Totalav: >> Totalav Security Vulnerabilities
TotalAV 5.15.69 contains an unquoted service path vulnerability in multiple system services running with LocalSystem privileges. Attackers can place malicious executables in specific unquoted path segments to potentially gain SYSTEM-level access by exploiting the service path configuration.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-01-16
Insecure Permission vulnerability in TotalAV v.6.0.740 allows a local attacker to escalate privileges via a crafted file
CVSS Score
7.8
EPSS Score
0.03
Published
2024-05-14
An issue was discovered in TotalAV v4.1.7. An unprivileged user could modify or overwrite all of the product's files because of weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges or obtain maximum control over the product.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-07-13