Skip to main content

Ultravnc

3 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-4962 MEDIUM POC This Month

UltraVNC versions up to 1.6.4.0 suffer from an uncontrolled search path vulnerability in version.dll loaded by the Service component, enabling local attackers with low privileges to achieve code execution with elevated privileges through DLL hijacking. Publicly available exploit code exists (Google Drive link in references), and the vendor has not responded to disclosure attempts. While the CVSS score is 7.3, exploitation requires local access, high attack complexity, and is considered difficult to execute, tempering immediate risk for most deployments.

Information Disclosure Ultravnc
NVD VulDB
CVSS 4.0
6.4
EPSS
0.0%
CVE-2020-37133 HIGH POC This Week

UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in the Repeater Host configuration field that allows attackers to crash the application. Attackers can paste an overly long string of 300 characters into the Repeater Host property to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Ultravnc
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2020-37132 MEDIUM POC This Month

UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in its password configuration properties that allows local attackers to crash the application. [CVSS 6.2 MEDIUM]

Denial Of Service Ultravnc
NVD Exploit-DB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-4962
EPSS 0% CVSS 6.4
MEDIUM POC This Month

UltraVNC versions up to 1.6.4.0 suffer from an uncontrolled search path vulnerability in version.dll loaded by the Service component, enabling local attackers with low privileges to achieve code execution with elevated privileges through DLL hijacking. Publicly available exploit code exists (Google Drive link in references), and the vendor has not responded to disclosure attempts. While the CVSS score is 7.3, exploitation requires local access, high attack complexity, and is considered difficult to execute, tempering immediate risk for most deployments.

Information Disclosure Ultravnc
NVD VulDB
CVE-2020-37133
EPSS 0% CVSS 7.5
HIGH POC This Week

UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in the Repeater Host configuration field that allows attackers to crash the application. Attackers can paste an overly long string of 300 characters into the Repeater Host property to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Ultravnc
NVD Exploit-DB
CVE-2020-37132
EPSS 0% CVSS 6.2
MEDIUM POC This Month

UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in its password configuration properties that allows local attackers to crash the application. [CVSS 6.2 MEDIUM]

Denial Of Service Ultravnc
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy