AdGuard
Products
2- 5 CVEs
- 1 CVE
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-45770 | Hig | 0.51 | 7.8 | 0.01 | Jan 26, 2023 | Improper input validation in adgnetworkwfpdrv.sys in Adguard For Windows x86 through 7.11 allows local privilege escalation. | ||
| CVE-2023-41173 | Hig | 0.49 | 7.5 | 0.01 | Aug 25, 2023 | AdGuard DNS before 2.2 allows remote attackers to cause a denial of service via malformed UDP packets. | ||
| CVE-2021-27935 | Hig | 0.49 | 7.5 | 0.04 | Mar 3, 2021 | An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is able to bruteforce their password offline, because the hash of the password is stored in the cookie. | ||
| CVE-2024-48662 | Med | 0.40 | 6.1 | 0.00 | Jan 27, 2025 | Cross Site Scripting vulnerability in AdGuard Application v.7.18.1 (4778) and before allows an attacker to execute arbitrary code via a crafted payload to the fontMatrix component. | ||
| CVE-2025-51497 | Med | 0.36 | 5.5 | 0.00 | Jul 17, 2025 | An issue was discovered in AdGuard plugin before 1.11.22 for Safari on MacOS. AdGaurd verbosely logged each url that Safari accessed when the plugin was active. These logs went into the MacOS general logs for any unsandboxed process to read. This may be disabled in version… | ||
| CVE-2026-47703 | 0.00 | — | 0.00 | Jun 4, 2026 | ## Summary This report covers the client-triggered DoQ forwarding path in: - `dnsproxy` `v0.81.2` (`adguard/dnsproxy:v0.81.2`) - `AdGuard Home` `v0.107.74` (`adguard/adguardhome:latest`, image version label `v0.107.74`) The issue was reproduced on `2026-04-25` with the… |
- risk 0.51cvss 7.8epss 0.01
Improper input validation in adgnetworkwfpdrv.sys in Adguard For Windows x86 through 7.11 allows local privilege escalation.
- risk 0.49cvss 7.5epss 0.01
AdGuard DNS before 2.2 allows remote attackers to cause a denial of service via malformed UDP packets.
- risk 0.49cvss 7.5epss 0.04
An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is able to bruteforce their password offline, because the hash of the password is stored in the cookie.
- risk 0.40cvss 6.1epss 0.00
Cross Site Scripting vulnerability in AdGuard Application v.7.18.1 (4778) and before allows an attacker to execute arbitrary code via a crafted payload to the fontMatrix component.
- risk 0.36cvss 5.5epss 0.00
An issue was discovered in AdGuard plugin before 1.11.22 for Safari on MacOS. AdGaurd verbosely logged each url that Safari accessed when the plugin was active. These logs went into the MacOS general logs for any unsandboxed process to read. This may be disabled in version…
- CVE-2026-47703Jun 4, 2026risk 0.00cvss —epss 0.00
## Summary This report covers the client-triggered DoQ forwarding path in: - `dnsproxy` `v0.81.2` (`adguard/dnsproxy:v0.81.2`) - `AdGuard Home` `v0.107.74` (`adguard/adguardhome:latest`, image version label `v0.107.74`) The issue was reproduced on `2026-04-25` with the…