CVE-2025-7073

< 27.0.47.241

A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privileged atta

7.8HIGH

CVE-2025-2244

< 6.41.2-1

A vulnerability in the sendMailFromRemoteSource method in Emails.php as used in Bitdefender GravityZone Console unsafely uses

9.8CRITICAL

CVE-2025-2243

< 6.41.2-1

A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validatio

7.3HIGH

CVE-2023-49570

< 27.0.25.115

A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software trusts a certifi

7.4HIGH

CVE-2023-6058

< 27.0.25.115

A vulnerability has been identified in Bitdefender Safepay's handling of HTTPS connections. The issue arises when the product bloc

6.8MEDIUM

CVE-2023-6057

< 27.0.25.115

A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust

7.4HIGH

CVE-2023-6056

< 27.0.25.115

A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust

7.4HIGH

CVE-2023-6055

< 27.0.25.115

A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software fails to properl

7.4HIGH

CVE-2023-49567

< 27.0.25.115

A vulnerability has been identified in the Bitdefender Total Security HTTPS scanning functionality where the product incorrectly c

6.8MEDIUM

CVE-2024-6980

< 6.38.1-5

A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a ser

9.8CRITICAL

CVE-2024-4177

< 6.38.1-2

A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a serv

8.1HIGH

CVE-2023-6154

all versions

A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender A

7.8HIGH

CVE-2023-3633

< 7.94792

An out-of-bounds write vulnerability in Bitdefender Engines on Windows causes the engine to crash. This issue affects Bitdefende

8.1HIGH

CVE-2022-0357

< 26.0.10.45

Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Inter

6.7MEDIUM

CVE-2022-3369

< 7.92659

An Improper Access Control vulnerability in the bdservicehost.exe component, as used in Bitdefender Engines for Windows, allows an

8.6HIGH

CVE-2022-2830

< 6.27.2-2

Deserialization of Untrusted Data vulnerability in the message processing component of Bitdefender GravityZone Console allows an a

8.8HIGH

CVE-2022-0677

< 26.4-1

Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security

7.5HIGH

CVE-2021-4199

< 26.0.3.29

Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdef

7.8HIGH

CVE-2021-4198

< 26.0.3.29

A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Securi

6.1MEDIUM

CVE-2020-8107

< 24.0.26.136

A Process Control vulnerability in ProductAgentUI.exe as used in Bitdefender Antivirus Plus allows an attacker to tamper with prod

8.2HIGH

CVE-2021-3960

< 3.3.8.272

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitd

7.1HIGH

CVE-2021-3959

< 3.3.8.272

A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows

6.8MEDIUM

CVE-2021-3554

< 6.24.1-1

Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as

9.0CRITICAL

CVE-2021-3553

all versions

A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attack

5.3MEDIUM

CVE-2021-3552

all versions

A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows

5.3MEDIUM

CVE-2021-3641

<= 7.1.2.33

Improper Link Resolution Before File Access ('Link Following') vulnerability in the EPAG component of Bitdefender Endpoint Securit

6.1MEDIUM

CVE-2021-3823

< 3.3.8.249

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitd

7.1HIGH

CVE-2021-3579

< 7.2.1.65

Incorrect Default Permissions vulnerability in the bdservicehost.exe and Vulnerability.Scan.exe components as used in Bitdefender

7.8HIGH

CVE-2021-3576

< 25.0.26

Execution with Unnecessary Privileges vulnerability in Bitdefender Endpoint Security Tools, Total Security allows a local attacker

7.8HIGH

CVE-2020-15732

< 25.0.7.29

Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows

6.5MEDIUM

CVE-2021-3485

< 6.2.21.155

An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint Security Tools for Linux allows a

6.4MEDIUM

CVE-2020-15279

< 6.6.23.320

An Improper Access Control vulnerability in the logging component of Bitdefender Endpoint Security Tools for Windows versions prio

4.0MEDIUM

CVE-2020-15733

< 25.0.7.29

An Origin Validation Error vulnerability in the SafePay component of Bitdefender Antivirus Plus allows a web resource to misrepres

6.5MEDIUM

CVE-2020-8110

<= 7.84897

A vulnerability has been discovered in the ceva_emu.cvd module that results from a lack of proper validation of user-supplied data

5.9MEDIUM

CVE-2020-8109

<= 7.84892

A vulnerability has been discovered in the ace.xmd parser that results from a lack of proper validation of user-supplied data, whi

5.9MEDIUM

CVE-2020-15731

< 7.85448

An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attack

3.2LOW

CVE-2020-8097

< 6.6.18.261

An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK

8.1HIGH

CVE-2020-8100

< 7.84063

Improper Input Validation vulnerability in the cevakrnl.rv0 module as used in the Bitdefender Engines allows an attacker to trigge

9.0CRITICAL

CVE-2020-8093

< 8.0.0

A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library usin

5.3MEDIUM

CVE-2020-8092

< 8.0.0

A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authe

1.6LOW

CVE-2019-17099

< 6.6.11.163

An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6

5.3MEDIUM

CVE-2019-17103

< 8.0.0

An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate

4.9MEDIUM

CVE-2019-14242

< 23.0.24.120

An issue was discovered in Bitdefender products for Windows (Bitdefender Endpoint Security Tool versions prior to 6.6.8.115; and B

6.7MEDIUM

CVE-2017-8931

< 6.2.1-35

Bitdefender GravityZone VMware appliance before 6.2.1-35 might allow attackers to gain access with root privileges via unspecified

9.8CRITICAL

CVE-2018-8955

all versions

The installer for BitDefender GravityZone relies on an encoded string in a filename to determine the URL for installation metadata

9.8CRITICAL

CVE-2018-6183

all versions

BitDefender Total Security 2018 allows local users to gain privileges or cause a denial of service by impersonating all the pipes

7.8HIGH

CVE-2017-10950

all versions

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Bitdefender Total Security 21.0

7.0HIGH

CVE-2017-6186

<= 12.0

Code injection vulnerability in Bitdefender Total Security 12.0 (and earlier), Internet Security 12.0 (and earlier), and Antivirus

6.7MEDIUM

CVE-2014-5350

<= 5.1.5.386

Multiple directory traversal vulnerabilities in Bitdefender GravityZone before 5.1.11.432 allow remote attackers to read arbitrary

CVE-2012-1463

all versions

The ELF file parser in AhnLab V3 Internet Security 2011.01.18.00, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, Command A

CVE-2012-1461

all versions

The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-

CVE-2012-1459

all versions

The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Ant

CVE-2012-1457

all versions

The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-V

CVE-2012-1443

all versions

The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVE

CVE-2012-1431

all versions

The ELF file parser in Bitdefender 7.2, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.

CVE-2012-1430

all versions

The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus

CVE-2009-0850

all versions

Cross-site scripting (XSS) vulnerability in BitDefender Internet Security 2009 allows user-assisted remote attackers to inject arb

CVE-2008-5409

all versions

Unspecified vulnerability in the pdf.xmd module in (1) BitDefender Free Edition 10 and Antivirus Standard 10, (2) BullGuard Intern

CVE-2008-1735

all versions

BitDefender Antivirus 2008 20080118 and earlier allows local users to cause a denial of service (system crash) via an invalid poin

CVE-2007-5775

all versions

Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024.

9.8CRITICAL