VYPR
Vendor

Epic Games

Products
13
CVEs
24
Across products
39
Status
Private

Products

13

Recent CVEs

24
View all 24 CVEs →
  • CVE-2025-61973HigJan 15, 2026
    risk 0.57cvss 8.8epss 0.00

    A local privilege escalation vulnerability exists during the installation of Epic Games Store via the Microsoft Store. A low-privilege user can replace a DLL file during the installation process, which may result in unintended elevation of privileges.

  • CVE-2021-47742HigDec 31, 2025
    risk 0.57cvss 8.8epss 0.00

    Epic Games Psyonix Rocket League <=1.95 contains an insecure permissions vulnerability that allows authenticated users to modify executable files with full access permissions. Attackers can leverage the 'F' (Full) flag for the 'Authenticated Users' group to change executable…

  • CVE-2021-47739HigDec 23, 2025
    risk 0.55cvss 8.4epss 0.00

    Epic Games Easy Anti-Cheat 4.0 contains an unquoted service path vulnerability that allows local non-privileged users to execute arbitrary code with elevated system privileges. Attackers can exploit the service configuration by inserting malicious code in the system root path…

  • CVE-2025-0567MedJan 19, 2025
    risk 0.29cvss 4.5epss 0.00

    A vulnerability classified as problematic was found in Epic Games Launcher up to 17.2.1. This vulnerability affects unknown code in the library profapi.dll of the component Installer. The manipulation leads to untrusted search path. Attacking locally is a requirement. The…

  • CVE-2004-0608Dec 6, 2004
    risk 0.09cvss epss 0.74

    The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation 390 and earlier, Mobile Forces 20000 and earlier, Nerf Arena Blast 1.2 and earlier, Postal 2 1337 and earlier, Rune 107 and earlier, Tactical Ops 3.4.0 and earlier, Unreal 1 226f and earlier, Unreal II XMP…

  • CVE-2008-3409Jul 31, 2008
    risk 0.04cvss epss 0.11

    Buffer overflow in Unreal Tournament 3 1.3beta4 and earlier allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a UDP packet containing a large value in a certain size field, followed by a data string…

  • CVE-2008-3396Jul 31, 2008
    risk 0.04cvss epss 0.08

    Unreal Tournament 2004 (UT2004) 3369 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a certain sequence of malformed packets.

  • CVE-2004-1805Dec 31, 2004
    risk 0.04cvss epss 0.06

    Format string vulnerability in games using the Epic Games Unreal Engine 436 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in class names.

  • CVE-2008-7015Aug 19, 2009
    risk 0.03cvss epss 0.03

    Unreal engine 3, as used in Unreal Tournament 3 1.3, Frontlines: Fuel of War 1.1.1, and other products, allows remote attackers to cause a denial of service (server exit) via a packet with a large length value that triggers a memory allocation failure.

  • CVE-2008-7011Aug 19, 2009
    risk 0.03cvss epss 0.02

    The Unreal engine, as used in Unreal Tournament 3 1.3, Unreal Tournament 2003 and 2004, Dead Man's Hand, Pariah, WarPath, Postal2, and Shadow Ops, allows remote authenticated users to cause a denial of service (server exit) via multiple file downloads from the server, which…

  • CVE-2008-4243Sep 25, 2008
    risk 0.03cvss epss 0.04

    Directory traversal vulnerability in ImageServer (aka UTImageServer) in WebAdmin before 1.7 for Epic Games Unreal Tournament 3 (UT3) 1.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.

  • CVE-2007-4442Aug 21, 2007
    risk 0.03cvss epss 0.04

    Stack-based buffer overflow in the logging function in the Unreal engine, possibly 2003 and 2004, as used in the internal web server, allows remote attackers to cause a denial of service (application crash) via a request for a long .gif filename in the images/ directory, related…

  • CVE-2004-1958Dec 31, 2004
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in manifest.ini in Unreal engine allows remote attackers to overwrite arbitrary files via .. (dot dot) sequences in a UMOD (Unreal MOD) file.

  • CVE-2003-1430Dec 31, 2003
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in Unreal Tournament Server 436 and earlier allows remote attackers to access known files via a ".." (dot dot) in an unreal:// URL.

  • CVE-2003-1431Dec 31, 2003
    risk 0.03cvss epss 0.05

    Buffer overflow in Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (crash) via a long host string in the Unreal URL.

  • CVE-2003-1432Dec 31, 2003
    risk 0.01cvss epss 0.08

    Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via (1) a packet with a negative size value, which is treated as a large positive number during memory allocation, or (2)…

  • CVE-2024-11872Dec 11, 2024
    risk 0.00cvss epss 0.00

    Epic Games Launcher Incorrect Default Permissions Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Epic Games Launcher. An attacker must first obtain the ability to execute low-privileged code…

  • CVE-2018-17707Jan 24, 2019
    risk 0.00cvss epss 0.03

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Epic Games Launcher versions prior to 8.2.2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.…

  • CVE-2010-2702Jul 12, 2010
    risk 0.00cvss epss 0.05

    Buffer overflow in the UGameEngine::UpdateConnectingMessage function in the Unreal engine 1, 2, and 2.5, as used in multiple games including Unreal Tournament 2004, Unreal tournament 2003, Postal 2, Raven Shield, and SWAT4, when downloads are enabled, allows remote attackers to…

  • CVE-2008-6441Mar 9, 2009
    risk 0.00cvss epss 0.04

    Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command.