-04 2021-07-21
CVE-2019-1000001 TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vau... 9.8 - CRITICAL 2019-02-04 2020-08-24
CVE-2019-17205 TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator... 6.1 - MEDIUM 2019-10-05 2019-10-08
CVE-2019-17204 TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Base label and adding any available item. 5.4 - MEDIUM 2019-10-05 2019-10-08
CVE-2019-17203 TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder. 5.4 - MEDIUM 2019-10-05 2019-10-08
CVE-2019-16904 TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the it... 5.4 - MEDIUM 2019-09-26 2019-09-27
CVE-2019-12950 An issue was discovered in TeamPass 2.1.27.35. From the sources/items.queries.php "Import items" feature, it is possible to l... 5.4 - MEDIUM 2019-08-06 2019-08-14
CVE-2017-15278 Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. The vulnerability exists due to insufficient filtratio... 5.4 - MEDIUM 2017-10-12 2017-10-26
CVE-2017-15055 TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. It is then possible... 8.1 - HIGH 2017-11-27 2019-10-03
CVE-2017-15054 An arbitrary file upload vulnerability, present in TeamPass before 2.1.27.9, allows remote authenticated users to upload arbi... 7.5 - HIGH 2017-11-27 2017-12-07
CVE-2017-15053 TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. It is then possi... 4.9 - MEDIUM 2017-11-27 2019-10-03
CVE-2017-15052 TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. It is then possi... 4.9 - MEDIUM 2017-11-27 2019-10-03
CVE-2017-15051 Multiple stored cross-site scripting (XSS) vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers t... 5.4 - MEDIUM 2017-11-27 2017-12-07
CVE-2017-9436 TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.queries.php. 9.8 - CRITICAL 2017-06-05 2017-06-13
CVE-2015-7564 Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL command... 9.8 - CRITICAL 2017-04-12 2017-04-20
Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Teampass

Type Vendor Product Version
ApplicationTeampassTeampass2.1