Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2025-2516 | The use of a weak cryptographic key pair in the signature verification process in WPS Office (Kingsoft) on Windows allows an attacker who successfully recovered the private key to sign components. As older versions of WPS Office did not validate the update server's certificate, an Adversary-In-The-Middle attack was possible allowing updates to be hijacked. | 9.5 | 0.11% | 2025-03-27 | 2026-06-17 |
| CVE-2024-7263 | Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.1.0.17119 to mitigate CVE-2024-7262 was not restrictive enough. Another parameter was not properly sanitized which leads to the execution of an arbitrary Windows library. | 9.3 | 0.39% | 2024-08-15 | 2026-06-17 |
| CVE-2024-7262 KEV | Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document | 9.3 | 1.76% | 2024-08-15 | 2026-06-17 |
| CVE-2024-11957 | Improper verification of the digital signature in ksojscore.dll in Kingsoft WPS Office in versions equal or less than 12.1.0.18276 on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.2.0.16909 to mitigate CVE-2024-7262 was not restrictive enough. | 9.3 | 0.10% | 2025-03-04 | 2026-06-17 |
| CVE-2024-7400 | The vulnerability potentially allowed an attacker to misuse ESET’s file operations during the removal of a detected file on the Windows operating system to delete files without having proper permissions to do so. | 8.5 | 0.22% | 2024-09-27 | 2026-06-17 |
| CVE-2025-8088 KEV | A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET. | 8.4 | 85.78% | 2025-08-08 | 2026-06-17 |
| CVE-2025-13176 | Planting a custom configuration file in ESET Inspect Connector allow load a malicious DLL. | 8.4 | 0.15% | 2026-01-30 | 2026-06-17 |
| CVE-2024-11859 | DLL Search Order Hijacking vulnerability potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and execute its code. | 8.4 | 1.80% | 2025-04-07 | 2026-06-17 |
| CVE-2025-13818 | Local privilege escalation vulnerability via insecure temporary batch file execution in ESET Management Agent | 8.3 | 0.13% | 2026-02-06 | 2026-06-17 |
| CVE-2022-4020 | Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable. | 8.1 | 0.24% | 2022-11-28 | 2026-06-17 |
| CVE-2024-0353 | Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission. | 7.8 | 0.55% | 2024-02-15 | 2026-06-17 |
| CVE-2023-3160 | The vulnerability potentially allows an attacker to misuse ESET’s file operations during the module update to delete or move files without having proper permissions. | 7.8 | 0.18% | 2023-08-14 | 2026-06-17 |
| CVE-2023-2847 | During internal security analysis, a local privilege escalation vulnerability has been identified. On a machine with the affected ESET product installed, it was possible for a user with lower privileges due to improper privilege management to trigger actions with root privileges. ESET remedied this possible attack vector and has prepared new builds of its products that are no longer susceptible to this vulnerability. | 7.8 | 0.05% | 2023-06-15 | 2026-06-17 |
| CVE-2021-37852 | ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can be leveraged by attacker to escalate privileges in the context of NT AUTHORITY\SYSTEM. | 7.8 | 0.57% | 2022-02-09 | 2026-06-17 |
| CVE-2023-5594 | Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted. | 7.5 | 0.38% | 2023-12-21 | 2026-06-17 |
| CVE-2024-2003 | Local privilege escalation vulnerability allowed an attacker to misuse ESET's file operations during a restore operation from quarantine. | 7.3 | 0.31% | 2024-06-21 | 2026-06-17 |
| CVE-2021-37851 | Local privilege escalation in Windows products of ESET allows user who is logged into the system to exploit repair feature of the installer to run malicious code with higher privileges. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Internet Security 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Smart Security Premium 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Endpoint Antivirus 6.0 versions prior t | 7.3 | 0.20% | 2022-05-11 | 2026-06-17 |
| CVE-2024-7014 | EvilVideo vulnerability allows sending malicious apps disguised as videos in Telegram for Android application affecting versions 10.14.4 and older. | 7.1 | 1.27% | 2024-07-23 | 2026-06-17 |
| CVE-2022-27167 | Privilege escalation vulnerability in Windows products of ESET, spol. s r.o. allows attacker to exploit "Repair" and "Uninstall" features what may lead to arbitrary file deletion. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Internet Security 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Smart Security Premium 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Endpoint Antivirus 6.0 versions prior to 9.0. | 7.1 | 0.18% | 2022-05-10 | 2026-06-17 |
| CVE-2025-5028 | Installation file of ESET security products on Windows allow an attacker to misuse to delete an arbitrary file without having the permissions to do so. | 6.8 | 0.07% | 2025-07-11 | 2026-06-17 |