nordvpn CVE Vulnerabilities & CVE List (6)

Products (CPE): — CVEs: 6

nordvpn vulnerability overview

Aggregates CVE and security vulnerability intelligence across all nordvpn-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Disclosed issues often relate to vendor risk denial of service; exposure may include vendor impact application crash in vendor surface software deployment and vendor surface production workloads contexts.

Vulnerability distribution trend (last 24 months)

Showing 16 of 6 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2018-25368 Nord VPN 6.14.31 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting an excessively long string in the password field. Attackers can paste a buffer of repeated characters into the password input field to trigger an application crash when attempting to authenticate. [email protected] 8.7 0.39% 2026-05-25 2026-06-16
CVE-2019-25572 NordVPN 6.19.6 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the email input field. Attackers can paste a buffer of 100,000 characters into the email field during login to trigger an application crash. [email protected] 6.9 0.16% 2026-03-21 2026-06-16
CVE-2020-36992 Nord VPN 6.31.13.0 contains an unquoted service path vulnerability in its nordvpn-service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path during system startup or reboot to potentially run malicious code with LocalSystem permissions. [email protected] 8.5 0.16% 2026-01-28 2026-06-16
CVE-2018-3952 An exploitable code execution vulnerability exists in the connect functionality of NordVPN 6.14.28.0. A specially crafted configuration file can cause a privilege escalation, resulting in the execution of arbitrary commands with system privileges. [email protected] 8.8 0.86% 2018-09-07 2026-06-16
CVE-2018-10170 NordVPN 6.12.7.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "nordvpn-service" service. This service establishes an NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "Connect" method accepts a class instance argument that provides attacker control of the OpenVPN command line. An attacker can specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will [email protected] 9.8 2.73% 2018-04-16 2026-06-16
CVE-2018-9105 NordVPN 3.3.10 for macOS suffers from a root privilege escalation vulnerability. The vulnerability stems from its privileged helper tool's implemented XPC service. This XPC service is responsible for receiving and processing new OpenVPN connection requests from the main application. Unfortunately this XPC service is not protected, which allows arbitrary applications to connect and send it XPC messages. An attacker can send a crafted XPC message to the privileged helper tool requesting it make a [email protected] 8.8 2.74% 2018-03-27 2026-06-16
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence