EUVD-2024-26973

Malicious code in bioql PyPI...

EUVD-2023-43844

Malicious code in bioql PyPI...

EUVD-2024-16149

Malicious code in bioql PyPI...

CVE-2025-2425

CVE-2025-2425 describes a TOCTOU race condition in ESET security software on Windows that could let an attacker clear the content of an arbitrary file via the installed product. The flaw is rooted in a time-check vs. time-use mismatch within ESET components, enabling a local attacker with low pri...

CVE-2025-2425 TOCTOU race condition vulnerability in ESET products on Windows

Time-of-check to time-of-use race condition vulnerability potentially allowed an attacker to use the installed ESET security software to clear the content of an arbitrary file on the file system...

CVE-2025-5028 Arbitrary file deletion vulnerability in ESET product installers

Installation file of ESET security products on Windows allow an attacker to misuse to delete an arbitrary file without having the permissions to do so...

CVE-2021-37850

ESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to the system to stop the ESET daemon, effectively disabling the protection of the ESET security product until a system reboot...

CVE-2020-10180

The ESET AV parsing engine allows virus-detection bypass via a crafted BZ2 Checksum field in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro macOS, Cyber Security macOS, Mobile Security for Android, Smart TV Security,...

Analysis and Exploitation of an ESET Vulnerability

Do we understand the risk vs. benefit trade-offs of security software? Tavis Ormandy, June 2015 Introduction Many antivirus products include emulation capabilities that are intended to allow unpackers to run for a few cycles before signatures are applied. ESET NOD32 uses a minifilter or kext to...