The basic password can be changed without input of the existing main password
Ps Excuse me for my English
Yes, this has been mentioned. It is not a bug, but is a potential weakness.
If someone can access your machine with KeePass unlocked, you have lost your passwords anyway.
What do you mean exactly by “passwords lost”, “access to machine”, “KeePass unlocked”?
Isn't KeepPass encrypt passwords in memory?
Anyone with physical access to your machine can copy all of your passwords and take them away. If you leave your machine you must lock KeePass.