threat
engine
.sh
Back
·
··:··
Home
/
Product
/
nomachine
Product
nomachine
25 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-5055
< 9.4.14
NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to
7.8
HIGH
CVE-2026-5054
< 9.4.14
NoMachine External Control of File Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to esc
7.8
HIGH
CVE-2026-5053
< 9.4.14
NoMachine External Control of File Path Arbitrary File Deletion Vulnerability. This vulnerability allows local attackers to delete
7.1
HIGH
CVE-2025-8614
< 8.17.2
NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to
7.8
HIGH
CVE-2024-7253
>= 7.0 and < 7.15.6
NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to
7.8
HIGH
CVE-2023-39107
< 8.8.1
An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers
9.1
CRITICAL
CVE-2022-48074
< 8.2.3
An issue in NoMachine before v8.2.3 allows attackers to execute arbitrary commands via a crafted .nxs file.
5.3
MEDIUM
CVE-2022-34043
all versions
Incorrect permissions for the folder C:\ProgramData\NoMachine\var\uninstall of Nomachine v7.9.2 allows attackers to perform a DLL
7.3
HIGH
CVE-2021-33436
>= 6.0.0 and < 6.15.1
NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading
7.3
HIGH
CVE-2021-42986
> 4.0.346 and < 7.7.4
NoMachine Enterprise Client is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Client above 4.0.3
8.8
HIGH
CVE-2021-42983
> 4.0.346 and < 7.7.4
NoMachine Enterprise Client is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Client above 4.0.34
8.8
HIGH
CVE-2021-42980
> 4.0.346 and < 7.7.4
NoMachine Cloud Server is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine Cloud Server above 4.0.346 and belo
8.8
HIGH
CVE-2021-42979
> 4.0.346 and < 7.7.4
NoMachine Cloud Server is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Cloud Server above 4.0.346 and bel
8.8
HIGH
CVE-2021-42977
> 4.0.346 and < 7.7.4
NoMachine Enterprise Desktop is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Desktop above 4.0
8.8
HIGH
CVE-2021-42976
> 4.0.346 and < 7.7.4
NoMachine Enterprise Desktop is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Desktop above 4.0.
8.8
HIGH
CVE-2021-42973
> 4.0.346 and < 7.7.4
NoMachine Server is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Server above 4.0.346 and below 7.7.4 all
8.8
HIGH
CVE-2021-42972
> 4.0.346 and < 7.7.4
NoMachine Server is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine Server above 4.0.346 and below 7.7.4 allo
8.8
HIGH
CVE-2018-20029
< 6.4.6
The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6.4.6 on Windows 10 allows local users to cause a denial of s
5.5
MEDIUM
CVE-2018-17980
< 5.3.27
NoMachine before 5.3.27 and 6.x before 6.3.6 allows attackers to gain privileges via a Trojan horse wintab32.dll file located in t
7.8
HIGH
CVE-2018-0664
<= 5.0.63
A vulnerability in NoMachine App for Android 5.0.63 and earlier allows attackers to alter environment variables via unspecified ve
9.8
CRITICAL
CVE-2018-6947
<= 6.0.66_2
An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0
7.8
HIGH
CVE-2017-12763
<= 5.3.9
An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by ga
8.8
HIGH
CVE-2012-5003
<= 3.5.0-2
nxapplet.jar in No Machine NX Web Companion 3.x and earlier does not properly verify the authenticity of updates, which allows use
CVE-2011-3977
all versions
Unspecified vulnerability in nxconfigure.sh in NoMachine NX Node 3.x before 3.5.0-4 and NX Server 3.x before 3.5.0-5 allows local
CVE-2007-0625
<= 2.1.0_17
nxconfigure.sh in NoMachine NX Server before 2.1.0-18 does not validate the invoking user, which allows local users to modify serv
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin