957 matches found
CVE-2026-10046
Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the BIOS INT 0x15 / E820 memory map handler, implemented in napoca/guests/bioshandlers.c. The handler computes a destination offset into the guest RealModeMemory buffer from guest-controlled ES and EDI...
CVE-2026-10047
The Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the real-mode hook handler, implemented in napoca/kernel/handler.c. The handler uses a guest-controlled SS:SP-derived offset as an index into the 1MB RealModeMemory buffer without bounds validation. With...
EUVD-2026-33943
Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the BIOS INT 0x15 / E820 memory map handler, implemented in napoca/guests/bioshandlers.c. The handler computes a destination offset into the guest RealModeMemory buffer from guest-controlled ES and EDI...
CVE-2026-10046
Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the BIOS INT 0x15 / E820 memory map handler, implemented in napoca/guests/bioshandlers.c. The handler computes a destination offset into the guest RealModeMemory buffer from guest-controlled ES and EDI...
PT-2026-45766
Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the BIOS INT 0x15 / E820 memory map handler, implemented in napoca/guests/bios handlers.c. The handler computes a destination offset into the guest RealModeMemory buffer from guest-controlled ES and EDI...
Fake Windsurf IDE Extension Uses Solana Blockchain to Steal Developer Data
Cybersecurity researchers at Bitdefender have discovered a malicious Windsurf IDE extension using the Solana blockchain to steal developer credentials...
Can the Security Platform Finally Deliver for the Mid-Market?
Mid-market organizations are constantly striving to achieve security levels on a par with their enterprise peers. With heightened awareness of supply chain attacks, your customers and business partners are defining the security level you must meet. What if you could be the enabler for your...
17% of 3rd-Party Add-Ons for OpenClaw Used in Crypto Theft and macOS Malware
Bitdefender Labs reveals that 17% of OpenClaw AI skills analyzed in February 2026 are malicious. With over 160,000…...
CVE-2018-18058
An issue was discovered in Bitdefender Engines before 7.76662. A vulnerability has been discovered in the iso.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a division-by-zero circumstance. Paired with other vulnerabilities, this can result in...
CVE-2018-18060
An issue was discovered in Bitdefender Engines before 7.76808. A vulnerability has been discovered in the dalvik.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. Paired with other vulnerabilities, this...
CVE-2018-18059
An issue was discovered in Bitdefender Engines before 7.76675. A vulnerability has been discovered in the rar.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. Paired with other vulnerabilities, this can...
CVE-2025-1987
A Cross-Site Scripting XSS vulnerability has been identified in Psono-Client’s handling of vault entries of type websitepassword and bookmark, as used in Bitdefender SecurePass. The client does not properly sanitize the URL field in these entries. As a result, an attacker can craft a malicious...
CVE-2025-7073
A local privilege escalation vulnerability in Bitdefender Total Security 27.0.46.231 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory C:\ProgramData\Atc\Feedback without proper symbolic link validation,...
CVE-2025-7073
A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory C:\ProgramData\Atc\Feedback without proper symbolic...
CVE-2025-7073
A local privilege escalation vulnerability in Bitdefender Total Security 27.0.46.231 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory C:\ProgramData\Atc\Feedback without proper symbolic link validation,...
CVE-2025-7073
CVE-2025-7073 affects Bitdefender Total Security 27.0.46.231. The local privilege escalation stems from bdservicehost.exe deleting files in a user-writable directory (C:\ProgramData\Atc\Feedback) without proper symbolic-link validation. The issue is described as being chained with a file copy ope...
EUVD-2025-202416
A local privilege escalation vulnerability in Bitdefender Total Security 27.0.46.231 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory C:\ProgramData\Atc\Feedback without proper symbolic link validation,...
CVE-2025-7073
A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory C:\ProgramData\Atc\Feedback without proper symbolic...
CVE-2025-7073 Local Privilege Escalation via Arbitrary File Operation in Bitdefender Total Security
A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory C:\ProgramData\Atc\Feedback without proper symbolic...
CVE-2025-7073 Local Privilege Escalation via Arbitrary File Operation in Bitdefender Total Security
A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory C:\ProgramData\Atc\Feedback without proper symbolic...