VYPR
Vendor

Malwarebytes

Products
10
CVEs
38
Across products
42
Status
Private

Products

10

Recent CVEs

38
View all 38 CVEs →
  • CVE-2025-67905HigFeb 17, 2026
    risk 0.57cvss 8.7epss 0.00

    Malwarebytes AdwCleaner before v.8.7.0 runs as Administrator and performs an insecure log file delete operation in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link, a related issue to CVE-2023-28892.…

  • CVE-2023-29146HigJun 9, 2026
    risk 0.53cvss 8.2epss 0.00

    The utility functions used by Malwarebytes EDR 1.0.11 on Linux for calculating a cryptographic hash of data bytes truncate the hashed data if it exceeds 4GB. This leads to an integer wrap-around if the data is larger than the maximum unsigned integer value (32-bit). Attackers…

  • CVE-2016-10717HigMar 21, 2018
    risk 0.51cvss 7.8epss 0.01

    A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\ProgramData) to permit execution of…

  • CVE-2018-5279HigJan 8, 2018
    risk 0.51cvss 7.8epss 0.00

    In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e02c. NOTE: the vendor reported that they "have not been able…

  • CVE-2018-5277HigJan 8, 2018
    risk 0.51cvss 7.8epss 0.00

    In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e000. NOTE: the vendor reported that they "have not been able…

  • CVE-2018-5276HigJan 8, 2018
    risk 0.51cvss 7.8epss 0.00

    In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e018. NOTE: the vendor reported that they "have not been able…

  • CVE-2018-5275HigJan 8, 2018
    risk 0.51cvss 7.8epss 0.00

    In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40E020. NOTE: the vendor reported that they "have not been able…

  • CVE-2018-5274HigJan 8, 2018
    risk 0.51cvss 7.8epss 0.00

    In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40E024. NOTE: the vendor reported that they "have not been able…

  • CVE-2018-5273HigJan 8, 2018
    risk 0.51cvss 7.8epss 0.00

    In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e014. NOTE: the vendor reported that they "have not been able…

  • CVE-2018-5272HigJan 8, 2018
    risk 0.51cvss 7.8epss 0.00

    In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e004. NOTE: the vendor reported that they "have not been able…

  • CVE-2018-5271HigJan 8, 2018
    risk 0.51cvss 7.8epss 0.00

    In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e008. NOTE: the vendor reported that they "have not been able…

  • CVE-2018-5270HigJan 8, 2018
    risk 0.51cvss 7.8epss 0.00

    In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e010. NOTE: the vendor reported that they "have not been able…

  • CVE-2023-43688HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later). There is a Heap buffer overflow in various buffer encryption utilities.

  • CVE-2023-43692HigAug 14, 2025
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in Malwarebytes before 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). Out-of-bound reads in strings detection utilities lead to system crashes.

  • CVE-2023-43687MedAug 14, 2025
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in Malwarebytes before 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). There is a Race condition that leads to code execution because of a lack of locks between file verification and execution.

  • CVE-2023-43683MedAug 14, 2025
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in Malwarebytes 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). A Stack buffer out-of-bounds access exists because of an integer underflow when handling newline characters.

  • CVE-2023-43686MedJun 9, 2026
    risk 0.40cvss 6.2epss 0.00

    An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later). A large number of Firefox preference files can cause the parser to ignore other browser configuration files, leading to a denial of service.

  • CVE-2021-43768MedOct 24, 2025
    risk 0.34cvss 5.3epss 0.00

    In Malwarebytes For Teams v.1.0.990 and before and fixed in v.1.0.1003 and later a privilege escalation can occur via the COM interface running in mbamservice.exe.

  • CVE-2023-43694MedAug 14, 2025
    risk 0.34cvss 5.2epss 0.00

    An issue was discovered in Malwarebytes 4.6.14.326 and before and 5.1.5.116 and before (and Nebula 2020-10-21 and later). An Out of bounds read in several disassembling utilities causes stability issues and denial of service.

  • CVE-2025-54569MedJul 28, 2025
    risk 0.29cvss 4.5epss 0.00

    In Malwarebytes Binisoft Windows Firewall Control before 6.16.0.0, the installer is vulnerable to local privilege escalation.