NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2021-37858 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none | 該当なし | 0.04% | 2022-02-09 | 2023-11-06 |
| CVE-2021-37857 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none | 該当なし | 0.04% | 2022-02-09 | 2023-11-06 |
| CVE-2021-37856 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none | 該当なし | 0.04% | 2022-02-09 | 2023-11-06 |
| CVE-2021-37855 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none | 該当なし | 0.04% | 2022-02-09 | 2023-11-06 |
| CVE-2021-37854 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none | 該当なし | 0.04% | 2022-02-09 | 2023-11-06 |
| CVE-2021-37853 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none | 該当なし | 0.04% | 2022-02-09 | 2023-11-06 |
| CVE-2023-2847 | During internal security analysis, a local privilege escalation vulnerability has been identified. On a machine with the affected ESET product installed, it was possible for a user with lower privileges due to improper privilege management to trigger actions with root privileges. ESET remedied this possible attack vector and has prepared new builds of its products that are no longer susceptible to this vulnerability. | 7.8 | 0.05% | 2023-06-15 | 2026-06-17 |
| CVE-2025-2425 | Time-of-check to time-of-use race condition vulnerability potentially allowed an attacker to use the installed ESET security software to clear the content of an arbitrary file on the file system. | 5.1 | 0.07% | 2025-07-18 | 2026-06-17 |
| CVE-2025-5028 | Installation file of ESET security products on Windows allow an attacker to misuse to delete an arbitrary file without having the permissions to do so. | 6.8 | 0.07% | 2025-07-11 | 2026-06-17 |
| CVE-2024-11957 | Improper verification of the digital signature in ksojscore.dll in Kingsoft WPS Office in versions equal or less than 12.1.0.18276 on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.2.0.16909 to mitigate CVE-2024-7262 was not restrictive enough. | 9.3 | 0.10% | 2025-03-04 | 2026-06-17 |
| CVE-2025-4952 | Tampering of the registry entries might have led to preventing the ESET security products from starting correctly on the next system startup or to unauthorized changes in the product's configuration. | 6.8 | 0.11% | 2025-10-31 | 2026-06-17 |
| CVE-2025-2516 | The use of a weak cryptographic key pair in the signature verification process in WPS Office (Kingsoft) on Windows allows an attacker who successfully recovered the private key to sign components. As older versions of WPS Office did not validate the update server's certificate, an Adversary-In-The-Middle attack was possible allowing updates to be hijacked. | 9.5 | 0.11% | 2025-03-27 | 2026-06-17 |
| CVE-2025-13818 | Local privilege escalation vulnerability via insecure temporary batch file execution in ESET Management Agent | 8.3 | 0.13% | 2026-02-06 | 2026-06-17 |
| CVE-2025-13176 | Planting a custom configuration file in ESET Inspect Connector allow load a malicious DLL. | 8.4 | 0.15% | 2026-01-30 | 2026-06-17 |
| CVE-2025-3716 | User enumeration in ESET Protect (on-prem) via Response Timing. | 5.3 | 0.15% | 2026-03-30 | 2026-06-17 |
| CVE-2023-3160 | The vulnerability potentially allows an attacker to misuse ESET’s file operations during the module update to delete or move files without having proper permissions. | 7.8 | 0.18% | 2023-08-14 | 2026-06-17 |
| CVE-2022-27167 | Privilege escalation vulnerability in Windows products of ESET, spol. s r.o. allows attacker to exploit "Repair" and "Uninstall" features what may lead to arbitrary file deletion. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Internet Security 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Smart Security Premium 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Endpoint Antivirus 6.0 versions prior to 9.0. | 7.1 | 0.18% | 2022-05-10 | 2026-06-17 |
| CVE-2022-2402 | The vulnerability in the driver dlpfde.sys enables a user logged into the system to perform system calls leading to kernel stack overflow, resulting in a system crash, for instance, a BSOD. | 6.5 | 0.18% | 2022-09-06 | 2026-06-17 |
| CVE-2024-6654 | Products for macOS enables a user logged on to the system to perform a denial-of-service attack, which could be misused to disable the protection of the ESET security product and cause general system slow-down. | 6.8 | 0.20% | 2024-09-27 | 2026-06-17 |
| CVE-2021-37851 | Local privilege escalation in Windows products of ESET allows user who is logged into the system to exploit repair feature of the installer to run malicious code with higher privileges. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Internet Security 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Smart Security Premium 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Endpoint Antivirus 6.0 versions prior t | 7.3 | 0.20% | 2022-05-11 | 2026-06-17 |