VYPR
Vendor

Hotspot Shield

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2018-6460HigJan 31, 2018
    risk 0.53cvss 7.5epss 0.11

    Hotspot Shield runs a webserver with a static IP address 127.0.0.1 and port 895. The web server uses JSONP and hosts sensitive information including configuration. User controlled input is not sufficiently filtered: an unauthenticated attacker can send a POST request to…

  • CVE-2016-20060HigApr 4, 2026
    risk 0.51cvss 7.8epss 0.00

    Hotspot Shield 6.0.3 contains an unquoted service path vulnerability in the hshld service binary that allows local attackers to escalate privileges by injecting malicious executables. Attackers can place executable files in the service path and upon service restart or system…

  • CVE-2020-17365HigSep 24, 2020
    risk 0.51cvss 7.8epss 0.00

    Improper directory permissions in the Hotspot Shield VPN client software for Windows 10.3.0 and earlier may allow an authorized user to potentially enable escalation of privilege via local access. The vulnerability allows a local user to corrupt system files: a local user can…

  • CVE-2025-40710LowJun 30, 2025
    risk 0.15cvss epss 0.00

    Host Header Injection (HHI) vulnerability in the Hotspot Shield VPN client, which can induce unexpected behaviour when accessing third-party web applications through the VPN tunnel. Although such applications do not present this vulnerability per se, the use of the tunnel,…