VYPR

PureVPN

by PureVPN

CVEs (7)

  • CVE-2018-6822CriFeb 7, 2018
    risk 0.64cvss 9.8epss 0.02

    In PureVPN 6.0.1 on macOS, HelperTool LaunchDaemon implements an unprotected XPC service that can be abused to execute system commands as root.

  • CVE-2018-10204HigApr 18, 2018
    risk 0.57cvss 8.8epss 0.02

    PureVPN 6.0.1 for Windows suffers from a SYSTEM privilege escalation vulnerability in its "sevpnclient" service. When configured to use the OpenVPN protocol, the "sevpnclient" service executes "openvpn.exe" using the OpenVPN config file located at…

  • CVE-2018-7484HigFeb 26, 2018
    risk 0.51cvss 7.8epss 0.02

    An issue was discovered in PureVPN through 5.19.4.0 on Windows. The client installation grants the Everyone group Full Control permission to the installation directory. In addition, the PureVPNService.exe service, which runs under NT Authority\SYSTEM privileges, tries to load…

  • CVE-2025-59692LowSep 18, 2025
    risk 0.24cvss 3.7epss 0.00

    PureVPN client applications on Linux through September 2025 mishandle firewalling. They flush the system's existing iptables rules and apply default ACCEPT policies when connecting to a VPN server. This removes firewall rules that may have been configured manually or by other…

  • CVE-2025-59691LowSep 18, 2025
    risk 0.24cvss 3.7epss 0.00

    PureVPN client applications on Linux through September 2025 allow IPv6 traffic to leak outside the VPN tunnel upon network events such as Wi-Fi reconnect or system resume. In the CLI client, the VPN auto-reconnects and claims to be connected, but IPv6 traffic is no longer routed…

  • CVE-2023-48957Aug 25, 2024
    risk 0.00cvss epss 0.00

    PureVPN Linux client 2.0.2-Productions fails to properly handle DNS queries, allowing them to bypass the VPN tunnel and be sent directly to the ISP or default DNS servers.

  • CVE-2018-18656Oct 26, 2018
    risk 0.00cvss epss 0.00

    The PureVPN client before 6.1.0 for Windows stores Login Credentials (username and password) in cleartext. The location of such files is %PROGRAMDATA%\purevpn\config\login.conf. Additionally, all local users can read this file.