VYPR

Vendor CVEs

Malwarebytes

All CVEs

38 total · sorted by risk
  • CVE-2025-67905HigFeb 17, 2026
    risk 0.57cvss 8.7epss 0.00

    Malwarebytes AdwCleaner before v.8.7.0 runs as Administrator and performs an insecure log file delete operation in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link, a related issue to CVE-2023-28892.…

  • CVE-2023-29146HigJun 9, 2026
    risk 0.53cvss 8.2epss 0.00

    The utility functions used by Malwarebytes EDR 1.0.11 on Linux for calculating a cryptographic hash of data bytes truncate the hashed data if it exceeds 4GB. This leads to an integer wrap-around if the data is larger than the maximum unsigned integer value (32-bit). Attackers…

  • CVE-2016-10717HigMar 21, 2018
    risk 0.51cvss 7.8epss 0.01

    A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\ProgramData) to permit execution of…

  • CVE-2018-5279HigJan 8, 2018
    risk 0.51cvss 7.8epss 0.00

    In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e02c. NOTE: the vendor reported that they "have not been able…

  • CVE-2018-5277HigJan 8, 2018
    risk 0.51cvss 7.8epss 0.00

    In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e000. NOTE: the vendor reported that they "have not been able…

  • CVE-2018-5276HigJan 8, 2018
    risk 0.51cvss 7.8epss 0.00

    In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e018. NOTE: the vendor reported that they "have not been able…

  • CVE-2018-5275HigJan 8, 2018
    risk 0.51cvss 7.8epss 0.00

    In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40E020. NOTE: the vendor reported that they "have not been able…

  • CVE-2018-5274HigJan 8, 2018
    risk 0.51cvss 7.8epss 0.00

    In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40E024. NOTE: the vendor reported that they "have not been able…

  • CVE-2018-5273HigJan 8, 2018
    risk 0.51cvss 7.8epss 0.00

    In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e014. NOTE: the vendor reported that they "have not been able…

  • CVE-2018-5272HigJan 8, 2018
    risk 0.51cvss 7.8epss 0.00

    In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e004. NOTE: the vendor reported that they "have not been able…

  • CVE-2018-5271HigJan 8, 2018
    risk 0.51cvss 7.8epss 0.00

    In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e008. NOTE: the vendor reported that they "have not been able…

  • CVE-2018-5270HigJan 8, 2018
    risk 0.51cvss 7.8epss 0.00

    In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e010. NOTE: the vendor reported that they "have not been able…

  • CVE-2023-43688HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later). There is a Heap buffer overflow in various buffer encryption utilities.

  • CVE-2023-43692HigAug 14, 2025
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in Malwarebytes before 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). Out-of-bound reads in strings detection utilities lead to system crashes.

  • CVE-2023-43687MedAug 14, 2025
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in Malwarebytes before 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). There is a Race condition that leads to code execution because of a lack of locks between file verification and execution.

  • CVE-2023-43683MedAug 14, 2025
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in Malwarebytes 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). A Stack buffer out-of-bounds access exists because of an integer underflow when handling newline characters.

  • CVE-2023-43686MedJun 9, 2026
    risk 0.40cvss 6.2epss 0.00

    An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later). A large number of Firefox preference files can cause the parser to ignore other browser configuration files, leading to a denial of service.

  • CVE-2021-43768MedOct 24, 2025
    risk 0.34cvss 5.3epss 0.00

    In Malwarebytes For Teams v.1.0.990 and before and fixed in v.1.0.1003 and later a privilege escalation can occur via the COM interface running in mbamservice.exe.

  • CVE-2023-43694MedAug 14, 2025
    risk 0.34cvss 5.2epss 0.00

    An issue was discovered in Malwarebytes 4.6.14.326 and before and 5.1.5.116 and before (and Nebula 2020-10-21 and later). An Out of bounds read in several disassembling utilities causes stability issues and denial of service.

  • CVE-2025-54569MedJul 28, 2025
    risk 0.29cvss 4.5epss 0.00

    In Malwarebytes Binisoft Windows Firewall Control before 6.16.0.0, the installer is vulnerable to local privilege escalation.

  • CVE-2018-5278LowJan 8, 2018
    risk 0.21cvss 3.3epss 0.00

    In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e00c. NOTE: the vendor reported that they "have not been able…

  • CVE-2014-4936Dec 16, 2014
    risk 0.04cvss epss 0.17

    The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE) consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable.

  • CVE-2014-100039Jan 13, 2015
    risk 0.03cvss epss 0.01

    mbae.sys in Malwarebytes Anti-Exploit before 1.05.1.2014 allows local users to cause a denial of service (crash) via a crafted size in an unspecified IOCTL call, which triggers an out-of-bounds read. NOTE: some of these details are obtained from third party information.

  • CVE-2022-50971Jun 19, 2026
    risk 0.00cvss epss 0.00

    Malwarebytes 4.5 contains an unquoted service path vulnerability in the MBAMService executable that allows local attackers to escalate privileges by injecting malicious code into the system root path. Attackers can place executable files in unquoted path directories that execute…

  • CVE-2023-29144Dec 12, 2025
    risk 0.00cvss epss 0.00

    Malwarebytes 1.0.14 for Linux doesn't properly compute signatures in some scenarios. This allows a bypass of detection.

  • CVE-2024-6260Nov 22, 2024
    risk 0.00cvss epss 0.00

    Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalware. An attacker must first obtain the ability to execute low-privileged code on…

  • CVE-2024-25089Feb 4, 2024
    risk 0.00cvss epss 0.02

    Malwarebytes Binisoft Windows Firewall Control before 6.9.9.2 allows remote attackers to execute arbitrary code via gRPC named pipes.

  • CVE-2023-27469Jun 30, 2023
    risk 0.00cvss epss 0.00

    Malwarebytes Anti-Exploit 4.4.0.220 is vulnerable to arbitrary file deletion and denial of service via an ALPC message in which FullFileNamePath lacks a '\0' character.

  • CVE-2023-29145Jun 30, 2023
    risk 0.00cvss epss 0.00

    The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD_LIBRARY_PATH, set LD_PRELOAD, or run an executable file in a debugger.

  • CVE-2023-36631Jun 26, 2023
    risk 0.00cvss epss 0.01

    Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Firewall Control 6.9.2.0 allows local unprivileged users to bypass Windows Firewall restrictions via the user interface's rules tab. NOTE: the vendor's perspective is "this is intended behavior as the application…

  • CVE-2023-28892Mar 29, 2023
    risk 0.00cvss epss 0.00

    Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete operation on C:\AdwCleaner\Logs\AdwCleaner_Debug.log in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link.

  • CVE-2023-26088Mar 23, 2023
    risk 0.00cvss epss 0.00

    In Malwarebytes before 4.5.23, a symbolic link may be used delete any arbitrary file on the system by exploiting the local quarantine system. It can also lead to privilege escalation in certain scenarios.

  • CVE-2022-25150Feb 14, 2022
    risk 0.00cvss epss 0.00

    In Malwarebytes Binisoft Windows Firewall Control before 6.8.1.0, programs executed from the Tools tab can be used to escalate privileges.

  • CVE-2020-25533Jan 15, 2021
    risk 0.00cvss epss 0.00

    An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An…

  • CVE-2020-28641Dec 22, 2020
    risk 0.00cvss epss 0.01

    In Malwarebytes Free 4.1.0.56, a symbolic link may be used delete an arbitrary file on the system by exploiting the local quarantine system.

  • CVE-2020-11507Apr 6, 2020
    risk 0.00cvss epss 0.01

    An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner 8.0.3 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded.

  • CVE-2019-19929Dec 23, 2019
    risk 0.00cvss epss 0.01

    An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner before 8.0.1 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded by the product.

  • CVE-2019-6739Jun 3, 2019
    risk 0.00cvss epss 0.10

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Malwarebytes Antimalware 3.6.1.2711. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. There is an issue with the way…