VYPR

Nordvpn

by Nordvpn

CVEs (6)

  • CVE-2018-10170CriApr 16, 2018
    risk 0.64cvss 9.8epss 0.02

    NordVPN 6.12.7.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "nordvpn-service" service. This service establishes an NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "Connect"…

  • CVE-2018-3952HigSep 7, 2018
    risk 0.57cvss 8.8epss 0.01

    An exploitable code execution vulnerability exists in the connect functionality of NordVPN 6.14.28.0. A specially crafted configuration file can cause a privilege escalation, resulting in the execution of arbitrary commands with system privileges.

  • CVE-2018-9105HigMar 27, 2018
    risk 0.57cvss 8.8epss 0.03

    NordVPN 3.3.10 for macOS suffers from a root privilege escalation vulnerability. The vulnerability stems from its privileged helper tool's implemented XPC service. This XPC service is responsible for receiving and processing new OpenVPN connection requests from the main…

  • CVE-2020-36992HigJan 28, 2026
    risk 0.51cvss 7.8epss 0.00

    Nord VPN 6.31.13.0 contains an unquoted service path vulnerability in its nordvpn-service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path during system startup or reboot to potentially run malicious code with…

  • CVE-2018-25368HigMay 25, 2026
    risk 0.49cvss 7.5epss 0.00

    Nord VPN 6.14.31 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting an excessively long string in the password field. Attackers can paste a buffer of repeated characters into the password input field to trigger…

  • CVE-2019-25572MedMar 21, 2026
    risk 0.40cvss 6.2epss 0.00

    NordVPN 6.19.6 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the email input field. Attackers can paste a buffer of 100,000 characters into the email field during login to trigger an…