Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2025-3716 | User enumeration in ESET Protect (on-prem) via Response Timing. | 5.3 | 0.15% | 2026-03-30 | 2026-06-17 |
| CVE-2025-13818 | Local privilege escalation vulnerability via insecure temporary batch file execution in ESET Management Agent | 8.3 | 0.13% | 2026-02-06 | 2026-06-17 |
| CVE-2025-13176 | Planting a custom configuration file in ESET Inspect Connector allow load a malicious DLL. | 8.4 | 0.15% | 2026-01-30 | 2026-06-17 |
| CVE-2025-12460 | An XSS issue was discovered in Afterlogic Aurora webmail version 9.8.3 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img HTML tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window, and access user data. | 5.3 | 0.36% | 2025-10-31 | 2026-06-17 |
| CVE-2025-4952 | Tampering of the registry entries might have led to preventing the ESET security products from starting correctly on the next system startup or to unauthorized changes in the product's configuration. | 6.8 | 0.11% | 2025-10-31 | 2026-06-17 |
| CVE-2025-8088 KEV | A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET. | 8.4 | 85.78% | 2025-08-08 | 2026-06-17 |
| CVE-2025-2425 | Time-of-check to time-of-use race condition vulnerability potentially allowed an attacker to use the installed ESET security software to clear the content of an arbitrary file on the file system. | 5.1 | 0.07% | 2025-07-18 | 2026-06-17 |
| CVE-2025-5028 | Installation file of ESET security products on Windows allow an attacker to misuse to delete an arbitrary file without having the permissions to do so. | 6.8 | 0.07% | 2025-07-11 | 2026-06-17 |
| CVE-2025-3929 | An XSS issue was discovered in MDaemon Email Server version 25.0.1 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window, and access user data. | 5.3 | 0.47% | 2025-04-29 | 2026-06-17 |
| CVE-2024-11859 | DLL Search Order Hijacking vulnerability potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and execute its code. | 8.4 | 1.80% | 2025-04-07 | 2026-06-17 |
| CVE-2025-2516 | The use of a weak cryptographic key pair in the signature verification process in WPS Office (Kingsoft) on Windows allows an attacker who successfully recovered the private key to sign components. As older versions of WPS Office did not validate the update server's certificate, an Adversary-In-The-Middle attack was possible allowing updates to be hijacked. | 9.5 | 0.11% | 2025-03-27 | 2026-06-17 |
| CVE-2024-11957 | Improper verification of the digital signature in ksojscore.dll in Kingsoft WPS Office in versions equal or less than 12.1.0.18276 on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.2.0.16909 to mitigate CVE-2024-7262 was not restrictive enough. | 9.3 | 0.10% | 2025-03-04 | 2026-06-17 |
| CVE-2024-11182 KEV | An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window. | 5.3 | 17.11% | 2024-11-15 | 2026-06-17 |
| CVE-2024-6654 | Products for macOS enables a user logged on to the system to perform a denial-of-service attack, which could be misused to disable the protection of the ESET security product and cause general system slow-down. | 6.8 | 0.20% | 2024-09-27 | 2026-06-17 |
| CVE-2024-7400 | The vulnerability potentially allowed an attacker to misuse ESET’s file operations during the removal of a detected file on the Windows operating system to delete files without having proper permissions to do so. | 8.5 | 0.22% | 2024-09-27 | 2026-06-17 |
| CVE-2024-7263 | Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.1.0.17119 to mitigate CVE-2024-7262 was not restrictive enough. Another parameter was not properly sanitized which leads to the execution of an arbitrary Windows library. | 9.3 | 0.39% | 2024-08-15 | 2026-06-17 |
| CVE-2024-7262 KEV | Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document | 9.3 | 1.76% | 2024-08-15 | 2026-06-17 |
| CVE-2024-7014 | EvilVideo vulnerability allows sending malicious apps disguised as videos in Telegram for Android application affecting versions 10.14.4 and older. | 7.1 | 1.27% | 2024-07-23 | 2026-06-17 |
| CVE-2024-3779 | Denial of service vulnerability present shortly after product installation or upgrade, potentially allowed an attacker to render ESET’s security product inoperable, provided non-default preconditions were met. | 6.1 | 0.20% | 2024-07-16 | 2026-06-17 |
| CVE-2024-2003 | Local privilege escalation vulnerability allowed an attacker to misuse ESET's file operations during a restore operation from quarantine. | 7.3 | 0.31% | 2024-06-21 | 2026-06-17 |