OPSWAT
Products
5- 4 CVEs
- 4 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
10| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-16275 | Hig | 0.51 | 7.8 | 0.01 | Aug 31, 2018 | OPSWAT MetaDefender before v4.11.2 allows CSV injection. | ||
| CVE-2025-0131 | Hig | 0.46 | — | 0.00 | May 14, 2025 | An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT… | ||
| CVE-2024-52925 | Med | 0.44 | 6.8 | 0.00 | Feb 26, 2025 | In OPSWAT MetaDefender Kiosk before 4.7.0, arbitrary code execution can be performed by an attacker via the MD Kiosk Unlock Device feature for software encrypted USB drives. | ||
| CVE-2023-25364 | Med | 0.40 | 6.1 | 0.00 | Mar 27, 2024 | Opswat Metadefender Core before 5.2.1 does not properly defend against potential HTML injection and XSS attacks. | ||
| CVE-2022-32272 | 0.05 | — | 0.09 | Jun 9, 2022 | OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and MetaDefender Email Gateway Security before 5.6.1 have incorrect access control, resulting in privilege escalation. | |||
| CVE-2023-36658 | 0.00 | — | 0.00 | Sep 15, 2023 | An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. It has an unquoted service path that can be abused locally. | |||
| CVE-2023-36657 | 0.00 | — | 0.01 | Sep 15, 2023 | An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Built-in features of Windows (desktop shortcuts, narrator) can be abused for privilege escalation. | |||
| CVE-2023-36659 | 0.00 | — | 0.01 | Sep 15, 2023 | An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Long inputs were not properly processed, which allows remote attackers to cause a denial of service (loss of communication). | |||
| CVE-2022-40778 | 0.00 | — | 0.00 | Sep 19, 2022 | A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response. | |||
| CVE-2022-32273 | 0.00 | — | 0.01 | Jun 8, 2022 | As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core (MDCore) before 5.1.2 could allow an authenticated user to enumerate filenames on the server. |
- risk 0.51cvss 7.8epss 0.01
OPSWAT MetaDefender before v4.11.2 allows CSV injection.
- risk 0.46cvss —epss 0.00
An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT…
- risk 0.44cvss 6.8epss 0.00
In OPSWAT MetaDefender Kiosk before 4.7.0, arbitrary code execution can be performed by an attacker via the MD Kiosk Unlock Device feature for software encrypted USB drives.
- risk 0.40cvss 6.1epss 0.00
Opswat Metadefender Core before 5.2.1 does not properly defend against potential HTML injection and XSS attacks.
- CVE-2022-32272Jun 9, 2022risk 0.05cvss —epss 0.09
OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and MetaDefender Email Gateway Security before 5.6.1 have incorrect access control, resulting in privilege escalation.
- CVE-2023-36658Sep 15, 2023risk 0.00cvss —epss 0.00
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. It has an unquoted service path that can be abused locally.
- CVE-2023-36657Sep 15, 2023risk 0.00cvss —epss 0.01
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Built-in features of Windows (desktop shortcuts, narrator) can be abused for privilege escalation.
- CVE-2023-36659Sep 15, 2023risk 0.00cvss —epss 0.01
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Long inputs were not properly processed, which allows remote attackers to cause a denial of service (loss of communication).
- CVE-2022-40778Sep 19, 2022risk 0.00cvss —epss 0.00
A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response.
- CVE-2022-32273Jun 8, 2022risk 0.00cvss —epss 0.01
As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core (MDCore) before 5.1.2 could allow an authenticated user to enumerate filenames on the server.