totalav CVE Vulnerabilities & Metrics

Focus on totalav vulnerabilities and metrics.

Last updated: 15 Feb 2026, 23:25 UTC

About totalav Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with totalav. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total totalav CVEs: 4
Earliest CVE date: 13 Jul 2018, 17:29 UTC
Latest CVE date: 16 Jan 2026, 00:16 UTC

Latest CVE reference: CVE-2021-47787

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): -100.0%
Year Variation (Calendar): 0.0%

Month Growth Rate (30-day Rolling): -100.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical totalav CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 3.53

Max CVSS: 7.2

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	2
4.0-6.9	1
7.0-8.9	1
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS totalav CVEs

These are the five CVEs with the highest CVSS scores for totalav, sorted by severity first and recency.

CVE-2018-7535 totalav Published on 13 Jul 2018, 17:29 UTC (CVSS: 7.2)
An issue was discovered in TotalAV v4.1.7. An unprivileged user could modify or overwrite all of the product's files because of weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges or obtain maximum control over the product.
CVE-2019-18194 totalav Published on 10 Jan 2020, 18:15 UTC (CVSS: 6.9)
TotalAV 2020 4.14.31 has a quarantine flaw that allows privilege escalation. Exploitation uses an NTFS directory junction to restore a malicious DLL from quarantine into the system32 folder.
CVE-2021-47787 totalav Published on 16 Jan 2026, 00:16 UTC (CVSS: 0)
TotalAV 5.15.69 contains an unquoted service path vulnerability in multiple system services running with LocalSystem privileges. Attackers can place malicious executables in specific unquoted path segments to potentially gain SYSTEM-level access by exploiting the service path configuration.
CVE-2024-31771 totalav Published on 14 May 2024, 15:25 UTC (CVSS: 0)
Insecure Permission vulnerability in TotalAV v.6.0.740 allows a local attacker to escalate privileges via a crafted file

All CVEs for totalav

CVE-2021-47787 totalav vulnerability CVSS: 0 16 Jan 2026, 00:16 UTC

TotalAV 5.15.69 contains an unquoted service path vulnerability in multiple system services running with LocalSystem privileges. Attackers can place malicious executables in specific unquoted path segments to potentially gain SYSTEM-level access by exploiting the service path configuration.

CVE-2024-31771 totalav vulnerability CVSS: 0 14 May 2024, 15:25 UTC

Insecure Permission vulnerability in TotalAV v.6.0.740 allows a local attacker to escalate privileges via a crafted file

CVE-2019-18194 totalav vulnerability CVSS: 6.9 10 Jan 2020, 18:15 UTC

TotalAV 2020 4.14.31 has a quarantine flaw that allows privilege escalation. Exploitation uses an NTFS directory junction to restore a malicious DLL from quarantine into the system32 folder.

CVE-2018-7535 totalav vulnerability CVSS: 7.2 13 Jul 2018, 17:29 UTC

An issue was discovered in TotalAV v4.1.7. An unprivileged user could modify or overwrite all of the product's files because of weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges or obtain maximum control over the product.