Approved changes feed: RSS · Atom

cpe:2.3:a:nomachine:nomachine:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorNomachine (8035bc24-7bca-567f-88f9-ccf3bdd7f249)
ProductNomachine (3a16354b-632c-57c9-adda-529f0a059f6c)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2026-5055 vulnerable 2026-06-08 08:07:02.944015 NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
HIGH (7.8)
NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the NoMachine Device Server. The product loads a library from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-28494.
Published: 2026-04-11T00:14:25.877Z
Updated: 2026-04-14T03:55:48.016Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2026-5054 vulnerable 2026-06-08 08:07:02.943764 NoMachine External Control of File Path Local Privilege Escalation Vulnerability
HIGH (7.8)
NoMachine External Control of File Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of command line parameters. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-28630.
Published: 2026-04-11T00:14:16.658Z
Updated: 2026-04-14T03:55:46.803Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2026-5053 vulnerable 2026-06-08 08:07:02.943373 NoMachine External Control of File Path Arbitrary File Deletion Vulnerability
HIGH (7.1)
NoMachine External Control of File Path Arbitrary File Deletion Vulnerability. This vulnerability allows local attackers to delete arbitrary files on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of environment variables. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of root. Was ZDI-CAN-28644.
Published: 2026-04-11T00:14:07.656Z
Updated: 2026-04-13T16:18:43.447Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-8614 vulnerable 2026-06-08 07:45:20.797687 NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
HIGH (7.8)
NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-26766.
Published: 2025-09-02T19:47:16.828Z
Updated: 2025-09-02T20:35:15.670Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-7253 vulnerable 2026-06-08 06:58:21.624217 NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
HIGH (7.8)
NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within nxnode.exe. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. . Was ZDI-CAN-24039.
Published: 2024-11-22T21:30:47.553Z
Updated: 2024-11-26T16:30:46.189Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-39107 vulnerable 2026-06-08 06:09:35.767645 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-48074 vulnerable 2026-06-08 05:50:41.181803 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-33436 vulnerable 2026-06-08 05:32:11.450423 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2018-6947 vulnerable 2026-06-08 05:11:54.487891 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2018-20029 vulnerable 2026-06-08 05:11:26.579675 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2018-17980 vulnerable 2026-06-08 05:11:07.075731 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-12763 vulnerable 2026-06-08 05:08:47.868464 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.