VYPR
Vendor

OPSWAT

Products
5
CVEs
10
Across products
12
Status
Private

Products

5

Recent CVEs

10
  • CVE-2018-16275HigAug 31, 2018
    risk 0.51cvss 7.8epss 0.01

    OPSWAT MetaDefender before v4.11.2 allows CSV injection.

  • CVE-2025-0131HigMay 14, 2025
    risk 0.46cvss epss 0.00

    An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT…

  • CVE-2024-52925MedFeb 26, 2025
    risk 0.44cvss 6.8epss 0.00

    In OPSWAT MetaDefender Kiosk before 4.7.0, arbitrary code execution can be performed by an attacker via the MD Kiosk Unlock Device feature for software encrypted USB drives.

  • CVE-2023-25364MedMar 27, 2024
    risk 0.40cvss 6.1epss 0.00

    Opswat Metadefender Core before 5.2.1 does not properly defend against potential HTML injection and XSS attacks.

  • CVE-2022-32272Jun 9, 2022
    risk 0.05cvss epss 0.09

    OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and MetaDefender Email Gateway Security before 5.6.1 have incorrect access control, resulting in privilege escalation.

  • CVE-2023-36658Sep 15, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. It has an unquoted service path that can be abused locally.

  • CVE-2023-36657Sep 15, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Built-in features of Windows (desktop shortcuts, narrator) can be abused for privilege escalation.

  • CVE-2023-36659Sep 15, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Long inputs were not properly processed, which allows remote attackers to cause a denial of service (loss of communication).

  • CVE-2022-40778Sep 19, 2022
    risk 0.00cvss epss 0.00

    A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response.

  • CVE-2022-32273Jun 8, 2022
    risk 0.00cvss epss 0.01

    As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core (MDCore) before 5.1.2 could allow an authenticated user to enumerate filenames on the server.