VYPR

ExpressVPN

by ExpressVPN

CVEs (2)

  • CVE-2024-25728HigFeb 11, 2024
    risk 0.49cvss 7.5epss 0.01

    ExpressVPN before 12.73.0 on Windows, when split tunneling is used, sends DNS requests according to the Windows configuration (e.g., sends them to DNS servers operated by the user's ISP instead of to the ExpressVPN DNS servers), which may allow remote attackers to obtain…

  • CVE-2018-15490HigJan 2, 2019
    risk 0.46cvss 7.1epss 0.01

    An issue was discovered in ExpressVPN on Windows. The Xvpnd.exe process (which runs as a service with SYSTEM privileges) listens on TCP port 2015, which is used as an RPC interface for communication with the client side of the ExpressVPN application. A JSON-RPC protocol over…