EUVD-2016-10907

AnyDesk 2.5.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation. Attackers can insert malicious executables in the system root path that execute with elevated privileges during applicatio...

CVE-2025-34499 AnyDesk 9.0.1 Unquoted Service Path Privilege Escalation Vulnerability

AnyDesk 7.0.15 and 9.0.1 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted service path configuration to inject malicious executables that will be run with high-lev...

EUVD-2025-38149

An issue was discovered in AnyDesk through 9.0.4. A remotely connected user with the "Control my device" permission can manipulate remote AnyDesk settings and create a password for the Full Access profile without needing confirmation from the counterparty. Consequently, the attacker can later...

PT-2025-45346

Name of the Vulnerable Software and Affected Versions AnyDesk versions prior to 9.0.0 Description An issue exists where an integer overflow can lead to a heap-based buffer overflow. This occurs through the processing of a UDP packet, specifically during the handling of an Identity user image with...

CVE-2025-27919

CVE-2025-27919 affects AnyDesk up to version 9.0.4. A remote user with the 'Control my device' permission can modify remote AnyDesk settings and create a password for the Full Access profile without counterparty confirmation, enabling later connections without confirmation. Impact per sources: co...

CVE-2025-27918

An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and AnyDesk for Android before 8.0.0. It has an integer overflow and resultant heap-based buffer overflow via a UDP packet during processing o...

EUVD-2024-51089

Malicious code in bioql PyPI...

EUVD-2023-30308

Malicious code in bioql PyPI...

EUVD-2021-28010

Malicious code in bioql PyPI...

EUVD-2021-31266

Malicious code in bioql PyPI...

EUVD-2021-31267

Malicious code in bioql PyPI...

CVE-2020-35483

AnyDesk before 6.1.0 on Windows, when run in portable mode on a system where the attacker has write access to the application directory, allows this attacker to compromise a local user account via a read-only setting for a Trojan horse gcapi.dll file...

PT-2025-15095 · Anydesk · Anydesk

Name of the Vulnerable Software and Affected Versions: AnyDesk affected versions not specified Description: The issue concerns a remote code execution RCE proof of concept PoC related to AnyDesk. Recommendations: At the moment, there is no information about a newer version that contains a fix for...

PT-2025-15093

Name of the Vulnerable Software and Affected Versions AnyDesk affected versions not specified Description The issue concerns a remote code execution RCE exploit. Technical details include the use of a vxproj file, conversion to vbs and then to ps1 PowerShell script, and involvement of an asar fil...

The vulnerability of AnyDesk’s remote access and management software lies in the improper definition of symbolic links before accessing files. This allows attackers to disclose sensitive information that should be protected.

The vulnerability of AnyDesk remote access and management software is related to the improper definition of symbolic links before accessing files. Exploiting this vulnerability can allow attackers to disclose protected information...

CVE-2024-12754

AnyDesk Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

CVE-2024-12754 AnyDesk Link Following Information Disclosure Vulnerability

AnyDesk Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

AnyDesk Link Following Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...

CVE-2021-44426

An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5. An upload of an arbitrary file to a victim's local /Downloads/ directory is possible if the victim is using the AnyDesk Windows client to connect to a remote machine, if an attacker is also connected remotely with AnyDesk to...

CVE-2021-44426

An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5. An upload of an arbitrary file to a victim's local /Downloads/ directory is possible if the victim is using the AnyDesk Windows client to connect to a remote machine, if an attacker is also connected remotely with AnyDesk to...