KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover cleartext credentials via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/33xxx/CVE-2024-33900.json",
"cna_assigner": "mitre",
"isDisputed": true
}