Vendor CVEs
Malwarebytes
All CVEs
38 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-67905 | Hig | 0.57 | 8.7 | 0.00 | Feb 17, 2026 | Malwarebytes AdwCleaner before v.8.7.0 runs as Administrator and performs an insecure log file delete operation in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link, a related issue to CVE-2023-28892.… | ||
| CVE-2023-29146 | Hig | 0.53 | 8.2 | 0.00 | Jun 9, 2026 | The utility functions used by Malwarebytes EDR 1.0.11 on Linux for calculating a cryptographic hash of data bytes truncate the hashed data if it exceeds 4GB. This leads to an integer wrap-around if the data is larger than the maximum unsigned integer value (32-bit). Attackers… | ||
| CVE-2016-10717 | Hig | 0.51 | 7.8 | 0.01 | Mar 21, 2018 | A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\ProgramData) to permit execution of… | ||
| CVE-2018-5279 | Hig | 0.51 | 7.8 | 0.00 | Jan 8, 2018 | In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e02c. NOTE: the vendor reported that they "have not been able… | ||
| CVE-2018-5277 | Hig | 0.51 | 7.8 | 0.00 | Jan 8, 2018 | In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e000. NOTE: the vendor reported that they "have not been able… | ||
| CVE-2018-5276 | Hig | 0.51 | 7.8 | 0.00 | Jan 8, 2018 | In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e018. NOTE: the vendor reported that they "have not been able… | ||
| CVE-2018-5275 | Hig | 0.51 | 7.8 | 0.00 | Jan 8, 2018 | In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40E020. NOTE: the vendor reported that they "have not been able… | ||
| CVE-2018-5274 | Hig | 0.51 | 7.8 | 0.00 | Jan 8, 2018 | In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40E024. NOTE: the vendor reported that they "have not been able… | ||
| CVE-2018-5273 | Hig | 0.51 | 7.8 | 0.00 | Jan 8, 2018 | In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e014. NOTE: the vendor reported that they "have not been able… | ||
| CVE-2018-5272 | Hig | 0.51 | 7.8 | 0.00 | Jan 8, 2018 | In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e004. NOTE: the vendor reported that they "have not been able… | ||
| CVE-2018-5271 | Hig | 0.51 | 7.8 | 0.00 | Jan 8, 2018 | In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e008. NOTE: the vendor reported that they "have not been able… | ||
| CVE-2018-5270 | Hig | 0.51 | 7.8 | 0.00 | Jan 8, 2018 | In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e010. NOTE: the vendor reported that they "have not been able… | ||
| CVE-2023-43688 | Hig | 0.49 | 7.5 | 0.00 | Jun 9, 2026 | An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later). There is a Heap buffer overflow in various buffer encryption utilities. | ||
| CVE-2023-43692 | Hig | 0.49 | 7.5 | 0.00 | Aug 14, 2025 | An issue was discovered in Malwarebytes before 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). Out-of-bound reads in strings detection utilities lead to system crashes. | ||
| CVE-2023-43687 | Med | 0.42 | 6.5 | 0.00 | Aug 14, 2025 | An issue was discovered in Malwarebytes before 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). There is a Race condition that leads to code execution because of a lack of locks between file verification and execution. | ||
| CVE-2023-43683 | Med | 0.42 | 6.5 | 0.00 | Aug 14, 2025 | An issue was discovered in Malwarebytes 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). A Stack buffer out-of-bounds access exists because of an integer underflow when handling newline characters. | ||
| CVE-2023-43686 | Med | 0.40 | 6.2 | 0.00 | Jun 9, 2026 | An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later). A large number of Firefox preference files can cause the parser to ignore other browser configuration files, leading to a denial of service. | ||
| CVE-2021-43768 | Med | 0.34 | 5.3 | 0.00 | Oct 24, 2025 | In Malwarebytes For Teams v.1.0.990 and before and fixed in v.1.0.1003 and later a privilege escalation can occur via the COM interface running in mbamservice.exe. | ||
| CVE-2023-43694 | Med | 0.34 | 5.2 | 0.00 | Aug 14, 2025 | An issue was discovered in Malwarebytes 4.6.14.326 and before and 5.1.5.116 and before (and Nebula 2020-10-21 and later). An Out of bounds read in several disassembling utilities causes stability issues and denial of service. | ||
| CVE-2025-54569 | Med | 0.29 | 4.5 | 0.00 | Jul 28, 2025 | In Malwarebytes Binisoft Windows Firewall Control before 6.16.0.0, the installer is vulnerable to local privilege escalation. | ||
| CVE-2018-5278 | Low | 0.21 | 3.3 | 0.00 | Jan 8, 2018 | In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e00c. NOTE: the vendor reported that they "have not been able… | ||
| CVE-2014-4936 | 0.04 | — | 0.17 | Dec 16, 2014 | The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE) consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable. | |||
| CVE-2014-100039 | 0.03 | — | 0.01 | Jan 13, 2015 | mbae.sys in Malwarebytes Anti-Exploit before 1.05.1.2014 allows local users to cause a denial of service (crash) via a crafted size in an unspecified IOCTL call, which triggers an out-of-bounds read. NOTE: some of these details are obtained from third party information. | |||
| CVE-2022-50971 | 0.00 | — | 0.00 | Jun 19, 2026 | Malwarebytes 4.5 contains an unquoted service path vulnerability in the MBAMService executable that allows local attackers to escalate privileges by injecting malicious code into the system root path. Attackers can place executable files in unquoted path directories that execute… | |||
| CVE-2023-29144 | 0.00 | — | 0.00 | Dec 12, 2025 | Malwarebytes 1.0.14 for Linux doesn't properly compute signatures in some scenarios. This allows a bypass of detection. | |||
| CVE-2024-6260 | 0.00 | — | 0.00 | Nov 22, 2024 | Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalware. An attacker must first obtain the ability to execute low-privileged code on… | |||
| CVE-2024-25089 | 0.00 | — | 0.02 | Feb 4, 2024 | Malwarebytes Binisoft Windows Firewall Control before 6.9.9.2 allows remote attackers to execute arbitrary code via gRPC named pipes. | |||
| CVE-2023-27469 | 0.00 | — | 0.00 | Jun 30, 2023 | Malwarebytes Anti-Exploit 4.4.0.220 is vulnerable to arbitrary file deletion and denial of service via an ALPC message in which FullFileNamePath lacks a '\0' character. | |||
| CVE-2023-29145 | 0.00 | — | 0.00 | Jun 30, 2023 | The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD_LIBRARY_PATH, set LD_PRELOAD, or run an executable file in a debugger. | |||
| CVE-2023-36631 | 0.00 | — | 0.01 | Jun 26, 2023 | Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Firewall Control 6.9.2.0 allows local unprivileged users to bypass Windows Firewall restrictions via the user interface's rules tab. NOTE: the vendor's perspective is "this is intended behavior as the application… | |||
| CVE-2023-28892 | 0.00 | — | 0.00 | Mar 29, 2023 | Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete operation on C:\AdwCleaner\Logs\AdwCleaner_Debug.log in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link. | |||
| CVE-2023-26088 | 0.00 | — | 0.00 | Mar 23, 2023 | In Malwarebytes before 4.5.23, a symbolic link may be used delete any arbitrary file on the system by exploiting the local quarantine system. It can also lead to privilege escalation in certain scenarios. | |||
| CVE-2022-25150 | 0.00 | — | 0.00 | Feb 14, 2022 | In Malwarebytes Binisoft Windows Firewall Control before 6.8.1.0, programs executed from the Tools tab can be used to escalate privileges. | |||
| CVE-2020-25533 | 0.00 | — | 0.00 | Jan 15, 2021 | An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An… | |||
| CVE-2020-28641 | 0.00 | — | 0.01 | Dec 22, 2020 | In Malwarebytes Free 4.1.0.56, a symbolic link may be used delete an arbitrary file on the system by exploiting the local quarantine system. | |||
| CVE-2020-11507 | 0.00 | — | 0.01 | Apr 6, 2020 | An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner 8.0.3 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded. | |||
| CVE-2019-19929 | 0.00 | — | 0.01 | Dec 23, 2019 | An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner before 8.0.1 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded by the product. | |||
| CVE-2019-6739 | 0.00 | — | 0.10 | Jun 3, 2019 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Malwarebytes Antimalware 3.6.1.2711. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. There is an issue with the way… |
- risk 0.57cvss 8.7epss 0.00
Malwarebytes AdwCleaner before v.8.7.0 runs as Administrator and performs an insecure log file delete operation in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link, a related issue to CVE-2023-28892.…
- risk 0.53cvss 8.2epss 0.00
The utility functions used by Malwarebytes EDR 1.0.11 on Linux for calculating a cryptographic hash of data bytes truncate the hashed data if it exceeds 4GB. This leads to an integer wrap-around if the data is larger than the maximum unsigned integer value (32-bit). Attackers…
- risk 0.51cvss 7.8epss 0.01
A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\ProgramData) to permit execution of…
- risk 0.51cvss 7.8epss 0.00
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e02c. NOTE: the vendor reported that they "have not been able…
- risk 0.51cvss 7.8epss 0.00
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e000. NOTE: the vendor reported that they "have not been able…
- risk 0.51cvss 7.8epss 0.00
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e018. NOTE: the vendor reported that they "have not been able…
- risk 0.51cvss 7.8epss 0.00
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40E020. NOTE: the vendor reported that they "have not been able…
- risk 0.51cvss 7.8epss 0.00
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40E024. NOTE: the vendor reported that they "have not been able…
- risk 0.51cvss 7.8epss 0.00
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e014. NOTE: the vendor reported that they "have not been able…
- risk 0.51cvss 7.8epss 0.00
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e004. NOTE: the vendor reported that they "have not been able…
- risk 0.51cvss 7.8epss 0.00
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e008. NOTE: the vendor reported that they "have not been able…
- risk 0.51cvss 7.8epss 0.00
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e010. NOTE: the vendor reported that they "have not been able…
- risk 0.49cvss 7.5epss 0.00
An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later). There is a Heap buffer overflow in various buffer encryption utilities.
- risk 0.49cvss 7.5epss 0.00
An issue was discovered in Malwarebytes before 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). Out-of-bound reads in strings detection utilities lead to system crashes.
- risk 0.42cvss 6.5epss 0.00
An issue was discovered in Malwarebytes before 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). There is a Race condition that leads to code execution because of a lack of locks between file verification and execution.
- risk 0.42cvss 6.5epss 0.00
An issue was discovered in Malwarebytes 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). A Stack buffer out-of-bounds access exists because of an integer underflow when handling newline characters.
- risk 0.40cvss 6.2epss 0.00
An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later). A large number of Firefox preference files can cause the parser to ignore other browser configuration files, leading to a denial of service.
- risk 0.34cvss 5.3epss 0.00
In Malwarebytes For Teams v.1.0.990 and before and fixed in v.1.0.1003 and later a privilege escalation can occur via the COM interface running in mbamservice.exe.
- risk 0.34cvss 5.2epss 0.00
An issue was discovered in Malwarebytes 4.6.14.326 and before and 5.1.5.116 and before (and Nebula 2020-10-21 and later). An Out of bounds read in several disassembling utilities causes stability issues and denial of service.
- risk 0.29cvss 4.5epss 0.00
In Malwarebytes Binisoft Windows Firewall Control before 6.16.0.0, the installer is vulnerable to local privilege escalation.
- risk 0.21cvss 3.3epss 0.00
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e00c. NOTE: the vendor reported that they "have not been able…
- CVE-2014-4936Dec 16, 2014risk 0.04cvss —epss 0.17
The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE) consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable.
- CVE-2014-100039Jan 13, 2015risk 0.03cvss —epss 0.01
mbae.sys in Malwarebytes Anti-Exploit before 1.05.1.2014 allows local users to cause a denial of service (crash) via a crafted size in an unspecified IOCTL call, which triggers an out-of-bounds read. NOTE: some of these details are obtained from third party information.
- CVE-2022-50971Jun 19, 2026risk 0.00cvss —epss 0.00
Malwarebytes 4.5 contains an unquoted service path vulnerability in the MBAMService executable that allows local attackers to escalate privileges by injecting malicious code into the system root path. Attackers can place executable files in unquoted path directories that execute…
- CVE-2023-29144Dec 12, 2025risk 0.00cvss —epss 0.00
Malwarebytes 1.0.14 for Linux doesn't properly compute signatures in some scenarios. This allows a bypass of detection.
- CVE-2024-6260Nov 22, 2024risk 0.00cvss —epss 0.00
Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalware. An attacker must first obtain the ability to execute low-privileged code on…
- CVE-2024-25089Feb 4, 2024risk 0.00cvss —epss 0.02
Malwarebytes Binisoft Windows Firewall Control before 6.9.9.2 allows remote attackers to execute arbitrary code via gRPC named pipes.
- CVE-2023-27469Jun 30, 2023risk 0.00cvss —epss 0.00
Malwarebytes Anti-Exploit 4.4.0.220 is vulnerable to arbitrary file deletion and denial of service via an ALPC message in which FullFileNamePath lacks a '\0' character.
- CVE-2023-29145Jun 30, 2023risk 0.00cvss —epss 0.00
The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD_LIBRARY_PATH, set LD_PRELOAD, or run an executable file in a debugger.
- CVE-2023-36631Jun 26, 2023risk 0.00cvss —epss 0.01
Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Firewall Control 6.9.2.0 allows local unprivileged users to bypass Windows Firewall restrictions via the user interface's rules tab. NOTE: the vendor's perspective is "this is intended behavior as the application…
- CVE-2023-28892Mar 29, 2023risk 0.00cvss —epss 0.00
Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete operation on C:\AdwCleaner\Logs\AdwCleaner_Debug.log in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link.
- CVE-2023-26088Mar 23, 2023risk 0.00cvss —epss 0.00
In Malwarebytes before 4.5.23, a symbolic link may be used delete any arbitrary file on the system by exploiting the local quarantine system. It can also lead to privilege escalation in certain scenarios.
- CVE-2022-25150Feb 14, 2022risk 0.00cvss —epss 0.00
In Malwarebytes Binisoft Windows Firewall Control before 6.8.1.0, programs executed from the Tools tab can be used to escalate privileges.
- CVE-2020-25533Jan 15, 2021risk 0.00cvss —epss 0.00
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An…
- CVE-2020-28641Dec 22, 2020risk 0.00cvss —epss 0.01
In Malwarebytes Free 4.1.0.56, a symbolic link may be used delete an arbitrary file on the system by exploiting the local quarantine system.
- CVE-2020-11507Apr 6, 2020risk 0.00cvss —epss 0.01
An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner 8.0.3 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded.
- CVE-2019-19929Dec 23, 2019risk 0.00cvss —epss 0.01
An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner before 8.0.1 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded by the product.
- CVE-2019-6739Jun 3, 2019risk 0.00cvss —epss 0.10
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Malwarebytes Antimalware 3.6.1.2711. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. There is an issue with the way…