| ZDI-25-984 |
ZDI-CAN-26635 |
Alibaba |
|
7.3 |
2025-10-30 |
2025-10-30 |
Alibaba Cloud Workspace Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
| ZDI-25-983 |
ZDI-CAN-27913 |
evernote-mcp-server |
CVE-2025-12489 |
7.8 |
2025-10-30 |
2025-10-30 |
evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability |
| ZDI-25-982 |
ZDI-CAN-26681 |
oobabooga |
CVE-2025-12487 |
9.8 |
2025-10-30 |
2025-10-30 |
oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability |
| ZDI-25-981 |
ZDI-CAN-26680 |
oobabooga |
CVE-2025-12488 |
9.8 |
2025-10-30 |
2025-10-30 |
oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability |
| ZDI-25-980 |
ZDI-CAN-24755 |
Heimdall Data |
CVE-2025-12486 |
8.8 |
2025-10-30 |
2025-10-30 |
Heimdall Data Database Proxy Cross-Site Scripting Remote Code Execution Vulnerability |
| ZDI-25-979 |
ZDI-CAN-28085 |
Netgate |
CVE-2025-12490 |
8.8 |
2025-10-30 |
2025-10-30 |
Netgate pfSense CE Suricata Path Traversal Remote Code Execution Vulnerability |
| ZDI-25-978 |
ZDI-CAN-27823 |
GIMP |
CVE-2025-10934 |
7.8 |
2025-10-29 |
2025-10-29 |
GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-977 |
ZDI-CAN-27086 |
Delta Electronics |
CVE-2025-62579 |
7.8 |
2025-10-29 |
2025-10-29 |
Delta Electronics ASDA-Soft PAR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-976 |
ZDI-CAN-27128 |
Delta Electronics |
CVE-2025-62580 |
7.8 |
2025-10-29 |
2025-10-29 |
Delta Electronics ASDA-Soft PAR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-975 |
ZDI-CAN-27560 |
X.Org |
CVE-2025-62231 |
7.8 |
2025-10-29 |
2025-10-29 |
X.Org Server XkbSetCompatMap Numeric Truncation Error Privilege Escalation Vulnerability |
| ZDI-25-974 |
ZDI-CAN-27545 |
X.Org |
CVE-2025-62230 |
7.8 |
2025-10-29 |
2025-10-29 |
X.Org Server XkbRemoveResourceClient Use-After-Free Privilege Escalation Vulnerability |
| ZDI-25-973 |
ZDI-CAN-27238 |
X.Org |
CVE-2025-62229 |
7.8 |
2025-10-29 |
2025-10-29 |
X.Org Server present_create_notifies Use-After-Free Privilege Escalation Vulnerability |
| ZDI-25-972 |
ZDI-CAN-27830 |
Krita |
CVE-2025-59820 |
7.8 |
2025-10-27 |
2025-10-27 |
Krita TGA File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-971 |
ZDI-CAN-26677 |
Delta Electronics |
CVE-2025-59298 |
7.8 |
2025-10-27 |
2025-10-27 |
Delta Electronics DIAScreen DPA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-970 |
ZDI-CAN-26683 |
Delta Electronics |
CVE-2025-59299 |
7.8 |
2025-10-27 |
2025-10-27 |
Delta Electronics DIAScreen DPA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-969 |
ZDI-CAN-26672 |
Delta Electronics |
CVE-2025-59297 |
7.8 |
2025-10-27 |
2025-10-27 |
Delta Electronics DIAScreen DPA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-968 |
ZDI-CAN-26687 |
Delta Electronics |
CVE-2025-59300 |
7.8 |
2025-10-27 |
2025-10-27 |
Delta Electronics DIAScreen DPA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-967 |
ZDI-CAN-25407 |
Delta Electronics |
CVE-2025-58319 |
7.8 |
2025-10-27 |
2025-10-27 |
Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-966 |
ZDI-CAN-27536 |
Cisco |
CVE-2025-20359 |
6.5 |
2025-10-27 |
2025-10-27 |
Cisco Snort process_mime_body Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-965 |
ZDI-CAN-27165 |
DataChain |
CVE-2025-61677 |
8.8 |
2025-10-27 |
2025-10-27 |
DataChain data_storage Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-964 |
ZDI-CAN-28057 |
Microsoft |
CVE-2025-50154 |
3.3 |
2025-10-27 |
2025-10-27 |
Microsoft Windows LNK File Parsing Improper Input Validation NTLM Relay Vulnerability |
| ZDI-25-963 |
ZDI-CAN-27061 |
Veeam |
CVE-2025-48982 |
7.3 |
2025-10-27 |
2025-10-27 |
Veeam Agent for Microsoft Windows Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-962 |
ZDI-CAN-27895 |
Oracle |
CVE-2025-62589 |
8.2 |
2025-10-27 |
2025-10-27 |
Oracle VirtualBox VMSVGA Integer Overflow Local Privilege Escalation Vulnerability |
| ZDI-25-961 |
ZDI-CAN-27933 |
Oracle |
CVE-2025-62641 |
8.2 |
2025-10-27 |
2025-10-27 |
Oracle VirtualBox USB Use-After-Free Local Privilege Escalation Vulnerability |
| ZDI-25-960 |
ZDI-CAN-27924 |
Oracle |
CVE-2025-62590 |
8.2 |
2025-10-27 |
2025-10-27 |
Oracle VirtualBox VMSVGA Stack-based Buffer Overflow Local Privilege Escalation Vulnerability |
| ZDI-25-959 |
ZDI-CAN-27890 |
Oracle |
CVE-2025-62588 |
8.2 |
2025-10-27 |
2025-10-27 |
Oracle VirtualBox VMSVGA Integer Underflow Local Privilege Escalation Vulnerability |
| ZDI-25-958 |
ZDI-CAN-27871 |
Oracle |
CVE-2025-62591 |
6.0 |
2025-10-27 |
2025-10-27 |
Oracle VirtualBox VMSVGA Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-957 |
ZDI-CAN-27241 |
Oracle |
CVE-2025-61759 |
6.5 |
2025-10-27 |
2025-10-27 |
Oracle VirtualBox Virtio-net Uninitialized Memory Information Disclosure Vulnerability |
| ZDI-25-956 |
ZDI-CAN-26631 |
Ashlar-Vellum |
CVE-2025-11465 |
7.8 |
2025-10-16 |
2025-10-16 |
(0Day) Ashlar-Vellum Cobalt CO File Parsing Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-955 |
ZDI-CAN-26628 |
Ashlar-Vellum |
CVE-2025-11464 |
7.8 |
2025-10-16 |
2025-10-16 |
(0Day) Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-954 |
ZDI-CAN-26626 |
Ashlar-Vellum |
CVE-2025-11463 |
7.8 |
2025-10-16 |
2025-10-16 |
(0Day) Ashlar-Vellum Cobalt XE File Parsing Integer Overflow Remote Code Execution Vulnerability |
| ZDI-25-953 |
ZDI-CAN-27289 |
Microsoft |
CVE-2025-59284 |
3.3 |
2025-10-14 |
2025-10-14 |
Microsoft Windows TAR File Parsing NTLM Relay Vulnerability |
| ZDI-25-952 |
ZDI-CAN-26912 |
Ivanti |
CVE-2025-9872 |
8.8 |
2025-10-10 |
2025-10-10 |
Ivanti Endpoint Manager UniqueFilename Unrestricted File Upload Remote Code Execution Vulnerability |
| ZDI-25-951 |
ZDI-CAN-27136 |
Allegra |
CVE-2025-11466 |
4.9 |
2025-10-08 |
2025-10-08 |
Allegra DatabaseBackupBL Directory Traversal Information Disclosure Vulnerability |
| ZDI-25-950 |
ZDI-CAN-26743 |
7-Zip |
CVE-2025-11002 |
7.0 |
2025-10-07 |
2025-10-07 |
7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-949 |
ZDI-CAN-26753 |
7-Zip |
CVE-2025-11001 |
7.0 |
2025-10-07 |
2025-10-07 |
7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-948 |
ZDI-CAN-27130 |
Jaspersoft |
CVE-2025-10492 |
7.2 |
2025-10-07 |
2025-10-07 |
Jaspersoft Jasper Reports JRLoader Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-947 |
ZDI-CAN-25369 |
Ivanti |
CVE-2025-11622 |
7.8 |
2025-10-07 |
2025-10-16 |
(0Day) Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Local Privilege Escalation Vulnerability |
| ZDI-25-946 |
ZDI-CAN-26859 |
Ivanti |
CVE-2025-62386 |
7.2 |
2025-10-07 |
2025-10-16 |
(0Day) Ivanti Endpoint Manager Report_RunPatch SQL Injection Remote Code Execution Vulnerability |
| ZDI-25-945 |
ZDI-CAN-26857 |
Ivanti |
CVE-2025-62384 |
7.2 |
2025-10-07 |
2025-10-16 |
(0Day) Ivanti Endpoint Manager MP_Report_Run2 SQL Injection Remote Code Execution Vulnerability |
| ZDI-25-944 |
ZDI-CAN-26866 |
Ivanti |
CVE-2025-62392 |
7.2 |
2025-10-07 |
2025-10-16 |
(0Day) Ivanti Endpoint Manager DBDR SQL Injection Remote Code Execution Vulnerability |
| ZDI-25-943 |
ZDI-CAN-26865 |
Ivanti |
CVE-2025-62391 |
7.2 |
2025-10-07 |
2025-10-16 |
(0Day) Ivanti Endpoint Manager PatchHistory SQL Injection Remote Code Execution Vulnerability |
| ZDI-25-942 |
ZDI-CAN-26864 |
Ivanti |
CVE-2025-62390 |
7.2 |
2025-10-07 |
2025-10-16 |
(0Day) Ivanti Endpoint Manager MP_QueryDetail2 SQL Injection Remote Code Execution Vulnerability |
| ZDI-25-941 |
ZDI-CAN-26862 |
Ivanti |
CVE-2025-62389 |
7.2 |
2025-10-07 |
2025-10-16 |
(0Day) Ivanti Endpoint Manager GetCountForQuery SQL Injection Remote Code Execution Vulnerability |
| ZDI-25-940 |
ZDI-CAN-26861 |
Ivanti |
CVE-2025-62388 |
7.2 |
2025-10-07 |
2025-10-16 |
(0Day) Ivanti Endpoint Manager MP_QueryDetail SQL Injection Remote Code Execution Vulnerability |
| ZDI-25-939 |
ZDI-CAN-26860 |
Ivanti |
CVE-2025-62387 |
7.2 |
2025-10-07 |
2025-10-16 |
(0Day) Ivanti Endpoint Manager MP_VistaReport SQL Injection Remote Code Execution Vulnerability |
| ZDI-25-938 |
ZDI-CAN-26858 |
Ivanti |
CVE-2025-62385 |
7.2 |
2025-10-07 |
2025-10-16 |
(0Day) Ivanti Endpoint Manager Report_RunPatch SQL Injection Remote Code Execution Vulnerability |
| ZDI-25-937 |
ZDI-CAN-26856 |
Ivanti |
CVE-2025-62383 |
7.2 |
2025-10-07 |
2025-10-16 |
(0Day) Ivanti Endpoint Manager Report_Run SQL Injection Remote Code Execution Vulnerability |
| ZDI-25-936 |
ZDI-CAN-26855 |
Ivanti |
CVE-2025-11623 |
7.2 |
2025-10-07 |
2025-10-16 |
(0Day) Ivanti Endpoint Manager Report_Run2 SQL Injection Remote Code Execution Vulnerability |
| ZDI-25-935 |
ZDI-CAN-26834 |
Ivanti |
CVE-2025-9713 |
8.8 |
2025-10-07 |
2025-10-16 |
(0Day) Ivanti Endpoint Manager OnSaveToDB Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-934 |
ZDI-CAN-26144 |
MindManager |
|
7.8 |
2025-10-07 |
2025-10-07 |
MindManager Attachment Insufficient UI Warning Remote Code Execution Vulnerability |
| ZDI-25-933 |
ZDI-CAN-27195 |
Redis |
CVE-2025-49844 |
9.8 |
2025-10-06 |
2025-10-06 |
(Pwn2Own) Redis Lua Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-932 |
ZDI-CAN-26916 |
MLflow |
CVE-2025-11200 |
8.1 |
2025-10-03 |
2025-10-03 |
MLflow Weak Password Requirements Authentication Bypass Vulnerability |
| ZDI-25-931 |
ZDI-CAN-26921 |
MLflow |
CVE-2025-11201 |
8.1 |
2025-10-03 |
2025-10-03 |
MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-930 |
ZDI-CAN-27787 |
win-cli-mcp-server |
CVE-2025-11202 |
9.8 |
2025-10-03 |
2025-10-03 |
win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability |
| ZDI-25-929 |
ZDI-CAN-26585 |
LiteLLM |
CVE-2025-11203 |
3.5 |
2025-10-03 |
2025-10-03 |
LiteLLM Information health API_KEY Information Disclosure Vulnerability |
| ZDI-25-928 |
ZDI-CAN-26824 |
Delta Electronics |
CVE-2025-57704 |
5.5 |
2025-10-01 |
2025-10-01 |
Delta Electronics EIP Builder EIP File Parsing XML External Entity Processing Information Disclosure Vulnerability |
| ZDI-25-927 |
ZDI-CAN-26843 |
Delta Electronics |
CVE-2025-58320 |
7.3 |
2025-10-01 |
2025-10-01 |
Delta Electronics DIALink Directory Traversal Authentication Bypass Vulnerability |
| ZDI-25-926 |
ZDI-CAN-26827 |
Delta Electronics |
CVE-2025-58321 |
10.0 |
2025-10-01 |
2025-10-01 |
Delta Electronics DIALink Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-925 |
ZDI-CAN-23861 |
Viessmann |
CVE-2025-9494 |
6.8 |
2025-10-01 |
2025-10-01 |
Viessmann Vitogate 300 BN/MB vitogate.cgi form-0-2 Command Injection Remote Code Execution Vulnerability |
| ZDI-25-924 |
ZDI-CAN-26504 |
Fuji Electric |
CVE-2025-9365 |
7.8 |
2025-10-01 |
2025-10-01 |
Fuji Electric FRENIC-Loader 4 EXTBM File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-923 |
ZDI-CAN-26503 |
Fuji Electric |
CVE-2025-9365 |
7.8 |
2025-10-01 |
2025-10-01 |
Fuji Electric FRENIC-Loader 4 EXRTM File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-922 |
ZDI-CAN-26833 |
Ivanti |
CVE-2025-9712 |
8.8 |
2025-09-30 |
2025-09-30 |
Ivanti Endpoint Manager EFile Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-921 |
ZDI-CAN-26375 |
Razer |
CVE-2025-9870 |
7.8 |
2025-09-30 |
2025-09-30 |
Razer Synapse 3 RazerPhilipsHueUninstall Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-920 |
ZDI-CAN-26373 |
Razer |
CVE-2025-9871 |
7.8 |
2025-09-30 |
2025-09-30 |
Razer Synapse 3 Chroma Connect Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-919 |
ZDI-CAN-26374 |
Razer |
CVE-2025-9869 |
7.8 |
2025-09-30 |
2025-09-30 |
Razer Synapse 3 Macro Module Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-918 |
ZDI-CAN-27382 |
Fortinet |
CVE-2025-53609 |
4.9 |
2025-09-26 |
2025-10-06 |
Fortinet FortiWeb _cmf_get_config_file_path Directory Traversal Information Disclosure Vulnerability |
| ZDI-25-917 |
ZDI-CAN-27654 |
Linux |
CVE-2025-38562 |
5.3 |
2025-09-24 |
2025-09-24 |
Linux Kernel ksmbd generate_key context.iov_base Null Pointer Dereference Denial-of-Service Vulnerability |
| ZDI-25-916 |
ZDI-CAN-27661 |
Linux |
CVE-2025-38561 |
8.5 |
2025-09-24 |
2025-09-24 |
Linux Kernel ksmbd smb2_sess_setup Preauth_HashValue Race Condition Remote Code Execution Vulnerability |
| ZDI-25-915 |
ZDI-CAN-27561 |
Linux |
CVE-2025-39698 |
8.8 |
2025-09-24 |
2025-09-24 |
Linux Kernel io_uring Futex Request Use-After-Free Local Privilege Escalation Vulnerability |
| ZDI-25-914 |
ZDI-CAN-27793 |
GIMP |
CVE-2025-10925 |
7.8 |
2025-09-24 |
2025-09-24 |
GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-913 |
ZDI-CAN-27836 |
GIMP |
CVE-2025-10924 |
7.8 |
2025-09-24 |
2025-09-24 |
GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability |
| ZDI-25-912 |
ZDI-CAN-27878 |
GIMP |
CVE-2025-10923 |
7.8 |
2025-09-24 |
2025-09-24 |
GIMP WBMP File Parsing Integer Overflow Remote Code Execution Vulnerability |
| ZDI-25-911 |
ZDI-CAN-27863 |
GIMP |
CVE-2025-10922 |
7.8 |
2025-09-24 |
2025-09-24 |
GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-910 |
ZDI-CAN-27803 |
GIMP |
CVE-2025-10921 |
7.8 |
2025-09-24 |
2025-09-24 |
GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-909 |
ZDI-CAN-27684 |
GIMP |
CVE-2025-10920 |
7.8 |
2025-09-24 |
2025-09-24 |
GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-908 |
ZDI-CAN-27224 |
Autodesk |
CVE-2025-8892 |
7.8 |
2025-09-23 |
2025-09-23 |
Autodesk AutoCAD PRT File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-907 |
ZDI-CAN-27557 |
Autodesk |
CVE-2025-8354 |
7.8 |
2025-09-23 |
2025-09-23 |
Autodesk Revit RFA File Parsing Type Confusion Remote Code Execution Vulnerability |
| ZDI-25-906 |
ZDI-CAN-26042 |
SolarWinds |
CVE-2025-26399 |
9.8 |
2025-09-23 |
2025-09-23 |
SolarWinds Web Help Desk AjaxProxy Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-905 |
ZDI-CAN-26474 |
Gen Digital |
CVE-2025-3025 |
7.3 |
2025-09-23 |
2025-09-23 |
Gen Digital CCleaner Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-904 |
ZDI-CAN-27283 |
Dassault Systèmes |
CVE-2025-9447 |
7.8 |
2025-09-22 |
2025-09-22 |
Dassault Systèmes eDrawings Viewer PAR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-903 |
ZDI-CAN-27332 |
Dassault Systèmes |
CVE-2025-9449 |
7.8 |
2025-09-22 |
2025-09-22 |
Dassault Systèmes eDrawings Viewer PAR File Parsing Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-902 |
ZDI-CAN-27467 |
Dassault Systèmes |
CVE-2025-9450 |
7.8 |
2025-09-22 |
2025-09-22 |
Dassault Systèmes eDrawings Viewer JT File Parsing Uninitialized Variable Remote Code Execution Vulnerability |
| ZDI-25-901 |
ZDI-CAN-27586 |
Apple |
CVE-2025-43368 |
4.3 |
2025-09-18 |
2025-09-18 |
Apple Safari IPC Connection Invalidation Use-After-Free Information Disclosure Vulnerability |
| ZDI-25-900 |
ZDI-CAN-27407 |
Apple |
CVE-2025-43346 |
8.8 |
2025-09-18 |
2025-09-18 |
Apple macOS OGG Audio File Header Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-899 |
ZDI-CAN-27286 |
Apple |
CVE-2025-43349 |
7.8 |
2025-09-18 |
2025-09-18 |
Apple macOS Audio APAC Frame Decoding Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-898 |
ZDI-CAN-25289 |
Delta Electronics |
CVE-2025-53418 |
8.8 |
2025-09-18 |
2025-09-18 |
Delta Electronics COMMGR Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-897 |
ZDI-CAN-22241 |
Avira |
CVE-2024-13759 |
7.8 |
2025-09-18 |
2025-09-18 |
Avira Prime Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-896 |
ZDI-CAN-26892 |
Wondershare |
CVE-2025-10644 |
9.4 |
2025-10-08 |
2025-10-08 |
(0Day) Wondershare Repairit SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability |
| ZDI-25-895 |
ZDI-CAN-26902 |
Wondershare |
CVE-2025-10643 |
9.1 |
2025-10-08 |
2025-10-08 |
(0Day) Wondershare Repairit Incorrect Permission Assignment Authentication Bypass Vulnerability |
| ZDI-25-894 |
ZDI-CAN-26583 |
Digilent |
CVE-2025-10203 |
7.8 |
2025-09-16 |
2025-09-16 |
Digilent WaveForms DWF3WORK File Parsing Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-893 |
ZDI-CAN-26692 |
Siemens |
CVE-2025-40762 |
7.8 |
2025-09-12 |
2025-09-12 |
Siemens Simcenter Femap STP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-892 |
ZDI-CAN-24739 |
Microsoft |
|
7.5 |
2025-09-09 |
2025-09-09 |
Microsoft .NET IsTypeAuthorized Deserialization of Untrusted Data Denial-of-Service Vulnerability |
| ZDI-25-891 |
ZDI-CAN-26640 |
Digilent |
CVE-2025-57778 |
7.8 |
2025-09-04 |
2025-09-04 |
Digilent DASYLab DSB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-890 |
ZDI-CAN-26615 |
Digilent |
CVE-2025-57777 |
7.8 |
2025-09-04 |
2025-09-04 |
Digilent DASYLab DSB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-889 |
ZDI-CAN-26614 |
Digilent |
CVE-2025-57776 |
7.8 |
2025-09-04 |
2025-09-04 |
Digilent DASYLab DSB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-888 |
ZDI-CAN-26613 |
Digilent |
CVE-2025-57775 |
7.8 |
2025-09-04 |
2025-09-04 |
Digilent DASYLab DSB File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-887 |
ZDI-CAN-26612 |
Digilent |
CVE-2025-57774 |
7.8 |
2025-09-04 |
2025-09-04 |
Digilent DASYLab DSB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-886 |
ZDI-CAN-26582 |
Digilent |
CVE-2025-9189 |
7.8 |
2025-09-04 |
2025-09-04 |
Digilent DASYLab DSB File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-885 |
ZDI-CAN-26581 |
Digilent |
CVE-2025-9188 |
7.8 |
2025-09-04 |
2025-09-04 |
Digilent DASYLab DSB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-884 |
ZDI-CAN-27261 |
QEMU |
CVE-2025-8860 |
5.3 |
2025-09-04 |
2025-09-04 |
QEMU uefi-vars Uninitialized Memory Information Disclosure Vulnerability |
| ZDI-25-883 |
ZDI-CAN-26552 |
Realtek |
CVE-2025-8300 |
8.8 |
2025-09-02 |
2025-09-02 |
Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability |
| ZDI-25-882 |
ZDI-CAN-25857 |
Realtek |
CVE-2025-8299 |
8.8 |
2025-09-02 |
2025-09-02 |
Realtek rtl81xx SDK Wi-Fi Driver MgntActSet_TEREDO_SET_RS_PACKET Heap-based Buffer Overflow Local Privilege Escalation Vulnerability |
| ZDI-25-881 |
ZDI-CAN-25864 |
Realtek |
CVE-2025-8298 |
3.8 |
2025-09-02 |
2025-09-02 |
Realtek RTL8811AU rtwlanu.sys N6CQueryInformationHandleCustomized11nOids Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-880 |
ZDI-CAN-24786 |
Realtek |
CVE-2025-8301 |
7.8 |
2025-09-02 |
2025-09-02 |
Realtek RTL8811AU rtwlanu.sys N6CSet_DOT11_CIPHER_DEFAULT_KEY Heap-based Buffer Overflow Local Privilege Escalation Vulnerability |
| ZDI-25-879 |
ZDI-CAN-26553 |
Realtek |
CVE-2025-8302 |
8.8 |
2025-09-02 |
2025-09-02 |
Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability |
| ZDI-25-878 |
ZDI-CAN-26523 |
Apple |
CVE-2025-43283 |
6.5 |
2025-08-28 |
2025-09-18 |
Apple macOS AppleIntelKBLGraphics Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-877 |
ZDI-CAN-25875 |
Delta Electronics |
CVE-2025-53419 |
7.8 |
2025-08-28 |
2025-08-28 |
Delta Electronics ISPSoft ISP File Parsing Improper Control of Dynamically-Managed Code Remote Code Execution Vulnerability |
| ZDI-25-876 |
ZDI-CAN-26744 |
Siemens |
CVE-2025-25175 |
7.8 |
2025-08-28 |
2025-08-28 |
Siemens Simcenter Femap NEU File Parsing Type Confusion Remote Code Execution Vulnerability |
| ZDI-25-875 |
ZDI-CAN-26747 |
Siemens |
CVE-2025-25175 |
7.8 |
2025-08-28 |
2025-08-28 |
Siemens Simcenter Femap NEU File Parsing Type Confusion Remote Code Execution Vulnerability |
| ZDI-25-874 |
ZDI-CAN-26748 |
Siemens |
CVE-2025-25175 |
7.8 |
2025-08-28 |
2025-08-28 |
Siemens Simcenter Femap NEU File Parsing Type Confusion Remote Code Execution Vulnerability |
| ZDI-25-873 |
ZDI-CAN-27504 |
Linux |
CVE-2025-38563 |
7.5 |
2025-08-28 |
2025-09-24 |
Linux Kernel perf Subsystem AUX Buffers Use-After-Free Local Privilege Escalation Vulnerability |
| ZDI-25-872 |
ZDI-CAN-27129 |
TeamViewer |
CVE-2025-44002 |
6.1 |
2025-08-26 |
2025-08-26 |
TeamViewer Link Following Denial-of-Service Vulnerability |
| ZDI-25-871 |
ZDI-CAN-25847 |
QNAP |
CVE-2024-13087 |
7.1 |
2025-08-26 |
2025-08-26 |
(Pwn2Own) QNAP QHora-322 miro_webserver_lib_RunExecBash Command Injection Remote Code Execution Vulnerability |
| ZDI-25-870 |
ZDI-CAN-25709 |
Foxit |
CVE-2025-9330 |
7.8 |
2025-08-21 |
2025-08-21 |
Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
| ZDI-25-869 |
ZDI-CAN-27101 |
Foxit |
CVE-2025-9323 |
3.3 |
2025-08-21 |
2025-08-21 |
Foxit PDF Reader JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-868 |
ZDI-CAN-26802 |
Foxit |
CVE-2025-9324 |
3.3 |
2025-08-21 |
2025-08-21 |
Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-867 |
ZDI-CAN-26785 |
Foxit |
CVE-2025-9325 |
3.3 |
2025-08-21 |
2025-08-21 |
Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-866 |
ZDI-CAN-26784 |
Foxit |
CVE-2025-9326 |
7.8 |
2025-08-21 |
2025-08-21 |
Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-865 |
ZDI-CAN-26774 |
Foxit |
CVE-2025-9327 |
3.3 |
2025-08-21 |
2025-08-21 |
Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-864 |
ZDI-CAN-26773 |
Foxit |
CVE-2025-9328 |
7.8 |
2025-08-21 |
2025-08-21 |
Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-863 |
ZDI-CAN-26772 |
Foxit |
CVE-2025-9329 |
7.8 |
2025-08-21 |
2025-08-21 |
Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-862 |
ZDI-CAN-27085 |
Autodesk |
CVE-2025-5048 |
7.8 |
2025-08-21 |
2025-08-21 |
Autodesk AutoCAD DGN File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-861 |
ZDI-CAN-27084 |
Autodesk |
CVE-2025-5047 |
7.8 |
2025-08-21 |
2025-08-21 |
Autodesk AutoCAD DGN File Parsing Uninitialized Variable Remote Code Execution Vulnerability |
| ZDI-25-860 |
ZDI-CAN-27083 |
Autodesk |
CVE-2025-5046 |
7.8 |
2025-08-21 |
2025-08-21 |
Autodesk AutoCAD DGN File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-859 |
ZDI-CAN-26486 |
Firebird |
CVE-2025-54989 |
7.5 |
2025-08-21 |
2025-08-21 |
Firebird SQL Database Server XDR Message Parsing NULL Pointer Dereference Denial-of-Service Vulnerability |
| ZDI-25-858 |
ZDI-CAN-25774 |
Axis Communications |
|
8.8 |
2025-08-21 |
2025-08-21 |
Axis Communications Autodesk Plugin AzureBlobRestAPI axiscontentfiles Remote Code Execution Vulnerability |
| ZDI-25-857 |
ZDI-CAN-27433 |
Ivanti |
CVE-2025-8297 |
6.6 |
2025-08-20 |
2025-08-20 |
Ivanti Avalanche FileStoreConfig Arbitrary File Upload Remote Code Execution Vulnerability |
| ZDI-25-856 |
ZDI-CAN-27134 |
Ivanti |
CVE-2025-8296 |
6.6 |
2025-08-20 |
2025-08-20 |
Ivanti Avalanche getCountMuStatDevicePropResultsFromMuListAgentIds SQL Injection Remote Code Execution Vulnerability |
| ZDI-25-855 |
ZDI-CAN-22195 |
Cockroach Labs |
CVE-2025-9276 |
9.8 |
2025-08-27 |
2025-08-27 |
Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass Vulnerability |
| ZDI-25-854 |
ZDI-CAN-21655 |
Oxford Instruments |
CVE-2025-9275 |
7.8 |
2025-08-20 |
2025-08-20 |
(0Day) Oxford Instruments Imaris Viewer IMS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-853 |
ZDI-CAN-21657 |
Oxford Instruments |
CVE-2025-9274 |
7.8 |
2025-08-20 |
2025-08-20 |
(0Day) Oxford Instruments Imaris Viewer IMS File Parsing Uninitialized Pointer Remote Code Execution Vulnerability |
| ZDI-25-852 |
ZDI-CAN-23950 |
CData |
CVE-2025-9273 |
4.3 |
2025-08-20 |
2025-08-20 |
(0Day) CData API Server MySQL Misconfiguration Information Disclosure Vulnerability |
| ZDI-25-851 |
ZDI-CAN-27250 |
NVIDIA |
CVE-2025-23318 |
8.1 |
2025-08-20 |
2025-08-20 |
(Pwn2Own) NVIDIA Triton Inference Server IPC Push Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-850 |
ZDI-CAN-27249 |
NVIDIA |
CVE-2025-23333 |
5.9 |
2025-08-20 |
2025-08-20 |
(Pwn2Own) NVIDIA Triton Inference Server LoadFromSharedMemory Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-849 |
ZDI-CAN-27181 |
NVIDIA |
CVE-2025-23320 |
7.5 |
2025-08-20 |
2025-08-20 |
(Pwn2Own) NVIDIA Triton Inference Server SharedMemoryManager Error Message Information Disclosure Vulnerability |
| ZDI-25-848 |
ZDI-CAN-27209 |
NVIDIA |
CVE-2025-23296 |
7.3 |
2025-08-20 |
2025-08-20 |
NVIDIA Isaac-GR00T secure_server Authentication Bypass Vulnerability |
| ZDI-25-847 |
ZDI-CAN-27210 |
NVIDIA |
CVE-2025-23296 |
9.8 |
2025-08-20 |
2025-09-03 |
NVIDIA Isaac-GR00T TorchSerializer Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-846 |
ZDI-CAN-27058 |
Apple |
CVE-2025-31281 |
3.3 |
2025-08-14 |
2025-08-14 |
Apple macOS USD importMeshJointWeights Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-845 |
ZDI-CAN-27174 |
Microsoft |
CVE-2025-53132 |
8.8 |
2025-08-14 |
2025-08-14 |
(Pwn2Own) Microsoft Windows win32kfull Race Condition Local Privilege Escalation Vulnerability |
| ZDI-25-844 |
ZDI-CAN-27541 |
Microsoft |
CVE-2025-53788 |
4.7 |
2025-08-14 |
2025-08-14 |
Microsoft Windows Subsystem for Linux WslCoreVm::Initialize Incorrect Privilege Management Information Disclosure Vulnerability |
| ZDI-25-843 |
ZDI-CAN-27188 |
Microsoft |
CVE-2025-50168 |
8.8 |
2025-08-14 |
2025-08-14 |
(Pwn2Own) Microsoft Windows win32kbase Type Confusion Local Privilege Escalation Vulnerability |
| ZDI-25-842 |
ZDI-CAN-27171 |
Microsoft |
CVE-2025-53156 |
3.8 |
2025-08-14 |
2025-08-14 |
(Pwn2Own) Microsoft Windows Exposed Dangerous Function Information Disclosure Vulnerability |
| ZDI-25-841 |
ZDI-CAN-27235 |
Microsoft |
CVE-2025-53723 |
8.8 |
2025-08-14 |
2025-08-14 |
(Pwn2Own) Microsoft Windows 11 vhdmp Integer Overflow Local Privilege Escalation Vulnerability |
| ZDI-25-840 |
ZDI-CAN-27256 |
Microsoft |
CVE-2025-53155 |
8.8 |
2025-08-14 |
2025-08-14 |
(Pwn2Own) Microsoft Windows 11 vhdmp Improper Validation of Array Index Local Privilege Escalation Vulnerability |
| ZDI-25-839 |
ZDI-CAN-26363 |
Microsoft |
CVE-2025-53783 |
9.8 |
2025-08-14 |
2025-08-14 |
Microsoft Teams Real Time Media Manager Integer Underflow Remote Code Execution Vulnerability |
| ZDI-25-838 |
ZDI-CAN-27158 |
Microsoft |
CVE-2025-50167 |
8.8 |
2025-08-14 |
2025-08-14 |
(Pwn2Own) Microsoft Windows 11 vhdmp Use-After-Free Local Privilege Escalation Vulnerability |
| ZDI-25-837 |
ZDI-CAN-26559 |
Rockwell Automation |
CVE-2025-6377 |
7.8 |
2025-08-13 |
2025-08-13 |
Rockwell Automation Arena Simulation DOE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-836 |
ZDI-CAN-26556 |
Rockwell Automation |
CVE-2025-6376 |
7.8 |
2025-08-13 |
2025-08-13 |
Rockwell Automation Arena Simulation DOE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-835 |
ZDI-CAN-26766 |
NoMachine |
CVE-2025-8614 |
7.8 |
2025-08-13 |
2025-09-02 |
NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
| ZDI-25-834 |
ZDI-CAN-26141 |
Academy Software Foundation |
CVE-2025-48071 |
7.8 |
2025-08-13 |
2025-08-13 |
Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-833 |
ZDI-CAN-27199 |
NVIDIA |
CVE-2025-23298 |
7.8 |
2025-08-14 |
2025-09-26 |
NVIDIA Transformers4Rec load_model_trainer_states_from_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-832 |
ZDI-CAN-26478 |
Delta Electronics |
CVE-2025-53417 |
9.8 |
2025-08-13 |
2025-08-13 |
Delta Electronics DIAView Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-831 |
ZDI-CAN-26477 |
Delta Electronics |
CVE-2025-53417 |
7.5 |
2025-08-13 |
2025-08-13 |
Delta Electronics DIAView Directory Traversal Information Disclosure Vulnerability |
| ZDI-25-830 |
ZDI-CAN-26463 |
Schneider Electric |
CVE-2025-54924 |
7.5 |
2025-08-12 |
2025-08-25 |
(0Day) Schneider Electric EcoStruxure Power Monitoring Expert GetPagesAsImages Server-Side Request Forgery Information Disclosure Vulnerability |
| ZDI-25-829 |
ZDI-CAN-26275 |
Schneider Electric |
CVE-2025-54923 |
8.8 |
2025-08-12 |
2025-08-25 |
(0Day) Schneider Electric EcoStruxure Power Monitoring Expert GetFilteredSinkProvider Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-828 |
ZDI-CAN-26274 |
Schneider Electric |
CVE-2025-54927 |
7.2 |
2025-08-12 |
2025-08-25 |
(0Day) Schneider Electric EcoStruxure Power Monitoring Expert HttpPostedFile Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-827 |
ZDI-CAN-26273 |
Schneider Electric |
CVE-2025-54926 |
4.9 |
2025-08-12 |
2025-08-25 |
(0Day) Schneider Electric EcoStruxure Power Monitoring Expert GetTgmlContent Directory Traversal Information Disclosure Vulnerability |
| ZDI-25-826 |
ZDI-CAN-26464 |
Schneider Electric |
CVE-2025-54925 |
7.5 |
2025-08-12 |
2025-08-25 |
(0Day) Schneider Electric EcoStruxure Power Monitoring Expert ExportDataAsXML Server-Side Request Forgery Information Disclosure Vulnerability |
| ZDI-25-825 |
ZDI-CAN-26281 |
Apple |
|
3.3 |
2025-08-11 |
2025-08-11 |
Apple macOS AudioToolboxCore Audio Conversion Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-824 |
ZDI-CAN-26364 |
Microsoft |
|
3.3 |
2025-08-06 |
2025-08-06 |
(0Day) Microsoft Windows Theme File Parsing Improper Input Validation NTLM Relay Vulnerability |
| ZDI-25-823 |
ZDI-CAN-26372 |
Microsoft |
|
3.3 |
2025-08-06 |
2025-08-06 |
(0Day) Microsoft Windows Theme File Parsing Improper Input Validation NTLM Relay Vulnerability |
| ZDI-25-822 |
ZDI-CAN-25207 |
Microsoft |
|
6.5 |
2025-08-06 |
2025-08-06 |
(0Day) Microsoft SharePoint GetTransformer Unsafe Reflection Denial-of-Service Vulnerability |
| ZDI-25-821 |
ZDI-CAN-24974 |
Microsoft |
|
7.5 |
2025-08-06 |
2025-08-06 |
(0Day) Microsoft Windows Internet Explorer Remote Code Execution Vulnerability |
| ZDI-25-820 |
ZDI-CAN-24831 |
Microsoft |
|
8.1 |
2025-08-06 |
2025-08-06 |
(0Day) Microsoft SharePoint IsAuthorizedType Deserialization of Untrusted Data Information Disclosure and Denial-of-Service Vulnerability |
| ZDI-25-819 |
ZDI-CAN-24425 |
Microsoft |
|
7.1 |
2025-08-06 |
2025-08-06 |
(0Day) Microsoft Windows NetBIOS Hostname SmartScreen Bypass Remote Code Execution Vulnerability |
| ZDI-25-818 |
ZDI-CAN-24078 |
Microsoft |
|
7.5 |
2025-08-06 |
2025-08-06 |
(0Day) Microsoft Windows OneDrive SmartScreen Bypass Vulnerability |
| ZDI-25-817 |
ZDI-CAN-23584 |
Microsoft |
|
6.5 |
2025-08-06 |
2025-08-06 |
(0Day) Microsoft Edge PDF NTLM Response Information Disclosure Vulnerability |
| ZDI-25-816 |
ZDI-CAN-23960 |
Microsoft |
|
5.3 |
2025-08-06 |
2025-08-06 |
(0Day) Microsoft Azure AP5GC gNB-ID Use of Multiple Resources with Duplicate Identifier Denial-Of-Service Vulnerability |
| ZDI-25-815 |
ZDI-CAN-23990 |
Microsoft |
|
8.8 |
2025-08-06 |
2025-08-06 |
(0Day) Microsoft Windows CAB File SmartScreen Bypass Vulnerability |
| ZDI-25-814 |
ZDI-CAN-23548 |
Microsoft |
|
6.5 |
2025-08-06 |
2025-08-06 |
(0Day) Microsoft Windows MonikerLink Information Disclosure Vulnerability |
| ZDI-25-813 |
ZDI-CAN-23444 |
Microsoft |
|
7.5 |
2025-08-06 |
2025-08-06 |
(0Day) Microsoft PowerShell TryModuleAutoLoading Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-812 |
ZDI-CAN-23938 |
Microsoft |
|
8.8 |
2025-08-06 |
2025-08-06 |
(0Day) Microsoft Windows SmartScreen Bypass Remote Code Execution Vulnerability |
| ZDI-25-811 |
ZDI-CAN-23946 |
Microsoft |
|
4.3 |
2025-08-06 |
2025-08-06 |
(0Day) Microsoft Office OfficeApps Unintended Proxy Information Disclosure Vulnerability |
| ZDI-25-810 |
ZDI-CAN-23945 |
Microsoft |
|
8.8 |
2025-08-06 |
2025-08-06 |
(0Day) Microsoft Windows ZIP File Insufficient UI Warning Remote Code Execution Vulnerability |
| ZDI-25-809 |
ZDI-CAN-23450 |
Microsoft |
|
8.8 |
2025-08-06 |
2025-08-06 |
(0Day) Microsoft Exchange PowerShell Exposed Dangerous Method NTLM Relay Vulnerability |
| ZDI-25-808 |
ZDI-CAN-26156 |
AOMEI |
CVE-2025-8610 |
9.8 |
2025-08-06 |
2025-08-06 |
(0Day) AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability |
| ZDI-25-807 |
ZDI-CAN-26158 |
AOMEI |
CVE-2025-8611 |
9.8 |
2025-08-06 |
2025-08-06 |
(0Day) AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability |
| ZDI-25-806 |
ZDI-CAN-27059 |
AOMEI |
CVE-2025-8612 |
7.3 |
2025-08-06 |
2025-08-06 |
(0Day) AOMEI Backupper Workstation Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-805 |
ZDI-CAN-25892 |
Vacron |
CVE-2025-8613 |
7.2 |
2025-08-06 |
2025-08-06 |
(0Day) Vacron Camera ping Command Injection Remote Code Execution Vulnerability |
| ZDI-25-804 |
ZDI-CAN-26355 |
Kenwood |
CVE-2025-8656 |
6.8 |
2025-08-05 |
2025-08-05 |
(0Day) (Pwn2Own) Kenwood DMX958XR Protection Mechanism Failure Software Downgrade Vulnerability |
| ZDI-25-803 |
ZDI-CAN-26314 |
Kenwood |
CVE-2025-8655 |
6.8 |
2025-08-05 |
2025-08-05 |
(0Day) (Pwn2Own) Kenwood DMX958XR libSystemLib Command injection Remote Code Execution Vulnerability |
| ZDI-25-802 |
ZDI-CAN-26313 |
Kenwood |
CVE-2025-8654 |
8.8 |
2025-08-05 |
2025-08-05 |
(0Day) (Pwn2Own) Kenwood DMX958XR ReadMVGImage Command Injection Remote Code Execution Vulnerability |
| ZDI-25-801 |
ZDI-CAN-26312 |
Kenwood |
CVE-2025-8653 |
8.8 |
2025-08-05 |
2025-08-05 |
(0Day) (Pwn2Own) Kenwood DMX958XR JKRadioService Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-800 |
ZDI-CAN-26311 |
Kenwood |
CVE-2025-8652 |
6.8 |
2025-08-05 |
2025-08-05 |
(0Day) (Pwn2Own) Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability |
| ZDI-25-799 |
ZDI-CAN-26307 |
Kenwood |
CVE-2025-8651 |
6.8 |
2025-08-05 |
2025-08-05 |
(0Day) (Pwn2Own) Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability |
| ZDI-25-798 |
ZDI-CAN-26306 |
Kenwood |
CVE-2025-8650 |
6.8 |
2025-08-05 |
2025-08-05 |
(0Day) (Pwn2Own) Kenwood DMX958XR libSystemLib Command Injection Remote Code Execution Vulnerability |
| ZDI-25-797 |
ZDI-CAN-26305 |
Kenwood |
CVE-2025-8649 |
6.8 |
2025-08-05 |
2025-08-05 |
(0Day) (Pwn2Own) Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability |
| ZDI-25-796 |
ZDI-CAN-26271 |
Kenwood |
CVE-2025-8648 |
6.8 |
2025-08-05 |
2025-08-05 |
(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| ZDI-25-795 |
ZDI-CAN-26270 |
Kenwood |
CVE-2025-8647 |
6.8 |
2025-08-05 |
2025-08-05 |
(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| ZDI-25-794 |
ZDI-CAN-26269 |
Kenwood |
CVE-2025-8646 |
6.8 |
2025-08-05 |
2025-08-05 |
(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| ZDI-25-793 |
ZDI-CAN-26268 |
Kenwood |
CVE-2025-8645 |
6.8 |
2025-08-05 |
2025-08-05 |
(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| ZDI-25-792 |
ZDI-CAN-26267 |
Kenwood |
CVE-2025-8644 |
6.8 |
2025-08-05 |
2025-08-05 |
(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| ZDI-25-791 |
ZDI-CAN-26266 |
Kenwood |
CVE-2025-8643 |
6.8 |
2025-08-05 |
2025-08-05 |
(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| ZDI-25-790 |
ZDI-CAN-26265 |
Kenwood |
CVE-2025-8642 |
6.8 |
2025-08-05 |
2025-08-05 |
(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| ZDI-25-789 |
ZDI-CAN-26264 |
Kenwood |
CVE-2025-8641 |
6.8 |
2025-08-05 |
2025-08-05 |
(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| ZDI-25-788 |
ZDI-CAN-26263 |
Kenwood |
CVE-2025-8640 |
6.8 |
2025-08-05 |
2025-08-05 |
(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| ZDI-25-787 |
ZDI-CAN-26262 |
Kenwood |
CVE-2025-8639 |
6.8 |
2025-08-05 |
2025-08-05 |
(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| ZDI-25-786 |
ZDI-CAN-26261 |
Kenwood |
CVE-2025-8638 |
6.8 |
2025-08-05 |
2025-08-05 |
(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| ZDI-25-785 |
ZDI-CAN-26260 |
Kenwood |
CVE-2025-8637 |
6.8 |
2025-08-05 |
2025-08-05 |
(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| ZDI-25-784 |
ZDI-CAN-26259 |
Kenwood |
CVE-2025-8636 |
6.8 |
2025-08-05 |
2025-08-05 |
(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| ZDI-25-783 |
ZDI-CAN-26258 |
Kenwood |
CVE-2025-8635 |
6.8 |
2025-08-05 |
2025-08-05 |
(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| ZDI-25-782 |
ZDI-CAN-26257 |
Kenwood |
CVE-2025-8634 |
6.8 |
2025-08-05 |
2025-08-05 |
(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| ZDI-25-781 |
ZDI-CAN-26256 |
Kenwood |
CVE-2025-8633 |
6.8 |
2025-08-05 |
2025-08-05 |
(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| ZDI-25-780 |
ZDI-CAN-26255 |
Kenwood |
CVE-2025-8632 |
6.8 |
2025-08-05 |
2025-08-05 |
(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| ZDI-25-779 |
ZDI-CAN-26254 |
Kenwood |
CVE-2025-8631 |
6.8 |
2025-08-05 |
2025-08-05 |
(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| ZDI-25-778 |
ZDI-CAN-26253 |
Kenwood |
CVE-2025-8630 |
6.8 |
2025-08-05 |
2025-08-05 |
(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| ZDI-25-777 |
ZDI-CAN-26252 |
Kenwood |
CVE-2025-8629 |
6.8 |
2025-08-05 |
2025-08-05 |
(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| ZDI-25-776 |
ZDI-CAN-26064 |
Kenwood |
CVE-2025-8628 |
6.8 |
2025-08-05 |
2025-08-05 |
(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
| ZDI-25-775 |
ZDI-CAN-25494 |
Google |
|
7.5 |
2025-08-05 |
2025-08-05 |
(0Day) Google Chrome SwiftShader Out-Of-Bound Write Remote Code Execution Vulnerability |
| ZDI-25-774 |
ZDI-CAN-24741 |
Google |
|
8.8 |
2025-08-05 |
2025-08-05 |
(0Day) Google Drive ZIP File Mark-of-the-Web Bypass Remote Code Execution Vulnerability |
| ZDI-25-773 |
ZDI-CAN-24742 |
Google |
|
8.8 |
2025-08-05 |
2025-08-05 |
(0Day) Google Drive File Sharing Mark-of-the-Web Bypass Vulnerability |
| ZDI-25-772 |
ZDI-CAN-27855 |
Trend Micro |
CVE-2025-54987 |
9.8 |
2025-08-05 |
2025-08-05 |
Trend Micro Apex One Console Command Injection Remote Code Execution Vulnerability |
| ZDI-25-771 |
ZDI-CAN-27834 |
Trend Micro |
CVE-2025-54948 |
9.8 |
2025-08-05 |
2025-08-05 |
Trend Micro Apex One Console Command Injection Remote Code Execution Vulnerability |
| ZDI-25-770 |
ZDI-CAN-25335 |
Microsoft |
|
8.8 |
2025-08-01 |
2025-08-01 |
Microsoft Skype Chromium Remote Code Execution Vulnerability |
| ZDI-25-769 |
ZDI-CAN-27088 |
NI |
CVE-2025-7849 |
7.8 |
2025-08-01 |
2025-08-01 |
NI LabVIEW VI File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-768 |
ZDI-CAN-27081 |
NI |
CVE-2025-7848 |
7.8 |
2025-08-01 |
2025-08-01 |
NI LabVIEW VI File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-767 |
ZDI-CAN-26324 |
Alpine |
CVE-2025-8477 |
7.4 |
2025-08-01 |
2025-08-01 |
(0Day) (Pwn2Own) Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-766 |
ZDI-CAN-26357 |
Alpine |
CVE-2025-8480 |
8.0 |
2025-08-01 |
2025-08-01 |
(0Day) (Pwn2Own) Alpine iLX-507 Command Injection Remote Code Execution |
| ZDI-25-765 |
ZDI-CAN-26322 |
Alpine |
CVE-2025-8476 |
7.1 |
2025-08-01 |
2025-08-01 |
(0Day) (Pwn2Own) Alpine iLX-507 TIDAL Improper Certificate Validation Vulnerability |
| ZDI-25-764 |
ZDI-CAN-26321 |
Alpine |
CVE-2025-8475 |
7.4 |
2025-08-01 |
2025-08-01 |
(0Day) (Pwn2Own) Alpine iLX-507 AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-763 |
ZDI-CAN-26318 |
Alpine |
CVE-2025-8474 |
6.8 |
2025-08-01 |
2025-08-01 |
(0Day) (Pwn2Own) Alpine iLX-507 CarPlay Stack-based Buffer Overflow Code Execution Vulnerability |
| ZDI-25-762 |
ZDI-CAN-26317 |
Alpine |
CVE-2025-8473 |
6.4 |
2025-08-01 |
2025-08-01 |
(0Day) (Pwn2Own) Alpine iLX-507 UPDM_wstpCBCUpdStart Command Injection Vulnerability |
| ZDI-25-761 |
ZDI-CAN-26316 |
Alpine |
CVE-2025-8472 |
7.4 |
2025-08-01 |
2025-08-01 |
(0Day) (Pwn2Own) Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-760 |
ZDI-CAN-25536 |
QNAP |
CVE-2024-50388 |
7.5 |
2025-07-31 |
2025-07-31 |
(Pwn2Own) QNAP TS-464 rsync Daemon Command Injection Remote Code Execution Vulnerability |
| ZDI-25-759 |
ZDI-CAN-25656 |
QNAP |
CVE-2024-50387 |
7.5 |
2025-07-31 |
2025-07-31 |
(Pwn2Own) QNAP TS-464 Log Tool SQL Injection Remote Code Execution Vulnerability |
| ZDI-25-758 |
ZDI-CAN-25612 |
QNAP |
|
6.3 |
2025-07-31 |
2025-07-31 |
(Pwn2Own) QNAP TS-464 Samba Command Argument Injection Vulnerability |
| ZDI-25-757 |
ZDI-CAN-25673 |
QNAP |
|
7.5 |
2025-07-31 |
2025-07-31 |
(Pwn2Own) QNAP QHora-322 tar Command Injection Remote Code Execution Vulnerability |
| ZDI-25-756 |
ZDI-CAN-25488 |
QNAP |
|
6.3 |
2025-07-31 |
2025-07-31 |
(Pwn2Own) QNAP QHora-322 Improper Restriction of Communication Channel to Intended Endpoints Vulnerability |
| ZDI-25-755 |
ZDI-CAN-25672 |
QNAP |
|
7.5 |
2025-07-31 |
2025-07-31 |
(Pwn2Own) QNAP QHora-322 qsyslog-cli username Format String Remote Code Execution Vulnerability |
| ZDI-25-754 |
ZDI-CAN-25653 |
QNAP |
|
8.0 |
2025-07-31 |
2025-07-31 |
(Pwn2Own) QNAP TS-464 privWizard.cgi Authentication CRLF Injection Privilege Escalation Vulnerability |
| ZDI-25-753 |
ZDI-CAN-25482 |
QNAP |
|
9.8 |
2025-07-31 |
2025-07-31 |
(Pwn2Own) QNAP TS-464 Improper Handling of URL Encoding Authentication Bypass Vulnerability |
| ZDI-25-752 |
ZDI-CAN-25667 |
QNAP |
|
7.5 |
2025-07-31 |
2025-07-31 |
(Pwn2Own) QNAP QHora-322 gRPC WAN_ADDR6 Command Injection Remote Code Execution Vulnerability |
| ZDI-25-751 |
ZDI-CAN-25625 |
QNAP |
|
5.0 |
2025-07-31 |
2025-07-31 |
(Pwn2Own) QNAP QHora-322 IPv6 Incorrectly Specified Destination in a Communication Channel Network Spoofing Vulnerability |
| ZDI-25-750 |
ZDI-CAN-25624 |
QNAP |
|
8.8 |
2025-07-31 |
2025-07-31 |
(Pwn2Own) QNAP QHora-322 lionic_dpi parseMIME Out-of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-749 |
ZDI-CAN-25596 |
QNAP |
|
5.0 |
2025-07-31 |
2025-07-31 |
(Pwn2Own) QNAP QHora-322 qfirewall Improper Restriction of Communication Channel to Intended Endpoints Firewall Bypass Vulnerability |
| ZDI-25-748 |
ZDI-CAN-25657 |
QNAP |
|
8.1 |
2025-07-31 |
2025-07-31 |
(Pwn2Own) QNAP QHora-322 system.db Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability |
| ZDI-25-747 |
ZDI-CAN-25646 |
QNAP |
|
7.5 |
2025-07-31 |
2025-07-31 |
(Pwn2Own) QNAP TS-464 reset_password.cgi Hard-coded Cryptographic Key Authentication Bypass Vulnerability |
| ZDI-25-746 |
ZDI-CAN-25645 |
QNAP |
|
5.3 |
2025-07-31 |
2025-07-31 |
(Pwn2Own) QNAP TS-464 reset_password.cgi Improper Certificate Validation Information Disclosure Vulnerability |
| ZDI-25-745 |
ZDI-CAN-25644 |
QNAP |
|
5.3 |
2025-07-31 |
2025-07-31 |
(Pwn2Own) QNAP TS-464 reset_password.cgi Improper Certificate Validation Information Disclosure Vulnerability |
| ZDI-25-744 |
ZDI-CAN-25483 |
QNAP |
|
7.5 |
2025-07-31 |
2025-07-31 |
(Pwn2Own) QNAP TS-464 reset_password.cgi Improper Certificate Validation Authentication Bypass Vulnerability |
| ZDI-25-743 |
ZDI-CAN-25585 |
QNAP |
|
7.5 |
2025-07-31 |
2025-07-31 |
(Pwn2Own) QNAP TS-464 qnap_exec Command Injection Privilege Escalation Vulnerability |
| ZDI-25-742 |
ZDI-CAN-25587 |
QNAP |
|
8.8 |
2025-07-31 |
2025-07-31 |
(Pwn2Own) QNAP TS-464 Active Directory Authentication Bypass Vulnerability |
| ZDI-25-741 |
ZDI-CAN-25580 |
QNAP |
CVE-2024-50389 |
8.1 |
2025-07-31 |
2025-07-31 |
(Pwn2Own) QNAP QHora-322 openvpn_cli user_name SQL Injection Authentication Bypass Vulnerability |
| ZDI-25-740 |
ZDI-CAN-25641 |
QNAP |
|
8.0 |
2025-07-31 |
2025-07-31 |
(Pwn2Own) QNAP QHora-322 backup Use of Hard-coded Cryptographic Key Privilege Escalation Vulnerability |
| ZDI-25-739 |
ZDI-CAN-25634 |
QNAP |
|
6.6 |
2025-07-31 |
2025-07-31 |
(Pwn2Own) QNAP QHora-322 Improper Restriction of Communication Channel to Intended Endpoints Remote Code Execution Vulnerability |
| ZDI-25-738 |
ZDI-CAN-25635 |
QNAP |
|
7.5 |
2025-07-31 |
2025-07-31 |
(Pwn2Own) QNAP QHora-322 SSH Use of Weak Credentials Authentication Bypass Vulnerability |
| ZDI-25-737 |
ZDI-CAN-25530 |
QNAP |
|
4.3 |
2025-07-31 |
2025-07-31 |
(Pwn2Own) QNAP QHora-322 do_fetch Improper Certificate Validation Vulnerability |
| ZDI-25-736 |
ZDI-CAN-25632 |
QNAP |
|
6.3 |
2025-07-31 |
2025-07-31 |
(Pwn2Own) QNAP QHora-322 access_setting HTTP Request Smuggling Vulnerability |
| ZDI-25-735 |
ZDI-CAN-25631 |
QNAP |
|
6.3 |
2025-07-31 |
2025-07-31 |
(Pwn2Own) QNAP QHora-322 local_pwd_reset HTTP Request Smuggling Vulnerability |
| ZDI-25-734 |
ZDI-CAN-25633 |
QNAP |
|
6.3 |
2025-07-31 |
2025-07-31 |
(Pwn2Own) QNAP QHora-322 IPMI Use of Weak Credentials Authentication Bypass Vulnerability |
| ZDI-25-733 |
ZDI-CAN-24915 |
Marvell |
CVE-2025-8426 |
9.4 |
2025-07-31 |
2025-07-31 |
(0Day) Marvell QConvergeConsole compressConfigFiles Directory Traversal Information Disclosure and Denial-of-Service Vulnerability |
| ZDI-25-732 |
ZDI-CAN-25639 |
Lorex |
CVE-2025-8389 |
7.5 |
2025-07-30 |
2025-07-30 |
(Pwn2Own) Lorex 2K Indoor Wi-Fi Security Camera Improper Validation of Array Index Remote Code Execution Vulnerability |
| ZDI-25-731 |
ZDI-CAN-25537 |
Lorex |
CVE-2024-52544 |
8.8 |
2025-07-30 |
2025-07-30 |
(Pwn2Own) Lorex 2K Indoor Wi-Fi Security Camera Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-730 |
ZDI-CAN-25647 |
Lorex |
CVE-2025-3132 |
8.8 |
2025-07-30 |
2025-07-30 |
(Pwn2Own) Lorex 2K Indoor Wi-Fi Security Camera Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-729 |
ZDI-CAN-23656 |
Canonical |
CVE-2024-50126 |
7.8 |
2025-07-30 |
2025-07-30 |
(Pwn2Own) Canonical Ubuntu Kernel taprio Scheduler Race Condition Local Privilege Escalation Vulnerability |
| ZDI-25-728 |
ZDI-CAN-26782 |
Apple |
CVE-2025-31239 |
7.8 |
2025-07-30 |
2025-07-30 |
Apple macOS MediaToolbox Framework Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-727 |
ZDI-CAN-25365 |
Apple |
|
7.8 |
2025-07-30 |
2025-07-30 |
Apple macOS libFontValidation kern Table Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-726 |
ZDI-CAN-25355 |
Ashlar-Vellum |
CVE-2025-7993 |
7.8 |
2025-07-30 |
2025-07-30 |
(0Day) Ashlar-Vellum Cobalt LI File Parsing Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-725 |
ZDI-CAN-26238 |
Ashlar-Vellum |
CVE-2025-8006 |
7.8 |
2025-07-30 |
2025-07-30 |
(0Day) Ashlar-Vellum Cobalt XE File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-724 |
ZDI-CAN-26233 |
Ashlar-Vellum |
CVE-2025-8002 |
7.8 |
2025-07-30 |
2025-07-30 |
(0Day) Ashlar-Vellum Cobalt CO File Parsing Type Confusion Remote Code Execution Vulnerability |
| ZDI-25-723 |
ZDI-CAN-26236 |
Ashlar-Vellum |
CVE-2025-8004 |
7.8 |
2025-07-30 |
2025-07-30 |
(0Day) Ashlar-Vellum Cobalt XE File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-722 |
ZDI-CAN-26237 |
Ashlar-Vellum |
CVE-2025-8005 |
7.8 |
2025-07-30 |
2025-07-30 |
(0Day) Ashlar-Vellum Cobalt XE File Parsing Type Confusion Remote Code Execution Vulnerability |
| ZDI-25-721 |
ZDI-CAN-26053 |
Ashlar-Vellum |
CVE-2025-8001 |
7.8 |
2025-07-30 |
2025-07-30 |
(0Day) Ashlar-Vellum Cobalt CO File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-720 |
ZDI-CAN-26235 |
Ashlar-Vellum |
CVE-2025-8003 |
7.8 |
2025-07-30 |
2025-07-30 |
(0Day) Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-719 |
ZDI-CAN-26045 |
Ashlar-Vellum |
CVE-2025-7997 |
7.8 |
2025-07-30 |
2025-07-30 |
(0Day) Ashlar-Vellum Cobalt XE File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-718 |
ZDI-CAN-26051 |
Ashlar-Vellum |
CVE-2025-8000 |
7.8 |
2025-07-30 |
2025-07-30 |
(0Day) Ashlar-Vellum Cobalt LI File Parsing Type Confusion Remote Code Execution Vulnerability |
| ZDI-25-717 |
ZDI-CAN-25981 |
Ashlar-Vellum |
CVE-2025-7995 |
7.8 |
2025-07-30 |
2025-07-30 |
(0Day) Ashlar-Vellum Cobalt CO File Parsing Type Confusion Remote Code Execution Vulnerability |
| ZDI-25-716 |
ZDI-CAN-25982 |
Ashlar-Vellum |
CVE-2025-7996 |
7.8 |
2025-07-30 |
2025-07-30 |
(0Day) Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-715 |
ZDI-CAN-26046 |
Ashlar-Vellum |
CVE-2025-7998 |
7.8 |
2025-07-30 |
2025-07-30 |
(0Day) Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-714 |
ZDI-CAN-25976 |
Ashlar-Vellum |
CVE-2025-7994 |
7.8 |
2025-07-30 |
2025-07-30 |
(0Day) Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-713 |
ZDI-CAN-26049 |
Ashlar-Vellum |
CVE-2025-7999 |
7.8 |
2025-07-30 |
2025-07-30 |
(0Day) Ashlar-Vellum Cobalt AR File Parsing Type Confusion Remote Code Execution Vulnerability |
| ZDI-25-712 |
ZDI-CAN-26299 |
Tesla |
CVE-2025-8321 |
6.8 |
2025-07-29 |
2025-07-29 |
(Pwn2Own) Tesla Wall Connector Firmware Downgrade Vulnerability |
| ZDI-25-711 |
ZDI-CAN-26300 |
Tesla |
CVE-2025-8320 |
8.8 |
2025-07-29 |
2025-07-29 |
(Pwn2Own) Tesla Wall Connector Content-Length Header Improper Input Validation Remote Code Execution Vulnerability |
| ZDI-25-710 |
ZDI-CAN-24672 |
SolarWinds |
CVE-2024-45710 |
7.8 |
2025-07-29 |
2025-07-29 |
SolarWinds Platform SolarWindsAgent64 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
| ZDI-25-709 |
ZDI-CAN-27217 |
Apple |
CVE-2025-43214 |
8.8 |
2025-07-29 |
2025-08-26 |
Apple Safari JavaScriptCore WasmToJSException Type Confusion Remote Code Execution Vulnerability |
| ZDI-25-708 |
ZDI-CAN-22536 |
Mozilla |
CVE-2024-3863 |
7.5 |
2025-07-29 |
2025-07-29 |
Mozilla Firefox Web Page Download Mark-Of-The-Web Protection Mechanism Failure Vulnerability |
| ZDI-25-707 |
ZDI-CAN-23383 |
AVG |
CVE-2024-13960 |
7.8 |
2025-07-29 |
2025-07-29 |
AVG TuneUp for PC TuneUp Service Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-706 |
ZDI-CAN-27226 |
Autodesk |
CVE-2025-7675 |
7.8 |
2025-07-29 |
2025-07-29 |
Autodesk AutoCAD 3DM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-705 |
ZDI-CAN-27225 |
Autodesk |
CVE-2025-7497 |
7.8 |
2025-07-29 |
2025-07-29 |
Autodesk AutoCAD PRT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-704 |
ZDI-CAN-27223 |
Autodesk |
CVE-2025-6637 |
7.8 |
2025-07-29 |
2025-07-29 |
Autodesk AutoCAD PRT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-703 |
ZDI-CAN-27222 |
Autodesk |
CVE-2025-6636 |
7.8 |
2025-07-29 |
2025-07-29 |
Autodesk AutoCAD PRT File Parsing Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-702 |
ZDI-CAN-27253 |
Autodesk |
CVE-2025-6635 |
7.8 |
2025-07-29 |
2025-07-29 |
Autodesk AutoCAD PRT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-701 |
ZDI-CAN-27221 |
Autodesk |
CVE-2025-6631 |
7.8 |
2025-07-29 |
2025-07-29 |
Autodesk AutoCAD PRT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-700 |
ZDI-CAN-26927 |
Autodesk |
CVE-2025-5038 |
7.8 |
2025-07-29 |
2025-07-29 |
Autodesk AutoCAD X_T File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-699 |
ZDI-CAN-26848 |
Autodesk |
CVE-2025-5043 |
7.8 |
2025-07-29 |
2025-07-29 |
Autodesk AutoCAD 3DM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-698 |
ZDI-CAN-25548 |
Avast |
CVE-2024-13962 |
7.8 |
2025-07-29 |
2025-07-29 |
Avast Cleanup Premium TuneupSvc Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-697 |
ZDI-CAN-25498 |
AVG |
CVE-2024-13959 |
7.8 |
2025-07-29 |
2025-07-29 |
AVG TuneUp for PC TuneupSvc Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-696 |
ZDI-CAN-25549 |
Avast |
CVE-2024-13961 |
7.8 |
2025-07-29 |
2025-07-29 |
Avast Cleanup Premium TuneupSvc Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-695 |
ZDI-CAN-25509 |
AVG |
CVE-2024-13944 |
7.8 |
2025-07-29 |
2025-07-29 |
AVG TuneUp for PC TuneupSvc Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-694 |
ZDI-CAN-25406 |
Delta Electronics |
CVE-2025-53416 |
7.8 |
2025-07-29 |
2025-07-29 |
Delta Electronics DTN Soft Project File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-693 |
ZDI-CAN-25570 |
Norton |
CVE-2024-13944 |
7.8 |
2025-07-29 |
2025-07-29 |
Norton Utilities Ultimate NortonUtilitiesSvc Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-692 |
ZDI-CAN-25015 |
Oracle |
CVE-2024-21273 |
5.3 |
2025-07-29 |
2025-07-29 |
Oracle VirtualBox VirtIO-SCSI Uninitialized Memory Information Disclosure Vulnerability |
| ZDI-25-691 |
ZDI-CAN-26915 |
Apple |
CVE-2025-43221 |
3.3 |
2025-07-29 |
2025-07-29 |
Apple macOS USD importAnimations Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-690 |
ZDI-CAN-26909 |
Apple |
CVE-2025-43221 |
3.3 |
2025-07-29 |
2025-07-29 |
Apple macOS USD importNodeAnimations Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-689 |
ZDI-CAN-27107 |
Apple |
CVE-2025-31281 |
7.8 |
2025-07-29 |
2025-07-29 |
Apple macOS USD importNodeAnimations Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-688 |
ZDI-CAN-26966 |
Apple |
CVE-2025-31281 |
3.3 |
2025-07-29 |
2025-07-29 |
Apple macOS USD importNodeAnimations Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-687 |
ZDI-CAN-26846 |
Apple |
CVE-2025-31281 |
3.3 |
2025-07-29 |
2025-07-29 |
Apple macOS USD readAccessorDataToFloat Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-686 |
ZDI-CAN-26914 |
Apple |
CVE-2025-43224 |
3.3 |
2025-07-29 |
2025-07-29 |
Apple macOS USD importNodeAnimations Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-685 |
ZDI-CAN-26853 |
Apple |
CVE-2025-43224 |
3.3 |
2025-07-29 |
2025-07-29 |
Apple macOS USD importNodeAnimations Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-684 |
ZDI-CAN-26830 |
Apple |
CVE-2025-43224 |
3.3 |
2025-07-29 |
2025-07-29 |
Apple macOS USD importNodeAnimations Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-683 |
ZDI-CAN-27105 |
Apple |
CVE-2025-43264 |
7.8 |
2025-07-29 |
2025-07-29 |
Apple macOS USD importMeshJointWeights Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-682 |
ZDI-CAN-26829 |
Apple |
CVE-2025-43264 |
7.8 |
2025-07-29 |
2025-07-29 |
Apple macOS USD importMeshes Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-681 |
ZDI-CAN-27287 |
Apple |
CVE-2025-43210 |
8.8 |
2025-07-29 |
2025-07-29 |
Apple macOS MediaToolbox Framework Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-680 |
ZDI-CAN-27274 |
Apple |
CVE-2025-43186 |
7.8 |
2025-07-29 |
2025-07-29 |
Apple macOS AudioToolbox MP4 File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-679 |
ZDI-CAN-27106 |
Apple |
CVE-2025-43215 |
3.3 |
2025-07-29 |
2025-07-29 |
Apple macOS USD readColor Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-678 |
ZDI-CAN-27041 |
Apple |
CVE-2025-43239 |
7.8 |
2025-07-29 |
2025-07-29 |
Apple macOS ICC Profile Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-677 |
ZDI-CAN-27036 |
Apple |
CVE-2025-43218 |
3.3 |
2025-07-29 |
2025-07-29 |
Apple macOS USD CustomLoadImageData Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-676 |
ZDI-CAN-26978 |
Apple |
CVE-2025-43219 |
7.8 |
2025-07-29 |
2025-07-29 |
Apple macOS USD importSkeletons Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-675 |
ZDI-CAN-26847 |
Apple |
CVE-2025-31280 |
3.3 |
2025-07-29 |
2025-07-29 |
Apple macOS USD readAccessorInts Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-674 |
ZDI-CAN-26636 |
Apple |
CVE-2025-43255 |
6.5 |
2025-07-29 |
2025-07-29 |
Apple macOS AppleIntelKBLGraphics Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-673 |
ZDI-CAN-26616 |
Apple |
CVE-2025-43209 |
8.8 |
2025-07-29 |
2025-07-29 |
Apple Safari getHourCycles Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-672 |
ZDI-CAN-25806 |
Samsung |
CVE-2025-54442 |
9.8 |
2025-07-28 |
2025-07-29 |
Samsung MagicINFO 9 Server filenameHasExecutableType Unrestricted File Upload Remote Code Execution Vulnerability |
| ZDI-25-671 |
ZDI-CAN-25978 |
Samsung |
CVE-2025-54455 |
9.1 |
2025-07-28 |
2025-07-28 |
Samsung MagicINFO 9 Server PremiumClientService Hard-coded Cryptographic Key Authentication Bypass Vulnerability |
| ZDI-25-670 |
ZDI-CAN-25839 |
Samsung |
CVE-2025-54454 |
9.1 |
2025-07-28 |
2025-07-28 |
Samsung MagicINFO 9 Server PremiumClientService Hard-coded Cryptographic Key Authentication Bypass Vulnerability |
| ZDI-25-669 |
ZDI-CAN-25802 |
Samsung |
CVE-2025-54453 |
8.8 |
2025-07-28 |
2025-07-28 |
Samsung MagicINFO 9 Server FtpMetaUploadServlet Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-668 |
ZDI-CAN-25800 |
Samsung |
CVE-2025-54452 |
7.3 |
2025-07-28 |
2025-07-28 |
Samsung MagicINFO 9 Server ServletAuthenticationProcessingFilter Authentication Bypass Vulnerability |
| ZDI-25-667 |
ZDI-CAN-26058 |
Samsung |
CVE-2025-54451 |
9.8 |
2025-07-28 |
2025-07-28 |
Samsung MagicINFO 9 Server MagicInfoCache Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-666 |
ZDI-CAN-26057 |
Samsung |
CVE-2025-54450 |
7.2 |
2025-07-28 |
2025-07-28 |
Samsung MagicINFO 9 Server DeviceLogUploadServlet Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-665 |
ZDI-CAN-25873 |
Samsung |
CVE-2025-54449 |
9.8 |
2025-07-28 |
2025-07-28 |
Samsung MagicINFO 9 Server fillLftOrLfdInfo Unrestricted File Upload Remote Code Execution Vulnerability |
| ZDI-25-664 |
ZDI-CAN-25874 |
Samsung |
CVE-2025-54448 |
9.8 |
2025-07-28 |
2025-07-28 |
Samsung MagicINFO 9 Server copyResourceToFile Unrestricted File Upload Remote Code Execution Vulnerability |
| ZDI-25-663 |
ZDI-CAN-25885 |
Samsung |
CVE-2025-54447 |
8.1 |
2025-07-28 |
2025-07-28 |
Samsung MagicINFO 9 Server OpenApiController Unrestricted File Upload Remote Code Execution Vulnerability |
| ZDI-25-662 |
ZDI-CAN-25955 |
Samsung |
CVE-2025-54446 |
9.8 |
2025-07-28 |
2025-07-28 |
Samsung MagicINFO 9 Server ResponseUploadActivity Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-661 |
ZDI-CAN-25860 |
Samsung |
CVE-2025-54445 |
8.2 |
2025-07-28 |
2025-07-28 |
Samsung MagicINFO 9 Server parseXMLString XML External Entity Processing Information Disclosure Vulnerability |
| ZDI-25-660 |
ZDI-CAN-25804 |
Samsung |
CVE-2025-54444 |
9.8 |
2025-07-28 |
2025-07-28 |
Samsung MagicINFO 9 Server filenameHasExecutableType Unrestricted File Upload Remote Code Execution Vulnerability |
| ZDI-25-659 |
ZDI-CAN-25772 |
Samsung |
CVE-2025-54443 |
9.8 |
2025-07-28 |
2025-07-28 |
Samsung MagicINFO 9 Server SWUpdateFileUploadServlet Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-658 |
ZDI-CAN-25807 |
Samsung |
CVE-2025-54441 |
8.8 |
2025-07-28 |
2025-07-28 |
Samsung MagicINFO 9 Server getFontFileFromMagicInfoServer Unrestricted File Upload Remote Code Execution Vulnerability |
| ZDI-25-657 |
ZDI-CAN-26519 |
Samsung |
CVE-2025-54440 |
9.8 |
2025-07-28 |
2025-07-28 |
Samsung MagicINFO 9 Server MagicInfoWebAuthorClient Unrestricted File Upload Remote Code Execution Vulnerability |
| ZDI-25-656 |
ZDI-CAN-25809 |
Samsung |
CVE-2025-54439 |
8.8 |
2025-07-28 |
2025-07-28 |
Samsung MagicINFO 9 Server getZipFileListForImport Unrestricted File Upload Remote Code Execution Vulnerability |
| ZDI-25-655 |
ZDI-CAN-26520 |
Samsung |
CVE-2025-54438 |
9.8 |
2025-07-28 |
2025-07-28 |
Samsung MagicINFO 9 Server downloadChangedFiles Directory Traversal Authentication Bypass Vulnerability |
| ZDI-25-654 |
ZDI-CAN-26280 |
SolarWinds |
CVE-2025-26397 |
7.8 |
2025-07-28 |
2025-07-28 |
SolarWinds TFTP Server Deserialization of Untrusted Data Local Privilege Escalation Vulnerability |
| ZDI-25-653 |
ZDI-CAN-27791 |
Microsoft |
CVE-2025-53770 |
8.8 |
2025-07-25 |
2025-07-25 |
(Pwn2Own) Microsoft SharePoint Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-652 |
ZDI-CAN-27790 |
Microsoft |
CVE-2025-53771 |
6.5 |
2025-07-25 |
2025-07-25 |
(Pwn2Own) Microsoft SharePoint ToolPane Authentication Bypass Vulnerability |
| ZDI-25-651 |
ZDI-CAN-27159 |
Red Hat |
CVE-2025-38350 |
8.8 |
2025-07-24 |
2025-07-24 |
(Pwn2Own) Red Hat Enterprise Linux CBS Packet Scheduling Use-After-Free Local Privilege Escalation Vulnerability |
| ZDI-25-650 |
ZDI-CAN-26647 |
ATEN |
CVE-2025-6685 |
8.8 |
2025-07-24 |
2025-07-24 |
ATEN eco DC Missing Authorization Privilege Escalation Vulnerability |
| ZDI-25-649 |
ZDI-CAN-25685 |
Veeam |
CVE-2025-24287 |
7.8 |
2025-07-24 |
2025-07-24 |
Veeam Agent for Microsoft Windows Incorrect Default Permissions Local Privilege Escalation Vulnerability |
| ZDI-25-648 |
ZDI-CAN-26882 |
Anritsu |
CVE-2025-7976 |
7.8 |
2025-07-24 |
2025-07-24 |
Anritsu ShockLine CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-647 |
ZDI-CAN-26913 |
Anritsu |
CVE-2025-7975 |
7.8 |
2025-07-24 |
2025-07-24 |
Anritsu ShockLine CHX File Parsing Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-646 |
ZDI-CAN-26780 |
Amazon |
CVE-2025-8069 |
7.0 |
2025-07-24 |
2025-07-24 |
Amazon AWS Client VPN Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
| ZDI-25-645 |
ZDI-CAN-27254 |
Autodesk |
CVE-2025-5037 |
7.8 |
2025-07-22 |
2025-07-22 |
Autodesk Revit RFA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-644 |
ZDI-CAN-25862 |
Ashlar-Vellum |
CVE-2025-7988 |
7.8 |
2025-07-22 |
2025-07-22 |
(0Day) Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-643 |
ZDI-CAN-25945 |
Ashlar-Vellum |
CVE-2025-7991 |
7.8 |
2025-07-22 |
2025-07-22 |
(0Day) Ashlar-Vellum Cobalt VC6 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-642 |
ZDI-CAN-25972 |
Ashlar-Vellum |
CVE-2025-7992 |
7.8 |
2025-07-22 |
2025-07-22 |
(0Day) Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-641 |
ZDI-CAN-25756 |
Ashlar-Vellum |
CVE-2025-7987 |
7.8 |
2025-07-22 |
2025-07-22 |
(0Day) Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-640 |
ZDI-CAN-25943 |
Ashlar-Vellum |
CVE-2025-7989 |
7.8 |
2025-07-22 |
2025-07-22 |
(0Day) Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-639 |
ZDI-CAN-25755 |
Ashlar-Vellum |
CVE-2025-7986 |
7.8 |
2025-07-22 |
2025-07-22 |
(0Day) Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-638 |
ZDI-CAN-25944 |
Ashlar-Vellum |
CVE-2025-7990 |
7.8 |
2025-07-22 |
2025-07-22 |
(0Day) Ashlar-Vellum Cobalt VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-637 |
ZDI-CAN-25704 |
Ashlar-Vellum |
CVE-2025-7985 |
7.8 |
2025-07-22 |
2025-07-22 |
(0Day) Ashlar-Vellum Cobalt VC6 File Parsing Integer Overflow Remote Code Execution Vulnerability |
| ZDI-25-636 |
ZDI-CAN-25700 |
Ashlar-Vellum |
CVE-2025-7984 |
7.8 |
2025-07-22 |
2025-07-22 |
(0Day) Ashlar-Vellum Cobalt AR File Parsing Uninitialized Variable Remote Code Execution Vulnerability |
| ZDI-25-635 |
ZDI-CAN-25477 |
Ashlar-Vellum |
CVE-2025-7983 |
7.8 |
2025-07-22 |
2025-07-22 |
(0Day) Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-634 |
ZDI-CAN-25475 |
Ashlar-Vellum |
CVE-2025-7981 |
7.8 |
2025-07-22 |
2025-07-22 |
(0Day) Ashlar-Vellum Graphite VC6 File Parsing Uninitialized Variable Remote Code Execution Vulnerability |
| ZDI-25-633 |
ZDI-CAN-25463 |
Ashlar-Vellum |
CVE-2025-7979 |
7.8 |
2025-07-22 |
2025-07-22 |
(0Day) Ashlar-Vellum Graphite VC6 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-632 |
ZDI-CAN-25459 |
Ashlar-Vellum |
CVE-2025-7978 |
7.8 |
2025-07-22 |
2025-07-22 |
(0Day) Ashlar-Vellum Graphite VC6 File Parsing Uninitialized Variable Remote Code Execution Vulnerability |
| ZDI-25-631 |
ZDI-CAN-25465 |
Ashlar-Vellum |
CVE-2025-7980 |
7.8 |
2025-07-22 |
2025-07-22 |
(0Day) Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-630 |
ZDI-CAN-25476 |
Ashlar-Vellum |
CVE-2025-7982 |
7.8 |
2025-07-22 |
2025-07-22 |
(0Day) Ashlar-Vellum Cobalt LI File Parsing Integer Overflow Remote Code Execution Vulnerability |
| ZDI-25-629 |
ZDI-CAN-25354 |
Ashlar-Vellum |
CVE-2025-7977 |
7.8 |
2025-07-22 |
2025-07-22 |
(0Day) Ashlar-Vellum Cobalt LI File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-628 |
ZDI-CAN-26346 |
Phoenix Contact |
CVE-2025-25271 |
3.1 |
2025-07-22 |
2025-07-22 |
(Pwn2Own) Phoenix Contact CHARX SEC-3150 OCPP Authentication Bypass Vulnerability |
| ZDI-25-627 |
ZDI-CAN-26517 |
rocket.chat |
CVE-2025-7974 |
3.7 |
2025-07-21 |
2025-07-21 |
rocket.chat Incorrect Authorization Information Disclosure Vulnerability |
| ZDI-25-626 |
ZDI-CAN-27193 |
NVIDIA |
CVE-2025-23266 |
8.8 |
2025-07-21 |
2025-07-21 |
(Pwn2Own) NVIDIA Container Toolkit Environment Variable Handling Local Privilege Escalation Vulnerability |
| ZDI-25-625 |
ZDI-CAN-26062 |
Veeam |
CVE-2025-24286 |
6.8 |
2025-07-21 |
2025-07-21 |
Veeam Backup Enterprise Manager JobManagmentService Improper Access Control Remote Code Execution Vulnerability |
| ZDI-25-624 |
ZDI-CAN-23328 |
Phoenix Contact |
CVE-2024-25995 |
7.5 |
2025-07-21 |
2025-07-21 |
(Pwn2Own) Phoenix Contact CHARX SEC-3100 Command Injection Remote Code Execution Vulnerability |
| ZDI-25-623 |
ZDI-CAN-26332 |
Phoenix Contact |
CVE-2025-25270 |
6.3 |
2025-07-21 |
2025-07-21 |
(Pwn2Own) Phoenix Contact CHARX SEC-3150 Origin Validation Error Firewall Bypass Vulnerability |
| ZDI-25-622 |
ZDI-CAN-26331 |
Phoenix Contact |
CVE-2025-25268 |
8.8 |
2025-07-21 |
2025-07-21 |
(Pwn2Own) Phoenix Contact CHARX SEC-3150 Configuration Service Missing Authentication Vulnerability |
| ZDI-25-621 |
ZDI-CAN-26350 |
Phoenix Contact |
CVE-2025-25269 |
8.8 |
2025-07-21 |
2025-07-21 |
(Pwn2Own) Phoenix Contact CHARX SEC-3150 DHCP Configuration Command Injection Remote Code Execution Vulnerability |
| ZDI-25-620 |
ZDI-CAN-26901 |
Dassault Systèmes |
CVE-2025-6973 |
7.8 |
2025-07-17 |
2025-07-17 |
Dassault Systèmes eDrawings Viewer JT File Parsing Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-619 |
ZDI-CAN-26813 |
Dassault Systèmes |
CVE-2025-0831 |
7.8 |
2025-07-17 |
2025-07-17 |
Dassault Systèmes eDrawings Viewer JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-618 |
ZDI-CAN-26895 |
Dassault Systèmes |
CVE-2025-6974 |
7.8 |
2025-07-17 |
2025-07-17 |
Dassault Systèmes eDrawings Viewer JT File Parsing Uninitialized Variable Remote Code Execution Vulnerability |
| ZDI-25-617 |
ZDI-CAN-26971 |
Dassault Systèmes |
CVE-2025-6972 |
7.8 |
2025-07-17 |
2025-07-17 |
Dassault Systèmes eDrawings Viewer CATPRODUCT File Parsing Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-616 |
ZDI-CAN-26975 |
Dassault Systèmes |
CVE-2025-6971 |
7.8 |
2025-07-17 |
2025-07-17 |
Dassault Systèmes eDrawings Viewer CATPRODUCT File Parsing Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-615 |
ZDI-CAN-27117 |
Dassault Systèmes |
CVE-2025-7042 |
7.8 |
2025-07-17 |
2025-07-17 |
Dassault Systèmes eDrawings Viewer IPT File Parsing Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-614 |
ZDI-CAN-25791 |
Hewlett Packard Enterprise |
CVE-2025-37107 |
7.3 |
2025-07-17 |
2025-07-17 |
Hewlett Packard Enterprise AutoPass License Server Authentication Bypass Vulnerability |
| ZDI-25-613 |
ZDI-CAN-25790 |
Hewlett Packard Enterprise |
CVE-2025-37106 |
7.3 |
2025-07-17 |
2025-07-17 |
Hewlett Packard Enterprise AutoPass License Server Hard-coded Credentials Authentication Bypass Vulnerability |
| ZDI-25-612 |
ZDI-CAN-25789 |
Hewlett Packard Enterprise |
CVE-2025-37105 |
7.5 |
2025-07-17 |
2025-07-17 |
Hewlett Packard Enterprise AutoPass License Server Hard-coded Credentials Remote Code Execution Vulnerability |
| ZDI-25-611 |
ZDI-CAN-27123 |
VMware |
CVE-2025-41239 |
6.5 |
2025-07-17 |
2025-07-17 |
VMware ESXi VMCI Uninitialized Memory Information Disclosure Vulnerability |
| ZDI-25-610 |
ZDI-CAN-27391 |
Linux |
CVE-2025-38191 |
5.9 |
2025-07-17 |
2025-07-17 |
Linux Kernel ksmbd destroy_previous_session Null Pointer Dereference Denial-of-Service Vulnerability |
| ZDI-25-609 |
ZDI-CAN-27121 |
Cisco |
CVE-2025-20281 |
9.8 |
2025-07-17 |
2025-07-17 |
Cisco Identity Services Engine invokeStrongSwanShellScript Command Injection Remote Code Execution Vulnerability |
| ZDI-25-608 |
ZDI-CAN-26483 |
Cisco |
CVE-2025-20282 |
9.8 |
2025-07-17 |
2025-07-17 |
Cisco Identity Services Engine handleFilesUpload Unrestricted File Upload Remote Code Execution Vulnerability |
| ZDI-25-607 |
ZDI-CAN-26481 |
Cisco |
CVE-2025-20337 |
9.8 |
2025-07-17 |
2025-07-17 |
Cisco Identity Services Engine enableStrongSwanTunnel Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-606 |
ZDI-CAN-26482 |
Cisco |
CVE-2025-20284 |
7.2 |
2025-07-17 |
2025-07-17 |
Cisco Identity Services Engine handleStrongSwanTunnelStatus Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-605 |
ZDI-CAN-26480 |
Cisco |
CVE-2025-20285 |
7.2 |
2025-07-17 |
2025-07-17 |
Cisco Identity Services Engine IpAccessFilter Direct Request Authentication Bypass Vulnerability |
| ZDI-25-604 |
ZDI-CAN-26479 |
Cisco |
CVE-2025-20283 |
7.2 |
2025-07-17 |
2025-07-17 |
Cisco Identity Services Engine disableStrongSwanTunnel Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-603 |
ZDI-CAN-27152 |
Autodesk |
CVE-2025-5037 |
7.8 |
2025-07-16 |
2025-07-16 |
Autodesk Revit RTE File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-602 |
ZDI-CAN-27154 |
Oracle |
CVE-2025-53027 |
8.2 |
2025-07-15 |
2025-07-15 |
(Pwn2Own) Oracle VirtualBox OHCI USB Controller Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability |
| ZDI-25-601 |
ZDI-CAN-27122 |
Oracle |
CVE-2025-53024 |
8.2 |
2025-07-15 |
2025-07-15 |
(Pwn2Own) Oracle VirtualBox VMSVGA Integer Overflow Local Privilege Escalation Vulnerability |
| ZDI-25-600 |
ZDI-CAN-27163 |
Oracle |
CVE-2025-53028 |
8.2 |
2025-07-15 |
2025-07-15 |
(Pwn2Own) Oracle VirtualBox VMSVGA Out-Of-Bounds Write Local Privilege Escalation Vulnerability |
| ZDI-25-599 |
ZDI-CAN-26653 |
Oracle |
CVE-2025-53026 |
6.0 |
2025-07-15 |
2025-07-15 |
Oracle VirtualBox LSILogic Uninitialized Memory Information Disclosure Vulnerability |
| ZDI-25-598 |
ZDI-CAN-26654 |
Oracle |
CVE-2025-53025 |
6.0 |
2025-07-15 |
2025-07-15 |
Oracle VirtualBox BusLogic Uninitialized Memory Information Disclosure Vulnerability |
| ZDI-25-597 |
ZDI-CAN-26922 |
Autodesk |
CVE-2025-5037 |
7.8 |
2025-07-15 |
2025-07-18 |
Autodesk Revit RFA File Parsing Type Confusion Remote Code Execution Vulnerability |
| ZDI-25-596 |
ZDI-CAN-26917 |
Autodesk |
CVE-2025-5040 |
7.8 |
2025-07-15 |
2025-07-15 |
Autodesk Revit RTE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-595 |
ZDI-CAN-27098 |
Autodesk |
CVE-2025-5037 |
7.8 |
2025-07-15 |
2025-07-15 |
Autodesk Revit RFA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-594 |
ZDI-CAN-26963 |
Autodesk |
CVE-2025-5037 |
7.8 |
2025-07-15 |
2025-07-15 |
Autodesk Revit RFA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-593 |
ZDI-CAN-26925 |
Autodesk |
CVE-2025-5037 |
7.8 |
2025-07-15 |
2025-07-15 |
Autodesk Revit RVT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-592 |
ZDI-CAN-26923 |
Autodesk |
CVE-2025-5037 |
7.8 |
2025-07-15 |
2025-07-15 |
Autodesk Revit RVT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-591 |
ZDI-CAN-26161 |
Delta Electronics |
CVE-2025-53415 |
7.8 |
2025-07-11 |
2025-07-11 |
Delta Electronics DTM Soft BIN File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-590 |
ZDI-CAN-26240 |
G DATA |
CVE-2025-2790 |
7.8 |
2025-07-11 |
2025-07-11 |
G DATA Total Security GDTunerSvc Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-589 |
ZDI-CAN-25342 |
Trend Micro |
CVE-2025-53378 |
7.6 |
2025-07-11 |
2025-07-11 |
Trend Micro Worry-Free Business Security Missing Authentication Vulnerability |
| ZDI-25-588 |
ZDI-CAN-26484 |
Trend Micro |
CVE-2025-53503 |
7.8 |
2025-07-11 |
2025-07-11 |
Trend Micro Cleaner One Pro Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-587 |
ZDI-CAN-26473 |
Luxion |
CVE-2025-7222 |
7.8 |
2025-07-11 |
2025-07-11 |
Luxion KeyShot 3DM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-586 |
ZDI-CAN-25729 |
Trend Micro |
CVE-2025-52837 |
7.8 |
2025-07-08 |
2025-07-08 |
Trend Micro Password Manager Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-585 |
ZDI-CAN-26887 |
Trend Micro |
CVE-2025-52521 |
7.8 |
2025-07-08 |
2025-07-08 |
Trend Micro Maximum Security Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-584 |
ZDI-CAN-27167 |
Microsoft |
CVE-2025-49727 |
8.8 |
2025-07-08 |
2025-07-08 |
Microsoft Windows win32kfull Out-Of-Bounds Write Local Privilege Escalation Vulnerability |
| ZDI-25-583 |
ZDI-CAN-26791 |
Microsoft |
CVE-2025-49732 |
7.8 |
2025-07-08 |
2025-07-08 |
Microsoft Windows win32kfull Out-Of-Bounds Write Local Privilege Escalation Vulnerability |
| ZDI-25-582 |
ZDI-CAN-27246 |
Microsoft |
CVE-2025-49740 |
7.0 |
2025-07-08 |
2025-07-08 |
Microsoft Windows Startup Folder SmartScreen Bypass Vulnerability |
| ZDI-25-581 |
ZDI-CAN-27247 |
Microsoft |
CVE-2025-49704 |
8.8 |
2025-07-08 |
2025-07-08 |
(Pwn2Own) Microsoft SharePoint DataSetSurrogateSelector Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-580 |
ZDI-CAN-27162 |
Microsoft |
CVE-2025-49706 |
6.5 |
2025-07-08 |
2025-07-08 |
(Pwn2Own) Microsoft SharePoint ToolPane Authentication Bypass Vulnerability |
| ZDI-25-579 |
ZDI-CAN-26249 |
Microsoft |
CVE-2025-47993 |
7.8 |
2025-07-08 |
2025-07-08 |
Microsoft PC Manager Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
| ZDI-25-578 |
ZDI-CAN-26768 |
Microsoft |
CVE-2025-49742 |
7.8 |
2025-07-08 |
2025-07-08 |
Microsoft Windows win32kfull Integer Overflow Local Privilege Escalation Vulnerability |
| ZDI-25-577 |
ZDI-CAN-26358 |
Microsoft |
CVE-2025-48820 |
7.8 |
2025-07-08 |
2025-07-08 |
Microsoft Windows AppX Deployment Service Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-576 |
ZDI-CAN-26572 |
Siemens |
CVE-2025-40738 |
8.8 |
2025-07-08 |
2025-07-08 |
Siemens SINEC NMS uploadFWBinary Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-575 |
ZDI-CAN-26571 |
Siemens |
CVE-2025-40737 |
8.8 |
2025-07-08 |
2025-07-08 |
Siemens SINEC NMS unZipJarFilestoLocation Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-574 |
ZDI-CAN-26569 |
Siemens |
CVE-2025-40736 |
9.8 |
2025-07-08 |
2025-07-08 |
Siemens SINEC NMS reqToChangePassword Authentication Bypass Vulnerability |
| ZDI-25-573 |
ZDI-CAN-26376 |
IrfanView |
CVE-2025-7299 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-572 |
ZDI-CAN-26434 |
IrfanView |
CVE-2025-7325 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-571 |
ZDI-CAN-26430 |
IrfanView |
CVE-2025-7324 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-570 |
ZDI-CAN-26428 |
IrfanView |
CVE-2025-7323 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-569 |
ZDI-CAN-26423 |
IrfanView |
CVE-2025-7322 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-568 |
ZDI-CAN-26421 |
IrfanView |
CVE-2025-7321 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-567 |
ZDI-CAN-26418 |
IrfanView |
CVE-2025-7320 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-566 |
ZDI-CAN-26413 |
IrfanView |
CVE-2025-7319 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-565 |
ZDI-CAN-26412 |
IrfanView |
CVE-2025-7318 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-564 |
ZDI-CAN-26411 |
IrfanView |
CVE-2025-7317 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-563 |
ZDI-CAN-26410 |
IrfanView |
CVE-2025-7316 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-562 |
ZDI-CAN-26408 |
IrfanView |
CVE-2025-7315 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-561 |
ZDI-CAN-26400 |
IrfanView |
CVE-2025-7314 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-560 |
ZDI-CAN-26399 |
IrfanView |
CVE-2025-7313 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-559 |
ZDI-CAN-26398 |
IrfanView |
CVE-2025-7312 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-558 |
ZDI-CAN-26395 |
IrfanView |
CVE-2025-7311 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-557 |
ZDI-CAN-26391 |
IrfanView |
CVE-2025-7309 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-556 |
ZDI-CAN-26393 |
IrfanView |
CVE-2025-7310 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-555 |
ZDI-CAN-26389 |
IrfanView |
CVE-2025-7308 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-554 |
ZDI-CAN-26388 |
IrfanView |
CVE-2025-7307 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-553 |
ZDI-CAN-26387 |
IrfanView |
CVE-2025-7306 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-552 |
ZDI-CAN-26386 |
IrfanView |
CVE-2025-7305 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-551 |
ZDI-CAN-26385 |
IrfanView |
CVE-2025-7304 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-550 |
ZDI-CAN-26384 |
IrfanView |
CVE-2025-7303 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-549 |
ZDI-CAN-26381 |
IrfanView |
CVE-2025-7302 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-548 |
ZDI-CAN-26380 |
IrfanView |
CVE-2025-7301 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-547 |
ZDI-CAN-26377 |
IrfanView |
CVE-2025-7300 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-546 |
ZDI-CAN-26243 |
IrfanView |
CVE-2025-7296 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-545 |
ZDI-CAN-26244 |
IrfanView |
CVE-2025-7297 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-544 |
ZDI-CAN-26242 |
IrfanView |
CVE-2025-7295 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-543 |
ZDI-CAN-26230 |
IrfanView |
CVE-2025-7294 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-542 |
ZDI-CAN-26246 |
IrfanView |
CVE-2025-7298 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-541 |
ZDI-CAN-26229 |
IrfanView |
CVE-2025-7293 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-540 |
ZDI-CAN-26228 |
IrfanView |
CVE-2025-7292 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-539 |
ZDI-CAN-26227 |
IrfanView |
CVE-2025-7291 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-538 |
ZDI-CAN-26226 |
IrfanView |
CVE-2025-7290 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-537 |
ZDI-CAN-26221 |
IrfanView |
CVE-2025-7285 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-536 |
ZDI-CAN-26220 |
IrfanView |
CVE-2025-7284 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-535 |
ZDI-CAN-26225 |
IrfanView |
CVE-2025-7289 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-534 |
ZDI-CAN-26224 |
IrfanView |
CVE-2025-7288 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-533 |
ZDI-CAN-26223 |
IrfanView |
CVE-2025-7287 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-532 |
ZDI-CAN-26222 |
IrfanView |
CVE-2025-7286 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-531 |
ZDI-CAN-26219 |
IrfanView |
CVE-2025-7283 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-530 |
ZDI-CAN-26216 |
IrfanView |
CVE-2025-7282 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-529 |
ZDI-CAN-26215 |
IrfanView |
CVE-2025-7281 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-528 |
ZDI-CAN-26214 |
IrfanView |
CVE-2025-7280 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-527 |
ZDI-CAN-26213 |
IrfanView |
CVE-2025-7279 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-526 |
ZDI-CAN-26211 |
IrfanView |
CVE-2025-7278 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-525 |
ZDI-CAN-26203 |
IrfanView |
CVE-2025-7274 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-524 |
ZDI-CAN-26209 |
IrfanView |
CVE-2025-7277 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-523 |
ZDI-CAN-26208 |
IrfanView |
CVE-2025-7276 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-522 |
ZDI-CAN-26204 |
IrfanView |
CVE-2025-7275 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-521 |
ZDI-CAN-26198 |
IrfanView |
CVE-2025-7272 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-520 |
ZDI-CAN-26193 |
IrfanView |
CVE-2025-7271 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-519 |
ZDI-CAN-26202 |
IrfanView |
CVE-2025-7273 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-518 |
ZDI-CAN-26189 |
IrfanView |
CVE-2025-7270 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-517 |
ZDI-CAN-26188 |
IrfanView |
CVE-2025-7269 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-516 |
ZDI-CAN-26182 |
IrfanView |
CVE-2025-7268 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-515 |
ZDI-CAN-26179 |
IrfanView |
CVE-2025-7267 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-514 |
ZDI-CAN-26174 |
IrfanView |
CVE-2025-7266 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-513 |
ZDI-CAN-26173 |
IrfanView |
CVE-2025-7265 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-512 |
ZDI-CAN-26171 |
IrfanView |
CVE-2025-7264 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-511 |
ZDI-CAN-26170 |
IrfanView |
CVE-2025-7263 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-510 |
ZDI-CAN-26132 |
IrfanView |
CVE-2025-7262 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-509 |
ZDI-CAN-26130 |
IrfanView |
CVE-2025-7261 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-508 |
ZDI-CAN-26129 |
IrfanView |
CVE-2025-7260 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-507 |
ZDI-CAN-26127 |
IrfanView |
CVE-2025-7258 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-506 |
ZDI-CAN-26085 |
IrfanView |
CVE-2025-7239 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-505 |
ZDI-CAN-26084 |
IrfanView |
CVE-2025-7238 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-504 |
ZDI-CAN-26083 |
IrfanView |
CVE-2025-7237 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-503 |
ZDI-CAN-26126 |
IrfanView |
CVE-2025-7257 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-502 |
ZDI-CAN-26119 |
IrfanView |
CVE-2025-7256 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-501 |
ZDI-CAN-26098 |
IrfanView |
CVE-2025-7248 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-500 |
ZDI-CAN-26118 |
IrfanView |
CVE-2025-7255 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-499 |
ZDI-CAN-26096 |
IrfanView |
CVE-2025-7247 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-498 |
ZDI-CAN-26095 |
IrfanView |
CVE-2025-7246 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-497 |
ZDI-CAN-26093 |
IrfanView |
CVE-2025-7244 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-496 |
ZDI-CAN-26113 |
IrfanView |
CVE-2025-7254 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-495 |
ZDI-CAN-26074 |
IrfanView |
CVE-2025-7234 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin CGM File Parsing Out-of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-494 |
ZDI-CAN-26072 |
IrfanView |
CVE-2025-7233 |
3.3 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-493 |
ZDI-CAN-26112 |
IrfanView |
CVE-2025-7253 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-492 |
ZDI-CAN-26100 |
IrfanView |
CVE-2025-7249 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-491 |
ZDI-CAN-26091 |
IrfanView |
CVE-2025-7243 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-490 |
ZDI-CAN-26088 |
IrfanView |
CVE-2025-7242 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-489 |
ZDI-CAN-26087 |
IrfanView |
CVE-2025-7241 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-488 |
ZDI-CAN-26086 |
IrfanView |
CVE-2025-7240 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-487 |
ZDI-CAN-26080 |
IrfanView |
CVE-2025-7236 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-486 |
ZDI-CAN-26107 |
IrfanView |
CVE-2025-7250 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-485 |
ZDI-CAN-26075 |
IrfanView |
CVE-2025-7235 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-484 |
ZDI-CAN-26109 |
IrfanView |
CVE-2025-7252 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-483 |
ZDI-CAN-26108 |
IrfanView |
CVE-2025-7251 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-482 |
ZDI-CAN-25724 |
INVT |
CVE-2025-7231 |
7.8 |
2025-07-07 |
2025-07-07 |
(0Day) INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-481 |
ZDI-CAN-25723 |
INVT |
CVE-2025-7230 |
7.8 |
2025-07-07 |
2025-07-07 |
(0Day) INVT VT-Designer PM3 File Parsing Type Confusion Remote Code Execution Vulnerability |
| ZDI-25-480 |
ZDI-CAN-25722 |
INVT |
CVE-2025-7229 |
7.8 |
2025-07-07 |
2025-07-07 |
(0Day) INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-479 |
ZDI-CAN-25571 |
INVT |
CVE-2025-7228 |
7.8 |
2025-07-07 |
2025-07-07 |
(0Day) INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-478 |
ZDI-CAN-25550 |
INVT |
CVE-2025-7227 |
7.8 |
2025-07-07 |
2025-07-07 |
(0Day) INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-477 |
ZDI-CAN-25048 |
INVT |
CVE-2025-7226 |
7.8 |
2025-07-07 |
2025-07-07 |
(0Day) INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-476 |
ZDI-CAN-25047 |
INVT |
CVE-2025-7225 |
7.8 |
2025-07-07 |
2025-07-07 |
(0Day) INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-475 |
ZDI-CAN-25045 |
INVT |
CVE-2025-7224 |
7.8 |
2025-07-07 |
2025-07-07 |
(0Day) INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-474 |
ZDI-CAN-25044 |
INVT |
CVE-2025-7223 |
7.8 |
2025-07-07 |
2025-07-07 |
(0Day) INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-473 |
ZDI-CAN-25039 |
Parallels |
CVE-2025-6812 |
7.3 |
2025-07-07 |
2025-07-07 |
Parallels Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
| ZDI-25-472 |
ZDI-CAN-26720 |
Delta Electronics |
CVE-2025-47726 |
7.8 |
2025-07-03 |
2025-07-03 |
Delta Electronics CNCSoft Screen Editor DPB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-471 |
ZDI-CAN-26842 |
Delta Electronics |
CVE-2025-47727 |
7.8 |
2025-07-03 |
2025-07-03 |
Delta Electronics CNCSoft Screen Editor DPB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-470 |
ZDI-CAN-26719 |
Delta Electronics |
CVE-2025-47725 |
7.8 |
2025-07-03 |
2025-07-03 |
Delta Electronics CNCSoft Screen Editor DPB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-469 |
ZDI-CAN-26718 |
Delta Electronics |
CVE-2025-47724 |
7.8 |
2025-07-03 |
2025-07-03 |
Delta Electronics CNCSoft Screen Editor DPB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-468 |
ZDI-CAN-26061 |
GFI |
CVE-2019-18935, CVE-2017-11317, CVE-2014-2217 |
9.8 |
2025-07-03 |
2025-07-03 |
GFI Archiver Telerik Web UI Remote Code Execution Vulnerability |
| ZDI-25-467 |
ZDI-CAN-27381 |
GStreamer |
CVE-2025-6663 |
7.8 |
2025-07-03 |
2025-07-03 |
GStreamer H266 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-466 |
ZDI-CAN-25218 |
Marvell |
CVE-2025-6809 |
9.8 |
2025-06-27 |
2025-06-27 |
(0Day) Marvell QConvergeConsole readNICParametersFromFile Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-465 |
ZDI-CAN-25217 |
Marvell |
CVE-2025-6808 |
9.8 |
2025-06-27 |
2025-06-27 |
(0Day) Marvell QConvergeConsole readObjectFromConfigFile Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-464 |
ZDI-CAN-24922 |
Marvell |
CVE-2025-6802 |
9.8 |
2025-06-27 |
2025-06-27 |
(0Day) Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Remote Code Execution Vulnerability |
| ZDI-25-463 |
ZDI-CAN-24980 |
Marvell |
CVE-2025-6807 |
5.3 |
2025-06-27 |
2025-06-27 |
(0Day) Marvell QConvergeConsole getDriverTmpPath Directory Traversal Information Disclosure Vulnerability |
| ZDI-25-462 |
ZDI-CAN-24979 |
Marvell |
CVE-2025-6806 |
8.2 |
2025-06-27 |
2025-06-27 |
(0Day) Marvell QConvergeConsole decryptFile Directory Traversal Arbitrary File Write Vulnerability |
| ZDI-25-461 |
ZDI-CAN-24925 |
Marvell |
CVE-2025-6805 |
8.2 |
2025-06-27 |
2025-06-27 |
(0Day) Marvell QConvergeConsole deleteEventLogFile Directory Traversal Arbitrary File Deletion Vulnerability |
| ZDI-25-460 |
ZDI-CAN-24921 |
Marvell |
CVE-2025-6801 |
8.2 |
2025-06-27 |
2025-06-27 |
(0Day) Marvell QConvergeConsole saveNICParamsToFile Directory Traversal Arbitrary File Write Vulnerability |
| ZDI-25-459 |
ZDI-CAN-24920 |
Marvell |
CVE-2025-6800 |
7.5 |
2025-06-27 |
2025-06-27 |
(0Day) Marvell QConvergeConsole restoreESwitchConfig Directory Traversal Information Disclosure Vulnerability |
| ZDI-25-458 |
ZDI-CAN-24919 |
Marvell |
CVE-2025-6799 |
7.5 |
2025-06-27 |
2025-06-27 |
(0Day) Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability |
| ZDI-25-457 |
ZDI-CAN-24918 |
Marvell |
CVE-2025-6798 |
8.2 |
2025-06-27 |
2025-06-27 |
(0Day) Marvell QConvergeConsole deleteAppFile Directory Traversal Arbitrary File Deletion Vulnerability |
| ZDI-25-456 |
ZDI-CAN-24917 |
Marvell |
CVE-2025-6797 |
7.5 |
2025-06-27 |
2025-06-27 |
(0Day) Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability |
| ZDI-25-455 |
ZDI-CAN-24914 |
Marvell |
CVE-2025-6795 |
5.3 |
2025-06-27 |
2025-06-27 |
(0Day) Marvell QConvergeConsole getFileUploadSize Directory Traversal Information Disclosure Vulnerability |
| ZDI-25-454 |
ZDI-CAN-24913 |
Marvell |
CVE-2025-6794 |
9.8 |
2025-06-27 |
2025-06-27 |
(0Day) Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-453 |
ZDI-CAN-24924 |
Marvell |
CVE-2025-6804 |
7.5 |
2025-06-27 |
2025-06-27 |
(0Day) Marvell QConvergeConsole compressFirmwareDumpFiles Directory Traversal Information Disclosure Vulnerability |
| ZDI-25-452 |
ZDI-CAN-24923 |
Marvell |
CVE-2025-6803 |
7.5 |
2025-06-27 |
2025-06-27 |
(0Day) Marvell QConvergeConsole compressDriverFiles Directory Traversal Information Disclosure Vulnerability |
| ZDI-25-451 |
ZDI-CAN-24916 |
Marvell |
CVE-2025-6796 |
7.5 |
2025-06-27 |
2025-06-27 |
(0Day) Marvell QConvergeConsole getAppFileBytes Directory Traversal Information Disclosure Vulnerability |
| ZDI-25-450 |
ZDI-CAN-24912 |
Marvell |
CVE-2025-6793 |
9.4 |
2025-06-27 |
2025-06-27 |
(0Day) Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability |
| ZDI-25-449 |
ZDI-CAN-25397 |
Mescius |
CVE-2025-6811 |
9.8 |
2025-06-27 |
2025-06-27 |
(0Day) Mescius ActiveReports.NET TypeResolutionService Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-448 |
ZDI-CAN-25246 |
Mescius |
CVE-2025-6810 |
9.8 |
2025-06-27 |
2025-06-27 |
(0Day) Mescius ActiveReports.NET ReadValue Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-447 |
ZDI-CAN-26985 |
PDF-XChange |
CVE-2025-6662 |
3.3 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-446 |
ZDI-CAN-26823 |
PDF-XChange |
CVE-2025-6661 |
7.8 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor App Object Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-445 |
ZDI-CAN-26734 |
PDF-XChange |
CVE-2025-6659 |
7.8 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor PRC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-444 |
ZDI-CAN-26733 |
PDF-XChange |
CVE-2025-6658 |
3.3 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-443 |
ZDI-CAN-26763 |
PDF-XChange |
CVE-2025-6660 |
7.8 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor GIF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-442 |
ZDI-CAN-26732 |
PDF-XChange |
CVE-2025-6657 |
3.3 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-441 |
ZDI-CAN-26731 |
PDF-XChange |
CVE-2025-6656 |
3.3 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-440 |
ZDI-CAN-26730 |
PDF-XChange |
CVE-2025-6655 |
3.3 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-439 |
ZDI-CAN-26729 |
PDF-XChange |
CVE-2025-6654 |
7.8 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor PRC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-438 |
ZDI-CAN-26726 |
PDF-XChange |
CVE-2025-6653 |
3.3 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-437 |
ZDI-CAN-26724 |
PDF-XChange |
CVE-2025-6652 |
3.3 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-436 |
ZDI-CAN-26713 |
PDF-XChange |
CVE-2025-6651 |
7.8 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-435 |
ZDI-CAN-26712 |
PDF-XChange |
CVE-2025-6650 |
3.3 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-434 |
ZDI-CAN-26709 |
PDF-XChange |
CVE-2025-6649 |
3.3 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-433 |
ZDI-CAN-26671 |
PDF-XChange |
CVE-2025-6648 |
3.3 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-432 |
ZDI-CAN-26644 |
PDF-XChange |
CVE-2025-6647 |
7.8 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-431 |
ZDI-CAN-26643 |
PDF-XChange |
CVE-2025-6646 |
3.3 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor U3D File Parsing Use-After-Free Information Disclosure Vulnerability |
| ZDI-25-430 |
ZDI-CAN-26642 |
PDF-XChange |
CVE-2025-6645 |
7.8 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-429 |
ZDI-CAN-26536 |
PDF-XChange |
CVE-2025-6644 |
7.8 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-428 |
ZDI-CAN-26532 |
PDF-XChange |
CVE-2025-6643 |
3.3 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-427 |
ZDI-CAN-26530 |
PDF-XChange |
CVE-2025-6642 |
7.8 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-426 |
ZDI-CAN-26528 |
PDF-XChange |
CVE-2025-6641 |
3.3 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-425 |
ZDI-CAN-26527 |
PDF-XChange |
CVE-2025-6640 |
7.8 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-424 |
ZDI-CAN-26415 |
Mikrotik |
CVE-2025-6443 |
7.2 |
2025-06-25 |
2025-06-25 |
Mikrotik RouterOS VXLAN Source IP Improper Access Control Vulnerability |
| ZDI-25-423 |
ZDI-CAN-23719 |
Microsoft |
|
9.8 |
2025-06-25 |
2025-06-25 |
Microsoft WinJS winjsdevelop Uncontrolled Search Path Element Remote Code Execution Vulnerability |
| ZDI-25-422 |
ZDI-CAN-24823 |
Microsoft |
|
3.7 |
2025-06-25 |
2025-06-25 |
Microsoft Azure Machine Learning Environments Denial-of-Service Vulnerability |
| ZDI-25-421 |
ZDI-CAN-24622 |
Microsoft |
|
5.3 |
2025-06-25 |
2025-06-25 |
Microsoft Azure App Services Information Disclosure Vulnerability |
| ZDI-25-420 |
ZDI-CAN-26241 |
PaperCut |
CVE-2024-8404 |
7.8 |
2025-06-25 |
2025-06-25 |
PaperCut NG web-print-hot-folder Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-419 |
ZDI-CAN-26660 |
TeamViewer |
CVE-2025-36537 |
7.8 |
2025-06-25 |
2025-06-25 |
TeamViewer Incorrect Permission Assignment Local Privilege Escalation Vulnerability |
| ZDI-25-418 |
ZDI-CAN-26498 |
Apple |
CVE-2025-31196 |
4.3 |
2025-06-24 |
2025-06-24 |
Apple macOS CoreGraphics PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-417 |
ZDI-CAN-26010 |
Clam AntiVirus |
CVE-2025-20234 |
6.1 |
2025-06-23 |
2025-06-23 |
Clam AntiVirus UDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-416 |
ZDI-CAN-25837 |
ServiceStack |
CVE-2025-6445 |
8.1 |
2025-06-23 |
2025-06-23 |
ServiceStack FindType Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-415 |
ZDI-CAN-25834 |
ServiceStack |
CVE-2025-6444 |
5.9 |
2025-06-23 |
2025-06-23 |
ServiceStack GetErrorResponse Improper Input Validation NTLM Relay Vulnerability |
| ZDI-25-414 |
ZDI-CAN-21876 |
Ruby |
CVE-2025-6442 |
6.5 |
2025-06-23 |
2025-06-23 |
Ruby WEBrick read_header HTTP Request Smuggling Vulnerability |
| ZDI-25-413 |
ZDI-CAN-26018 |
Fuji Electric |
CVE-2025-41388 |
7.8 |
2025-06-19 |
2025-06-19 |
Fuji Electric Smart Editor TL5 File Parsing Stack-Based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-412 |
ZDI-CAN-26031 |
Fuji Electric |
CVE-2025-41413 |
7.8 |
2025-06-19 |
2025-06-19 |
Fuji Electric Smart Editor X1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-411 |
ZDI-CAN-26167 |
Delta Electronics |
CVE-2025-47728 |
7.8 |
2025-06-19 |
2025-06-19 |
Delta Electronics CNCSoft-G2 DPAX File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-410 |
ZDI-CAN-27104 |
Allegra |
CVE-2025-6216 |
9.8 |
2025-06-19 |
2025-06-19 |
Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability |
| ZDI-25-409 |
ZDI-CAN-27198 |
RARLAB |
CVE-2025-6218 |
7.8 |
2025-06-19 |
2025-06-19 |
RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-408 |
ZDI-CAN-24161 |
PEAK-System |
CVE-2025-6217 |
3.8 |
2025-06-18 |
2025-06-18 |
PEAK-System Driver PCANFD_ADD_FILTERS Time-Of-Check Time-Of-Use Information Disclosure Vulnerability |
| ZDI-25-407 |
ZDI-CAN-25346 |
SolarWinds |
CVE-2024-28988 |
9.8 |
2025-06-17 |
2025-06-17 |
SolarWinds Web Help Desk AjaxProxy Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-406 |
ZDI-CAN-25087 |
SolarWinds |
CVE-2024-45711 |
7.5 |
2025-06-17 |
2025-06-17 |
SolarWinds Serv-U FTP Service Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-405 |
ZDI-CAN-26024 |
Fuji Electric |
CVE-2025-41388 |
7.8 |
2025-06-17 |
2025-06-17 |
Fuji Electric Smart Editor X1 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-404 |
ZDI-CAN-26022 |
Fuji Electric |
CVE-2025-41388 |
7.8 |
2025-06-17 |
2025-06-17 |
Fuji Electric Smart Editor X1 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-403 |
ZDI-CAN-26020 |
Fuji Electric |
CVE-2025-41388 |
7.8 |
2025-06-17 |
2025-06-17 |
Fuji Electric Smart Editor V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-402 |
ZDI-CAN-25942 |
Fuji Electric |
CVE-2025-41388 |
7.8 |
2025-06-17 |
2025-06-17 |
Fuji Electric Smart Editor TL5 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-401 |
ZDI-CAN-26028 |
Fuji Electric |
CVE-2025-41413 |
7.8 |
2025-06-17 |
2025-06-17 |
Fuji Electric Smart Editor V10 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-400 |
ZDI-CAN-26032 |
Fuji Electric |
CVE-2025-32412 |
7.8 |
2025-06-17 |
2025-06-17 |
Fuji Electric Smart Editor TL5 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-399 |
ZDI-CAN-26026 |
Fuji Electric |
CVE-2025-41388 |
7.8 |
2025-06-17 |
2025-06-17 |
Fuji Electric Smart Editor V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-398 |
ZDI-CAN-25876 |
Trend Micro |
CVE-2025-49384 |
7.8 |
2025-06-17 |
2025-06-17 |
Trend Micro Internet Security Platinum Host Service Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-397 |
ZDI-CAN-25049 |
Delta Electronics |
CVE-2025-3495 |
9.8 |
2025-06-17 |
2025-06-17 |
Delta Electronics COMMGR Insufficient Randomization Authentication Bypass Vulnerability |
| ZDI-25-396 |
ZDI-CAN-25916 |
Siemens |
CVE-2025-31353 |
6.5 |
2025-06-16 |
2025-06-16 |
Siemens TeleControl Server Basic UpdateOpcSettings SQL Injection Information Disclosure Vulnerability |
| ZDI-25-395 |
ZDI-CAN-25915 |
Siemens |
CVE-2025-31352 |
6.5 |
2025-06-16 |
2025-06-16 |
Siemens TeleControl Server Basic UpdateGateways SQL Injection Information Disclosure Vulnerability |
| ZDI-25-394 |
ZDI-CAN-25917 |
Siemens |
CVE-2025-31351 |
6.5 |
2025-06-16 |
2025-06-16 |
Siemens TeleControl Server Basic CreateProject SQL Injection Information Disclosure Vulnerability |
| ZDI-25-393 |
ZDI-CAN-25918 |
Siemens |
CVE-2025-31350 |
6.5 |
2025-06-16 |
2025-06-16 |
Siemens TeleControl Server Basic UpdateBufferingSettings SQL Injection Information Disclosure Vulnerability |
| ZDI-25-392 |
ZDI-CAN-25919 |
Siemens |
CVE-2025-31349 |
6.5 |
2025-06-16 |
2025-06-16 |
Siemens TeleControl Server Basic UpdateSmtpSettings SQL Injection Information Disclosure Vulnerability |
| ZDI-25-391 |
ZDI-CAN-25920 |
Siemens |
CVE-2025-31343 |
6.5 |
2025-06-16 |
2025-06-16 |
Siemens TeleControl Server Basic UpdateTcmSettings SQL Injection Information Disclosure Vulnerability |
| ZDI-25-390 |
ZDI-CAN-25921 |
Siemens |
CVE-2025-30032 |
6.5 |
2025-06-16 |
2025-06-16 |
Siemens TeleControl Server Basic UpdateDatabaseSettings SQL Injection Information Disclosure Vulnerability |
| ZDI-25-389 |
ZDI-CAN-25922 |
Siemens |
CVE-2025-30031 |
6.5 |
2025-06-16 |
2025-06-16 |
Siemens TeleControl Server Basic UpdateUsers SQL Injection Information Disclosure Vulnerability |
| ZDI-25-388 |
ZDI-CAN-25924 |
Siemens |
CVE-2025-30030 |
6.5 |
2025-06-16 |
2025-06-16 |
Siemens TeleControl Server Basic ImportDatabase SQL Injection Information Disclosure Vulnerability |
| ZDI-25-387 |
ZDI-CAN-25910 |
Siemens |
CVE-2025-30003 |
6.5 |
2025-06-16 |
2025-06-16 |
Siemens TeleControl Server Basic UpdateProjectConnections SQL Injection Information Disclosure Vulnerability |
| ZDI-25-386 |
ZDI-CAN-25909 |
Siemens |
CVE-2025-30002 |
6.5 |
2025-06-16 |
2025-06-16 |
Siemens TeleControl Server Basic UpdateConnectionVariables SQL Injection Information Disclosure Vulnerability |
| ZDI-25-385 |
ZDI-CAN-25923 |
Siemens |
CVE-2025-29905 |
8.8 |
2025-06-16 |
2025-06-16 |
Siemens TeleControl Server Basic RestoreFromBackup SQL Injection Remote Code Execution Vulnerability |
| ZDI-25-384 |
ZDI-CAN-25913 |
Siemens |
CVE-2025-27540 |
9.8 |
2025-06-16 |
2025-06-16 |
Siemens TeleControl Server Basic Authenticate SQL Injection Remote Code Execution Vulnerability |
| ZDI-25-383 |
ZDI-CAN-25914 |
Siemens |
CVE-2025-27539 |
9.8 |
2025-06-16 |
2025-06-16 |
Siemens TeleControl Server Basic VerifyUser SQL Injection Remote Code Execution Vulnerability |
| ZDI-25-382 |
ZDI-CAN-25912 |
Siemens |
CVE-2025-32475 |
6.5 |
2025-06-16 |
2025-06-16 |
Siemens TeleControl Server Basic UpdateProject SQL Injection Information Disclosure Vulnerability |
| ZDI-25-381 |
ZDI-CAN-25911 |
Siemens |
CVE-2025-27495 |
9.8 |
2025-06-16 |
2025-06-16 |
Siemens TeleControl Server Basic CreateTrace SQL Injection Remote Code Execution Vulnerability |
| ZDI-25-380 |
ZDI-CAN-25877 |
Trend Micro |
CVE-2025-49385 |
7.8 |
2025-06-13 |
2025-06-13 |
Trend Micro Maximum Security Platinum Host Service Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-379 |
ZDI-CAN-25589 |
Ubiquiti Networks |
CVE-2025-23117 |
6.8 |
2025-06-11 |
2025-06-11 |
(Pwn2Own) Ubiquiti Networks AI Bullet Insufficient Firmware Update Validation Remote Code Execution Vulnerability |
| ZDI-25-378 |
ZDI-CAN-25588 |
Ubiquiti Networks |
CVE-2025-23116 |
9.6 |
2025-06-11 |
2025-06-11 |
(Pwn2Own) Ubiquiti Networks UniFi Console Missing Authentication for Critical Function Authentication Bypass Vulnerability |
| ZDI-25-377 |
ZDI-CAN-25603 |
Ubiquiti Networks |
CVE-2025-23119 |
7.5 |
2025-06-11 |
2025-06-11 |
(Pwn2Own) Ubiquiti Networks AI Bullet Improper Neutralization of Escape Sequences Authentication Bypass Vulnerability |
| ZDI-25-376 |
ZDI-CAN-25666 |
Ubiquiti Networks |
CVE-2025-23118 |
7.5 |
2025-06-11 |
2025-06-11 |
(Pwn2Own) Ubiquiti Networks AI Bullet Improper Certificate Validation Authentication Bypass Vulnerability |
| ZDI-25-375 |
ZDI-CAN-25526 |
Trend Micro |
CVE-2025-49218 |
8.8 |
2025-06-11 |
2025-06-11 |
Trend Micro Endpoint Encryption ProcessWhereClause SQL Injection Privilege Escalation Vulnerability |
| ZDI-25-374 |
ZDI-CAN-25505 |
Trend Micro |
CVE-2025-49217 |
8.1 |
2025-06-11 |
2025-06-11 |
Trend Micro Endpoint Encryption ValidateToken Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-373 |
ZDI-CAN-25519 |
Trend Micro |
CVE-2025-49216 |
9.8 |
2025-06-11 |
2025-06-11 |
Trend Micro Endpoint Encryption DbAppDomain Authentication Bypass Vulnerability |
| ZDI-25-372 |
ZDI-CAN-25527 |
Trend Micro |
CVE-2025-49215 |
8.8 |
2025-06-11 |
2025-06-11 |
Trend Micro Endpoint Encryption GetGroupFilteredUsers SQL Injection Privilege Escalation Vulnerability |
| ZDI-25-371 |
ZDI-CAN-25518 |
Trend Micro |
CVE-2025-49212 |
8.8 |
2025-06-11 |
2025-06-11 |
Trend Micro Endpoint Encryption DeserializeFromBase64String Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-370 |
ZDI-CAN-25506 |
Trend Micro |
CVE-2025-49213 |
9.8 |
2025-06-11 |
2025-06-11 |
Trend Micro Endpoint Encryption PolicyServerWindowsService Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-369 |
ZDI-CAN-25507 |
Trend Micro |
CVE-2025-49212 |
9.8 |
2025-06-11 |
2025-06-11 |
Trend Micro Endpoint Encryption PolicyValueTableSerializationBinder Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-368 |
ZDI-CAN-25528 |
Trend Micro |
CVE-2025-49211 |
8.8 |
2025-06-11 |
2025-06-11 |
Trend Micro Endpoint Encryption BuildEnterpriseSearchString SQL Injection Privilege Escalation Vulnerability |
| ZDI-25-367 |
ZDI-CAN-25495 |
Trend Micro |
CVE-2025-49220 |
9.8 |
2025-06-11 |
2025-06-11 |
Trend Micro Apex Central ConvertFromJson Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-366 |
ZDI-CAN-25286 |
Trend Micro |
CVE-2025-49219 |
9.8 |
2025-06-11 |
2025-06-11 |
Trend Micro Apex Central GetReportDetailView Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-365 |
ZDI-CAN-25771 |
Trend Micro |
CVE-2025-49158 |
6.7 |
2025-06-11 |
2025-06-11 |
Trend Micro Apex One Security Agent ntrmv Uncontrolled Search Path Local Privilege Escalation Vulnerability |
| ZDI-25-364 |
ZDI-CAN-25273 |
Trend Micro |
CVE-2025-49157 |
7.8 |
2025-06-11 |
2025-06-11 |
Trend Micro Apex One Damage Cleanup Engine Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-363 |
ZDI-CAN-24973 |
Trend Micro |
CVE-2025-49156 |
7.0 |
2025-06-11 |
2025-06-11 |
Trend Micro Apex One Virus Scan Engine Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-362 |
ZDI-CAN-24571 |
Trend Micro |
CVE-2025-49155 |
8.8 |
2025-06-11 |
2025-06-11 |
Trend Micro Apex One Data Loss Prevention Uncontrolled Search Path Remote Code Execution Vulnerability |
| ZDI-25-361 |
ZDI-CAN-25574 |
Trend Micro |
CVE-2025-48443 |
6.7 |
2025-06-11 |
2025-06-11 |
Trend Micro Password Manager Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-360 |
ZDI-CAN-23056 |
Trend Micro |
CVE-2025-49487 |
6.8 |
2025-06-11 |
2025-06-11 |
Trend Micro Worry-Free Business Security Uncontrolled Search Path Element Arbitrary Code Execution Vulnerability |
| ZDI-25-359 |
ZDI-CAN-26586 |
Microsoft |
CVE-2025-47959 |
7.8 |
2025-06-10 |
2025-06-11 |
Microsoft Visual Studio initializeCommand Insufficient UI Warning Remote Code Execution Vulnerability |
| ZDI-25-358 |
ZDI-CAN-26285 |
Sony |
CVE-2025-5820 |
6.3 |
2025-06-11 |
2025-06-11 |
(Pwn2Own) Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass Vulnerability |
| ZDI-25-357 |
ZDI-CAN-26284 |
Sony |
CVE-2025-5476 |
6.3 |
2025-06-11 |
2025-06-11 |
(Pwn2Own) Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability |
| ZDI-25-356 |
ZDI-CAN-26290 |
Sony |
CVE-2025-5479 |
7.5 |
2025-06-11 |
2025-06-11 |
(Pwn2Own) Sony XAV-AX8500 Bluetooth AVCTP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-355 |
ZDI-CAN-26288 |
Sony |
CVE-2025-5478 |
8.8 |
2025-06-11 |
2025-06-11 |
(Pwn2Own) Sony XAV-AX8500 Bluetooth SDP Protocol Integer Overflow Remote Code Execution Vulnerability |
| ZDI-25-354 |
ZDI-CAN-26286 |
Sony |
CVE-2025-5477 |
7.5 |
2025-06-11 |
2025-06-11 |
(Pwn2Own) Sony XAV-AX8500 Bluetooth L2CAP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-353 |
ZDI-CAN-26283 |
Sony |
CVE-2025-5475 |
7.5 |
2025-06-11 |
2025-06-11 |
(Pwn2Own) Sony XAV-AX8500 Bluetooth Packet Handling Integer Overflow Remote Code Execution Vulnerability |
| ZDI-25-352 |
ZDI-CAN-26079 |
Pioneer |
CVE-2025-5832 |
6.8 |
2025-06-11 |
2025-08-28 |
Pioneer DMH-WT7600NEX Software Update Signing Insufficient Verification of Data Authenticity Vulnerability |
| ZDI-25-351 |
ZDI-CAN-26078 |
Pioneer |
CVE-2025-5834 |
4.4 |
2025-06-11 |
2025-08-28 |
Pioneer DMH-WT7600NEX Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability |
| ZDI-25-350 |
ZDI-CAN-26077 |
Pioneer |
CVE-2025-5833 |
4.6 |
2025-06-11 |
2025-08-28 |
Pioneer DMH-WT7600NEX Root Filesystem Insufficient Verification of Data Authenticity Vulnerability |
| ZDI-25-349 |
ZDI-CAN-26327 |
Autel |
CVE-2025-5830 |
8.8 |
2025-06-11 |
2025-06-11 |
(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial DLB_SlaveRegister Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-348 |
ZDI-CAN-26330 |
Autel |
CVE-2025-5829 |
6.8 |
2025-06-11 |
2025-06-11 |
(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial autocharge Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-347 |
ZDI-CAN-26328 |
Autel |
CVE-2025-5828 |
6.8 |
2025-06-11 |
2025-06-11 |
(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial wLength Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-346 |
ZDI-CAN-26369 |
Autel |
CVE-2025-5827 |
8.8 |
2025-06-11 |
2025-06-11 |
(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-345 |
ZDI-CAN-26368 |
Autel |
CVE-2025-5826 |
6.3 |
2025-06-11 |
2025-06-11 |
(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Misinterpretation of Input Vulnerability |
| ZDI-25-344 |
ZDI-CAN-26354 |
Autel |
CVE-2025-5825 |
7.5 |
2025-06-11 |
2025-06-11 |
(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial Firmware Downgrade Remote Code Execution Vulnerability |
| ZDI-25-343 |
ZDI-CAN-26353 |
Autel |
CVE-2025-5824 |
5.0 |
2025-06-11 |
2025-06-11 |
(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial Origin Validation Error Authentication Bypass Vulnerability |
| ZDI-25-342 |
ZDI-CAN-26352 |
Autel |
|
7.5 |
2025-06-11 |
2025-06-11 |
(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial PIN Missing Authentication Information Disclosure Vulnerability |
| ZDI-25-341 |
ZDI-CAN-26351 |
Autel |
CVE-2025-5823 |
4.9 |
2025-06-11 |
2025-06-11 |
(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial Serial Number Exposed Dangerous Method Information Disclosure Vulnerability |
| ZDI-25-340 |
ZDI-CAN-26325 |
Autel |
CVE-2025-5822 |
7.1 |
2025-06-11 |
2025-06-11 |
(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial Technician API Incorrect Authorization Privilege Escalation Vulnerability |
| ZDI-25-339 |
ZDI-CAN-25932 |
Jupyter |
CVE-2025-30167 |
7.3 |
2025-06-10 |
2025-06-10 |
JupyterLab Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
| ZDI-25-338 |
ZDI-CAN-26593 |
Adobe |
CVE-2025-43574 |
7.8 |
2025-06-10 |
2025-06-10 |
Adobe Acrobat Reader DC Collab Object Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-337 |
ZDI-CAN-26777 |
Adobe |
CVE-2025-47112 |
3.3 |
2025-06-10 |
2025-06-10 |
Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-336 |
ZDI-CAN-26590 |
Adobe |
CVE-2025-43573 |
7.8 |
2025-06-10 |
2025-06-10 |
Adobe Acrobat Reader DC Collab Object Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-335 |
ZDI-CAN-26342 |
Adobe |
CVE-2025-43575 |
7.8 |
2025-06-10 |
2025-06-10 |
Adobe Acrobat Reader DC Doc Object Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-334 |
ZDI-CAN-26776 |
Microsoft |
CVE-2025-30394 |
8.6 |
2025-06-10 |
2025-06-10 |
Microsoft Windows Remote Desktop Gateway Service Null Pointer Dereference Denial-of-Service Vulnerability |
| ZDI-25-333 |
ZDI-CAN-26487 |
Microsoft |
CVE-2025-32714 |
7.8 |
2025-06-10 |
2025-06-10 |
Microsoft Windows Installer Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
| ZDI-25-332 |
ZDI-CAN-26710 |
Microsoft |
CVE-2025-33075 |
7.8 |
2025-06-10 |
2025-06-10 |
Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-331 |
ZDI-CAN-26852 |
Autodesk |
CVE-2025-5036 |
7.8 |
2025-06-06 |
2025-06-06 |
Autodesk Revit RFA File Parsing Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-330 |
ZDI-CAN-26292 |
WOLFBOX |
CVE-2025-5751 |
4.6 |
2025-06-06 |
2025-06-06 |
(0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Authentication Bypass Vulnerability |
| ZDI-25-329 |
ZDI-CAN-26294 |
WOLFBOX |
CVE-2025-5750 |
8.8 |
2025-06-06 |
2025-06-06 |
(0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger tuya_svc_devos_activate_result_parse Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-328 |
ZDI-CAN-26295 |
WOLFBOX |
CVE-2025-5749 |
6.3 |
2025-06-06 |
2025-06-06 |
(0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger BLE Encryption Keys Uninitialized Variable Authentication Bypass Vulnerability |
| ZDI-25-327 |
ZDI-CAN-26349 |
WOLFBOX |
CVE-2025-5748 |
8.0 |
2025-06-06 |
2025-06-06 |
(0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger LAN OTA Exposed Dangerous Method Remote Code Execution Vulnerability |
| ZDI-25-326 |
ZDI-CAN-26501 |
WOLFBOX |
CVE-2025-5747 |
8.0 |
2025-06-06 |
2025-06-06 |
(0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability |
| ZDI-25-325 |
ZDI-CAN-25954 |
Hewlett Packard Enterprise |
CVE-2025-37099 |
9.8 |
2025-06-05 |
2025-06-05 |
Hewlett Packard Enterprise Insight Remote Support processAttachmentDataStream Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-324 |
ZDI-CAN-26168 |
Sante |
CVE-2025-5481 |
7.8 |
2025-06-03 |
2025-06-03 |
Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-323 |
ZDI-CAN-26767 |
Action1 |
CVE-2025-5480 |
7.8 |
2025-06-03 |
2025-06-06 |
Action1 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
| ZDI-25-322 |
ZDI-CAN-26962 |
2BrightSparks |
CVE-2025-5474 |
7.3 |
2025-06-03 |
2025-06-06 |
2BrightSparks SyncBackFree Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-321 |
ZDI-CAN-26752 |
GIMP |
CVE-2025-5473 |
7.8 |
2025-06-03 |
2025-06-06 |
GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability |
| ZDI-25-320 |
ZDI-CAN-26279 |
SolarWinds |
CVE-2025-26396 |
7.8 |
2025-06-02 |
2025-06-02 |
SolarWinds DameWare Mini Remote Control Service Incorrect Permissions Local Privilege Escalation Vulnerability |
| ZDI-25-319 |
ZDI-CAN-25316 |
Hewlett Packard Enterprise |
CVE-2025-37096 |
7.2 |
2025-06-02 |
2025-06-02 |
Hewlett Packard Enterprise StoreOnce VSA getServerCertificate Command Injection Remote Code Execution Vulnerability |
| ZDI-25-318 |
ZDI-CAN-25315 |
Hewlett Packard Enterprise |
CVE-2025-37095 |
4.9 |
2025-06-02 |
2025-06-02 |
Hewlett Packard Enterprise StoreOnce VSA getServerPayload Directory Traversal Information Disclosure Vulnerability |
| ZDI-25-317 |
ZDI-CAN-25314 |
Hewlett Packard Enterprise |
CVE-2025-37094 |
5.5 |
2025-06-02 |
2025-06-02 |
Hewlett Packard Enterprise StoreOnce VSA deletePackages Directory Traversal Arbitrary File Deletion Vulnerability |
| ZDI-25-316 |
ZDI-CAN-24985 |
Hewlett Packard Enterprise |
CVE-2025-37093 |
9.8 |
2025-06-02 |
2025-06-02 |
Hewlett Packard Enterprise StoreOnce VSA Authentication Bypass Vulnerability |
| ZDI-25-315 |
ZDI-CAN-24984 |
Hewlett Packard Enterprise |
CVE-2025-37092 |
7.2 |
2025-06-02 |
2025-06-02 |
Hewlett Packard Enterprise StoreOnce VSA queryHardwareReportLocally Command Injection Remote Code Execution Vulnerability |
| ZDI-25-314 |
ZDI-CAN-24983 |
Hewlett Packard Enterprise |
CVE-2025-37091 |
7.2 |
2025-06-02 |
2025-06-02 |
Hewlett Packard Enterprise StoreOnce VSA doExecute Command Injection Remote Code Execution Vulnerability |
| ZDI-25-313 |
ZDI-CAN-24982 |
Hewlett Packard Enterprise |
CVE-2025-37090 |
5.3 |
2025-06-02 |
2025-06-02 |
Hewlett Packard Enterprise StoreOnce VSA determineInclusionAndExtract Server-Side Request Forgery Vulnerability |
| ZDI-25-312 |
ZDI-CAN-24981 |
Hewlett Packard Enterprise |
CVE-2025-37089 |
7.2 |
2025-06-02 |
2025-06-02 |
Hewlett Packard Enterprise StoreOnce VSA setLocateBeaconOnHardware Command Injection Remote Code Execution Vulnerability |
| ZDI-25-311 |
ZDI-CAN-25865 |
Sonos |
CVE-2025-1051 |
8.8 |
2025-05-29 |
2025-05-29 |
(Pwn2Own) Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-310 |
ZDI-CAN-26505 |
Linux |
CVE-2025-22037 |
6.8 |
2025-05-29 |
2025-06-03 |
Linux Kernel ksmbd Session Setup Null Pointer Dereference Denial-of-Service Vulnerability |
| ZDI-25-309 |
ZDI-CAN-25779 |
Canon |
CVE-2025-2146 |
8.8 |
2025-05-28 |
2025-05-28 |
(Pwn2Own) Canon imageCLASS MF656Cdw sfpcmAuthenticateSecAdmin Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-308 |
ZDI-CAN-25684 |
Adobe |
CVE-2025-30310 |
7.8 |
2025-05-21 |
2025-05-21 |
Adobe Dreamweaver V8 Remote Code Execution Vulnerability |
| ZDI-25-307 |
ZDI-CAN-26711 |
Linux |
|
6.7 |
2025-05-21 |
2025-05-21 |
Linux Kernel OpenvSwitch Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-306 |
ZDI-CAN-23513 |
Docker |
CVE-2024-5652 |
7.8 |
2025-05-21 |
2025-05-21 |
Docker Desktop Helper Service Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-305 |
ZDI-CAN-24156 |
Apple |
CVE-2025-31219 |
8.8 |
2025-05-21 |
2025-05-21 |
Apple XNU kernel vm_map Race Condition Local Privilege Escalation Vulnerability |
| ZDI-25-304 |
ZDI-CAN-26603 |
Apple |
CVE-2025-31251 |
8.8 |
2025-05-21 |
2025-05-21 |
Apple macOS JPEG Image Decoding Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-303 |
ZDI-CAN-26148 |
Apple |
CVE-2025-24222 |
4.3 |
2025-05-21 |
2025-05-21 |
Apple Safari SandboxBroker ZIP File Processing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-302 |
ZDI-CAN-26650 |
Apple |
CVE-2025-31239 |
7.8 |
2025-05-21 |
2025-05-21 |
Apple macOS CoreMedia Framework Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-301 |
ZDI-CAN-26150 |
Apple |
CVE-2025-31238 |
8.8 |
2025-05-21 |
2025-05-21 |
Apple Safari Scrollbar Animation Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-300 |
ZDI-CAN-26714 |
Apple |
CVE-2025-31209 |
3.3 |
2025-05-21 |
2025-05-21 |
Apple macOS PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-299 |
ZDI-CAN-26783 |
Apple |
CVE-2025-31208 |
3.3 |
2025-05-21 |
2025-05-21 |
Apple macOS acv2 Codec Converter Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-298 |
ZDI-CAN-26826 |
Apple |
CVE-2025-31233 |
8.8 |
2025-05-21 |
2025-05-21 |
Apple macOS MP4 File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-297 |
ZDI-CAN-24936 |
Trend Micro |
CVE-2025-47867 |
7.5 |
2025-05-21 |
2025-05-21 |
Trend Micro Apex Central widget getBlock Local File Inclusion Remote Code Execution Vulnerability |
| ZDI-25-296 |
ZDI-CAN-25331 |
Trend Micro |
CVE-2025-47866 |
4.3 |
2025-05-21 |
2025-05-21 |
Trend Micro Apex Central modTMCM Unrestricted File Upload Vulnerability |
| ZDI-25-295 |
ZDI-CAN-24938 |
Trend Micro |
CVE-2025-47865 |
7.5 |
2025-05-21 |
2025-05-21 |
Trend Micro Apex Central widget getObjWGFServiceApiByApiName Local File Inclusion Remote Code Execution Vulnerability |
| ZDI-25-294 |
ZDI-CAN-26137 |
Microsoft |
CVE-2025-29975 |
7.8 |
2025-05-21 |
2025-05-21 |
Microsoft PC Manager MSPCManagerService Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-293 |
ZDI-CAN-26153 |
Microsoft |
CVE-2025-29837 |
6.1 |
2025-05-21 |
2025-05-21 |
Microsoft Windows Installer Service Link Following Information Disclosure Vulnerability |
| ZDI-25-292 |
ZDI-CAN-27202 |
Mozilla |
CVE-2025-4918 |
8.8 |
2025-05-21 |
2025-06-12 |
(Pwn2Own) Mozilla Firefox SpiderMonkey Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-291 |
ZDI-CAN-27172 |
Mozilla |
CVE-2025-4919 |
8.8 |
2025-05-21 |
2025-05-21 |
(Pwn2Own) Mozilla Firefox IonMonkey JIT Compiler Integer Overflow Remote Code Execution Vulnerability |
| ZDI-25-290 |
ZDI-CAN-25727 |
Rockwell Automation |
CVE-2025-3617 |
7.8 |
2025-05-13 |
2025-05-21 |
Rockwell Automation ThinManager ThinServer Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-289 |
ZDI-CAN-25872 |
Rockwell Automation |
CVE-2025-3618 |
7.5 |
2025-05-13 |
2025-05-13 |
Rockwell Automation ThinManager ThinServer Null Pointer Dereference Denial-of-Service Vulnerability |
| ZDI-25-288 |
ZDI-CAN-25181 |
Fortinet |
CVE-2025-25254 |
7.2 |
2025-05-13 |
2025-05-13 |
Fortinet FortiWeb cgi_httpcontentrouting_post Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-287 |
ZDI-CAN-25977 |
JetBrains |
CVE-2025-46618 |
5.4 |
2025-05-13 |
2025-05-13 |
JetBrains TeamCity Diagnostics Data Directory Cross-Site Scripting Vulnerability |
| ZDI-25-286 |
ZDI-CAN-26017 |
Dassault Systèmes |
CVE-2025-1883 |
7.8 |
2025-05-13 |
2025-05-13 |
Dassault Systèmes eDrawings Viewer OBJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-285 |
ZDI-CAN-26029 |
Dassault Systèmes |
CVE-2025-1884 |
7.8 |
2025-05-13 |
2025-05-13 |
Dassault Systèmes eDrawings Viewer SLDPRT File Parsing Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-284 |
ZDI-CAN-22063 |
MATE Desktop |
|
7.8 |
2025-05-02 |
2025-05-02 |
MATE Desktop Atril Document Viewer EPUB File Parsing Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-283 |
ZDI-CAN-22225 |
MATE Desktop |
|
7.8 |
2025-05-02 |
2025-05-02 |
MATE Desktop Atril Document Viewer CBT File Parsing Argument Injection Remote Code Execution Vulnerability |
| ZDI-25-282 |
ZDI-CAN-26502 |
Webmin |
CVE-2025-2774 |
8.8 |
2025-05-01 |
2025-05-01 |
Webmin CRLF Injection Privilege Escalation Vulnerability |
| ZDI-25-281 |
ZDI-CAN-25017 |
Cisco |
CVE-2025-20175 |
8.8 |
2025-05-01 |
2025-05-01 |
Cisco IOS XE SNMP SET cewProxyClass Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-280 |
ZDI-CAN-25024 |
Cisco |
CVE-2025-20170 |
6.5 |
2025-05-01 |
2025-05-01 |
Cisco IOS XE SNMP GET-NEXT ciscoFlashChipCode Unexpected Sign Extension Denial-of-Service Vulnerability |
| ZDI-25-279 |
ZDI-CAN-25022 |
Cisco |
CVE-2025-20173 |
8.8 |
2025-05-01 |
2025-05-01 |
Cisco IOS XE SNMP GET-NEXT cContextMappingBridgeDomainIdentifier Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-278 |
ZDI-CAN-25021 |
Cisco |
CVE-2025-20176 |
8.8 |
2025-05-01 |
2025-05-01 |
Cisco IOS XE SNMP GET-NEXT ctspIpSgtValue Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-277 |
ZDI-CAN-25020 |
Cisco |
CVE-2025-20175 |
8.8 |
2025-05-01 |
2025-05-01 |
Cisco IOS XE SNMP SET cewEventTime Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-276 |
ZDI-CAN-25019 |
Cisco |
CVE-2025-20174 |
7.5 |
2025-05-01 |
2025-05-01 |
Cisco IOS XE SNMP GET-NEXT cilmCurrentImageLevel Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-275 |
ZDI-CAN-25018 |
Cisco |
CVE-2025-20171 |
6.5 |
2025-05-01 |
2025-05-01 |
Cisco IOS XE SNMP GET-NEXT callHomeUserDefCmdName Unexpected Sign Extension Denial-of-Service Vulnerability |
| ZDI-25-274 |
ZDI-CAN-25575 |
Cisco |
CVE-2025-20172 |
4.3 |
2025-05-01 |
2025-05-01 |
Cisco IOS XE SNMP OID Handling Out-Of-Bounds Read Denial-of-Service Vulnerability |
| ZDI-25-273 |
ZDI-CAN-25023 |
Cisco |
CVE-2025-20172 |
4.3 |
2025-05-01 |
2025-05-01 |
Cisco IOS XE SNMP OID Handling Out-Of-Bounds Read Denial-of-Service Vulnerability |
| ZDI-25-272 |
ZDI-CAN-25576 |
Cisco |
CVE-2025-20172 |
4.3 |
2025-05-01 |
2025-05-01 |
Cisco IOS XE SNMP OID Handling Out-Of-Bounds Read Denial-of-Service Vulnerability |
| ZDI-25-271 |
ZDI-CAN-25577 |
Cisco |
CVE-2025-20172 |
4.3 |
2025-05-01 |
2025-05-01 |
Cisco IOS XE SNMP OID Handling Out-Of-Bounds Read Denial-of-Service Vulnerability |
| ZDI-25-270 |
ZDI-CAN-25030 |
Cisco |
CVE-2025-20169 |
6.5 |
2025-05-01 |
2025-05-01 |
Cisco IOS XE SNMP GET-NEXT ciscoFlashFileSize Unexpected Sign Extension Denial-of-Service Vulnerability |
| ZDI-25-269 |
ZDI-CAN-25663 |
Synology |
CVE-2024-10445 |
5.3 |
2025-05-01 |
2025-05-01 |
(Pwn2Own) Synology BeeStation BST150-4T Unnecessary Privileges Remote Code Execution Vulnerability |
| ZDI-25-268 |
ZDI-CAN-25448 |
GStreamer |
CVE-2025-2759 |
7.0 |
2025-04-30 |
2025-04-30 |
GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability |
| ZDI-25-267 |
ZDI-CAN-26596 |
GStreamer |
CVE-2025-3887 |
8.8 |
2025-04-30 |
2025-07-03 |
GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-266 |
ZDI-CAN-22235 |
Apache |
CVE-2025-29953 |
8.1 |
2025-04-30 |
2025-04-30 |
Apache ActiveMQ NMS Body Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-265 |
ZDI-CAN-23800 |
Tesla |
CVE-2025-2082 |
7.5 |
2025-04-30 |
2025-04-30 |
(Pwn2Own) Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerability |
| ZDI-25-264 |
ZDI-CAN-23201 |
Tesla |
CVE-2024-6032 |
7.8 |
2025-04-30 |
2025-04-30 |
(Pwn2Own) Tesla Model S Iris Modem ql_atfwd Command Injection Code Execution Vulnerability |
| ZDI-25-263 |
ZDI-CAN-23200 |
Tesla |
CVE-2024-6030 |
7.0 |
2025-04-30 |
2025-04-30 |
(Pwn2Own) Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerability |
| ZDI-25-262 |
ZDI-CAN-23199 |
Tesla |
CVE-2024-13943 |
7.8 |
2025-04-30 |
2025-04-30 |
(Pwn2Own) Tesla Model S Iris Modem QCMAP_ConnectionManager Improper Input Validation Sandbox Escape Vulnerability |
| ZDI-25-261 |
ZDI-CAN-23198 |
Tesla |
CVE-2024-6031 |
7.8 |
2025-04-30 |
2025-04-30 |
(Pwn2Own) Tesla Model S oFono AT Command Heap-based Buffer Overflow Code Execution Vulnerability |
| ZDI-25-260 |
ZDI-CAN-23197 |
Tesla |
CVE-2024-6029 |
5.0 |
2025-04-30 |
2025-04-30 |
(Pwn2Own) Tesla Model S Iris Modem Race Condition Firewall Bypass Vulnerability |
| ZDI-25-259 |
ZDI-CAN-23843 |
Adobe |
CVE-2024-34098 |
7.8 |
2025-04-30 |
2025-04-30 |
(Pwn2Own) Adobe Acrobat Reader DC Collab Command Injection Remote Code Execution Vulnerability |
| ZDI-25-258 |
ZDI-CAN-23553 |
Adobe |
CVE-2024-34099 |
7.8 |
2025-04-30 |
2025-04-30 |
(Pwn2Own) Adobe Acrobat Reader DC distributionURL JavaScript API Restrictions Bypass Vulnerability |
| ZDI-25-257 |
ZDI-CAN-23786 |
Oracle |
CVE-2024-21113 |
8.2 |
2025-04-30 |
2025-04-30 |
(Pwn2Own) Oracle VirtualBox OHCI USB Controller Race Condition Local Privilege Escalation Vulnerability |
| ZDI-25-256 |
ZDI-CAN-26610 |
Avast |
CVE-2025-3500 |
8.8 |
2025-04-24 |
2025-04-24 |
Avast Free Antivirus Integer Overflow Local Privilege Escalation Vulnerability |
| ZDI-25-255 |
ZDI-CAN-25730 |
Allegra |
CVE-2025-3486 |
7.2 |
2025-04-24 |
2025-04-24 |
Allegra isZipEntryValide Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-254 |
ZDI-CAN-26524 |
Allegra |
CVE-2025-3485 |
7.2 |
2025-04-24 |
2025-06-06 |
Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-253 |
ZDI-CAN-25726 |
SonicWALL |
CVE-2025-32817 |
6.1 |
2025-04-24 |
2025-05-21 |
SonicWALL Connect Tunnel Link Following Denial-of-Service Vulnerability |
| ZDI-25-252 |
ZDI-CAN-23275 |
Cato Networks |
|
7.8 |
2025-04-23 |
2025-04-24 |
(0Day) Cato Networks Cato Client for macOS Helper Service Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability |
| ZDI-25-251 |
ZDI-CAN-23942 |
Harman Becker |
CVE-2025-3885 |
5.3 |
2025-04-23 |
2025-04-23 |
(0Day) Harman Becker MGU21 Bluetooth Improper Input Validation Denial-of-Service Vulnerability |
| ZDI-25-250 |
ZDI-CAN-24332 |
Cloudera |
CVE-2025-3884 |
7.5 |
2025-04-23 |
2025-04-23 |
(0Day) Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability |
| ZDI-25-249 |
ZDI-CAN-23115 |
eCharge Hardy Barth |
CVE-2025-3883 |
8.8 |
2025-04-23 |
2025-04-23 |
(0Day) eCharge Hardy Barth cPH2 index.php Command Injection Remote Code Execution Vulnerability |
| ZDI-25-248 |
ZDI-CAN-23114 |
eCharge Hardy Barth |
CVE-2025-3882 |
8.8 |
2025-04-23 |
2025-04-23 |
(0Day) eCharge Hardy Barth cPH2 nwcheckexec.php dest Command Injection Remote Code Execution Vulnerability |
| ZDI-25-247 |
ZDI-CAN-23113 |
eCharge Hardy Barth |
CVE-2025-3881 |
8.8 |
2025-04-23 |
2025-04-23 |
(0Day) eCharge Hardy Barth cPH2 check_req.php ntp Command Injection Remote Code Execution Vulnerability |
| ZDI-25-246 |
ZDI-CAN-25842 |
MedDream |
CVE-2025-3480 |
5.3 |
2025-04-09 |
2025-04-22 |
MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure Vulnerability |
| ZDI-25-245 |
ZDI-CAN-25827 |
MedDream |
CVE-2025-3481 |
9.8 |
2025-04-09 |
2025-04-22 |
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-244 |
ZDI-CAN-25826 |
MedDream |
CVE-2025-3482 |
9.8 |
2025-04-09 |
2025-04-22 |
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-243 |
ZDI-CAN-25825 |
MedDream |
CVE-2025-3483 |
9.8 |
2025-04-09 |
2025-04-22 |
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-242 |
ZDI-CAN-25853 |
MedDream |
CVE-2025-3484 |
9.8 |
2025-04-09 |
2025-04-22 |
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-241 |
ZDI-CAN-25681 |
Trend Micro |
CVE-2025-30642 |
5.5 |
2025-04-09 |
2025-04-09 |
Trend Micro Deep Security Agent Link Following Denial-of-Service Vulnerability |
| ZDI-25-240 |
ZDI-CAN-24931 |
Trend Micro |
CVE-2025-30641 |
7.8 |
2025-04-09 |
2025-04-09 |
Trend Micro Deep Security Anti-Malware Solution Platform Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-239 |
ZDI-CAN-24930 |
Trend Micro |
CVE-2025-30640 |
7.8 |
2025-04-09 |
2025-04-09 |
Trend Micro Deep Security Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-238 |
ZDI-CAN-25524 |
Trend Micro |
CVE-2025-30680 |
7.1 |
2025-04-09 |
2025-04-09 |
Trend Micro Apex Central Query Server-Side Request Forgery Information Disclosure Vulnerability |
| ZDI-25-237 |
ZDI-CAN-24934 |
Trend Micro |
CVE-2025-30679 |
6.5 |
2025-04-09 |
2025-04-09 |
Trend Micro Apex Central modOSCE Server-Side Request Forgery Information Disclosure Vulnerability |
| ZDI-25-236 |
ZDI-CAN-24939 |
Trend Micro |
CVE-2025-30678 |
6.5 |
2025-04-09 |
2025-04-09 |
Trend Micro Apex Central modTMSM Server-Side Request Forgery Information Disclosure Vulnerability |
| ZDI-25-235 |
ZDI-CAN-25953 |
Ivanti |
CVE-2025-22461 |
7.2 |
2025-04-09 |
2025-04-09 |
Ivanti Endpoint Manager OpenRecordSet SQL Injection Remote Code Execution Vulnerability |
| ZDI-25-234 |
ZDI-CAN-25985 |
Microsoft |
CVE-2025-29812 |
8.8 |
2025-04-09 |
2025-04-09 |
Microsoft Windows dxkrnl Untrusted Pointer Dereference Local Privilege Escalation Vulnerability |
| ZDI-25-233 |
ZDI-CAN-24586 |
Luxion |
CVE-2025-1045 |
7.8 |
2025-04-09 |
2025-04-09 |
Luxion KeyShot Viewer KSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-232 |
ZDI-CAN-23694 |
Luxion |
CVE-2025-1047 |
7.8 |
2025-04-09 |
2025-04-09 |
Luxion KeyShot PVS File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability |
| ZDI-25-231 |
ZDI-CAN-23646 |
Luxion |
CVE-2025-1046 |
7.8 |
2025-04-09 |
2025-04-09 |
Luxion KeyShot SKP File Parsing Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-230 |
ZDI-CAN-25651 |
Samsung |
CVE-2024-49413 |
7.5 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Samsung Galaxy S24 Smart Switch Agent Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability |
| ZDI-25-229 |
ZDI-CAN-25650 |
Samsung |
CVE-2024-49421 |
5.9 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Samsung Galaxy S24 Quick Share Directory Traversal Arbitrary File Write Vulnerability |
| ZDI-25-228 |
ZDI-CAN-25649 |
Samsung |
|
5.3 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Samsung Galaxy S24 Quick Share Insufficient UI Warning Arbitrary File Write Vulnerability |
| ZDI-25-227 |
ZDI-CAN-25648 |
Samsung |
CVE-2024-49420 |
5.3 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Samsung Galaxy S24 Gaming Hub Exposed Dangerous Method Local Privilege Escalation Vulnerability |
| ZDI-25-226 |
ZDI-CAN-25581 |
Samsung |
CVE-2024-49419, CVE-2024-49418 |
5.4 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Samsung Galaxy S24 Gaming Hub Improper Input Validation Privilege Escalation Vulnerability |
| ZDI-25-225 |
ZDI-CAN-25606 |
Sonos |
CVE-2025-1050 |
8.8 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-224 |
ZDI-CAN-25601 |
Sonos |
CVE-2025-1049 |
8.8 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-223 |
ZDI-CAN-25535 |
Sonos |
CVE-2025-1048 |
8.8 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Sonos Era 300 Speaker libsmb2 Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-222 |
ZDI-CAN-25674 |
Lexmark |
CVE-2024-11346 |
4.3 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Lexmark CX331adwe concatstrings Type Confusion Information Disclosure Vulnerability |
| ZDI-25-221 |
ZDI-CAN-25849 |
Lexmark |
|
7.0 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Lexmark CX331adwe httpd extract-trace Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-220 |
ZDI-CAN-25848 |
Lexmark |
|
6.3 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Lexmark CX331adwe basic_auth.cgi PATH_TRANSLATED Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-219 |
ZDI-CAN-25676 |
Lexmark |
CVE-2024-11347 |
8.8 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Lexmark CX331adwe JBIG2 File Parsing new_image Integer Overflow Remote Code Execution Vulnerability |
| ZDI-25-218 |
ZDI-CAN-25621 |
Lexmark |
CVE-2024-11345 |
8.8 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Lexmark CX331adwe JPEG2000 Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-217 |
ZDI-CAN-25539 |
Lexmark |
CVE-2024-11344 |
8.8 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Lexmark CX331adwe loadCFFdata Type Confusion Remote Code Execution Vulnerability |
| ZDI-25-216 |
ZDI-CAN-25538 |
Synology |
CVE-2024-11131 |
8.8 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Synology TC500 ONVIF Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-215 |
ZDI-CAN-25487 |
Synology |
CVE-2024-10444 |
7.5 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Synology DiskStation DS1823xs+ LDAP Client Improper Certificate Validation Authentication Bypass Vulnerability |
| ZDI-25-214 |
ZDI-CAN-25403 |
Synology |
CVE-2024-10441 |
8.8 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Synology DiskStation DS1823xs+ Vue.JS Improper Neutralization of Argument Delimiters Remote Code Execution Vulnerability |
| ZDI-25-213 |
ZDI-CAN-25659 |
Synology |
CVE-2024-50631 |
6.4 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Synology BeeStation BST150-4T SQL Injection Remote Code Execution Vulnerability |
| ZDI-25-212 |
ZDI-CAN-25658 |
Synology |
CVE-2024-50630 |
7.5 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Synology BeeStation BST150-4T Improper Authentication Vulnerability |
| ZDI-25-211 |
ZDI-CAN-25613 |
Synology |
CVE-2024-50629 |
6.5 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Synology BeeStation BST150-4T CRLF Injection Information Disclosure Vulnerability |
| ZDI-25-210 |
ZDI-CAN-25662 |
Synology |
CVE-2024-10445 |
7.5 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Synology BeeStation BST150-4T Improper Input Validation Remote Code Execution Vulnerability |
| ZDI-25-209 |
ZDI-CAN-25617 |
Synology |
CVE-2024-10445 |
4.3 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Synology BeeStation BST150-4T Cleartext Transmission of Sensitive Information Vulnerability |
| ZDI-25-208 |
ZDI-CAN-25607 |
Synology |
CVE-2024-10442 |
7.5 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Synology DiskStation DS1823xs+ Replication Service Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-207 |
ZDI-CAN-25623 |
Synology |
CVE-2024-10443 |
8.8 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Synology BeeStation BST150-4T Command Injection Remote Code Execution Vulnerability |
| ZDI-25-206 |
ZDI-CAN-25427 |
Amazon |
|
9.8 |
2025-04-07 |
2025-04-07 |
Amazon AWS CloudFormation Templates Uncontrolled Search Path Element Remote Code Execution Vulnerability |
| ZDI-25-205 |
ZDI-CAN-25426 |
Amazon |
|
9.8 |
2025-04-07 |
2025-04-07 |
Amazon AWS CloudFormation Templates Uncontrolled Search Path Element Remote Code Execution Vulnerability |
| ZDI-25-204 |
ZDI-CAN-25100 |
GIMP |
CVE-2025-2761 |
7.8 |
2025-04-07 |
2025-04-07 |
GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-203 |
ZDI-CAN-25082 |
GIMP |
CVE-2025-2760 |
7.8 |
2025-04-07 |
2025-04-07 |
GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability |
| ZDI-25-202 |
ZDI-CAN-25559 |
Fortinet |
CVE-2024-55597 |
5.5 |
2025-04-07 |
2025-04-07 |
Fortinet FortiWeb cgi_xmlprotection_xmlschemafile_post Directory Traversal Arbitrary File Write Vulnerability |
| ZDI-25-201 |
ZDI-CAN-25572 |
Trend Micro |
CVE-2025-27529 |
4.4 |
2025-04-07 |
2025-04-07 |
Trend Micro Cleaner One Pro Link Following Denial-of-Service Vulnerability |
| ZDI-25-200 |
ZDI-CAN-26250 |
Exim |
CVE-2025-30232 |
7.8 |
2025-04-07 |
2025-04-07 |
Exim Use-After-Free Local Privilege Escalation Vulnerability |
| ZDI-25-199 |
ZDI-CAN-25970 |
Autodesk |
CVE-2025-1660 |
7.8 |
2025-04-03 |
2025-04-03 |
Autodesk Navisworks Freedom DWFX File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-198 |
ZDI-CAN-25968 |
Autodesk |
CVE-2025-1659 |
7.8 |
2025-04-03 |
2025-04-03 |
Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-197 |
ZDI-CAN-25971 |
Autodesk |
CVE-2025-1658 |
7.8 |
2025-04-03 |
2025-04-03 |
Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-196 |
ZDI-CAN-25736 |
Apple |
CVE-2025-24185 |
7.8 |
2025-04-01 |
2025-04-01 |
Apple macOS ICC Profile Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-195 |
ZDI-CAN-25812 |
Apple |
CVE-2025-24210 |
4.3 |
2025-04-01 |
2025-04-01 |
Apple macOS CoreGraphics Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-194 |
ZDI-CAN-26063 |
Apple |
CVE-2025-24256 |
6.4 |
2025-04-01 |
2025-04-01 |
Apple macOS AppleIntelKBLGraphics Time-Of-Check Time-Of-Use Information Disclosure Vulnerability |
| ZDI-25-193 |
ZDI-CAN-26154 |
Apple |
CVE-2025-24182 |
3.3 |
2025-04-01 |
2025-04-01 |
Apple macOS CoreText Font Glyphs Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-192 |
ZDI-CAN-26494 |
Apple |
CVE-2025-24190 |
8.8 |
2025-04-01 |
2025-04-01 |
Apple macOS MP4 File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-191 |
ZDI-CAN-26497 |
Apple |
CVE-2025-24211 |
8.8 |
2025-04-01 |
2025-04-01 |
Apple macOS MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-190 |
ZDI-CAN-26495 |
Apple |
CVE-2025-24230 |
4.3 |
2025-04-01 |
2025-04-01 |
Apple macOS MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-189 |
ZDI-CAN-26248 |
Apple |
CVE-2025-24243 |
7.8 |
2025-04-01 |
2025-04-01 |
Apple macOS AudioToolbox AMR File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-188 |
ZDI-CAN-26247 |
Apple |
CVE-2025-24244 |
3.3 |
2025-04-01 |
2025-04-01 |
Apple macOS AudioToolboxCore WAV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-187 |
ZDI-CAN-25903 |
BEC Technologies |
CVE-2025-2773 |
7.2 |
2025-03-25 |
2025-03-25 |
(0Day) BEC Technologies Multiple Routers sys ping Command Injection Remote Code Execution Vulnerability |
| ZDI-25-186 |
ZDI-CAN-25986 |
BEC Technologies |
CVE-2025-2770 |
4.9 |
2025-03-25 |
2025-03-25 |
(0Day) BEC Technologies Multiple Routers Cleartext Password Storage Information Disclosure Vulnerability |
| ZDI-25-185 |
ZDI-CAN-25895 |
BEC Technologies |
CVE-2025-2772 |
5.3 |
2025-03-25 |
2025-03-25 |
(0Day) BEC Technologies Multiple Routers Insufficiently Protected Credentials Information Disclosure Vulnerability |
| ZDI-25-184 |
ZDI-CAN-25894 |
BEC Technologies |
CVE-2025-2771 |
5.3 |
2025-03-25 |
2025-03-25 |
(0Day) BEC Technologies Multiple Routers Authentication Bypass Vulnerability |
| ZDI-25-183 |
ZDI-CAN-25295 |
Bdrive |
CVE-2025-2769 |
7.8 |
2025-03-25 |
2025-03-25 |
(0Day) Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
| ZDI-25-182 |
ZDI-CAN-25041 |
Bdrive |
CVE-2025-2768 |
7.8 |
2025-03-25 |
2025-03-25 |
(0Day) Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
| ZDI-25-181 |
ZDI-CAN-24407 |
Arista |
CVE-2025-2767 |
8.8 |
2025-03-25 |
2025-03-25 |
(0Day) Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability |
| ZDI-25-180 |
ZDI-CAN-24996 |
70mai |
CVE-2025-2766 |
8.8 |
2025-03-25 |
2025-03-25 |
(0Day) 70mai A510 Use of Default Password Authentication Bypass Vulnerability |
| ZDI-25-179 |
ZDI-CAN-24356 |
CarlinKit |
CVE-2025-2763 |
6.8 |
2025-03-25 |
2025-03-25 |
(0Day) CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability |
| ZDI-25-178 |
ZDI-CAN-24355 |
CarlinKit |
CVE-2025-2764 |
8.0 |
2025-03-25 |
2025-03-25 |
(0Day) CarlinKit CPC200-CCPA update.cgi Improper Verification of Cryptographic Signature Code Execution Vulnerability |
| ZDI-25-177 |
ZDI-CAN-24349 |
CarlinKit |
CVE-2025-2765 |
7.6 |
2025-03-25 |
2025-03-25 |
(0Day) CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authentication Bypass Vulnerability |
| ZDI-25-176 |
ZDI-CAN-25948 |
CarlinKit |
CVE-2025-2762 |
7.8 |
2025-03-25 |
2025-03-25 |
(0Day) CarlinKit CPC200-CCPA Missing Root of Trust Local Privilege Escalation Vulnerability |
| ZDI-25-175 |
ZDI-CAN-23709 |
Luxion |
CVE-2025-2532 |
7.8 |
2025-03-20 |
2025-03-20 |
(0Day) Luxion KeyShot USDC File Parsing Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-174 |
ZDI-CAN-23704 |
Luxion |
CVE-2025-2531 |
7.8 |
2025-03-20 |
2025-03-20 |
(0Day) Luxion KeyShot DAE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-173 |
ZDI-CAN-23698 |
Luxion |
CVE-2025-2530 |
7.8 |
2025-03-20 |
2025-03-20 |
(0Day) Luxion KeyShot DAE File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability |
| ZDI-25-172 |
ZDI-CAN-25319 |
Apple |
CVE-2025-24124 |
8.8 |
2025-03-18 |
2025-03-18 |
Apple macOS MOV File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-171 |
ZDI-CAN-25242 |
Apple |
CVE-2024-54500 |
3.3 |
2025-03-18 |
2025-03-18 |
Apple macOS ImageIO Pixel Conversion Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-170 |
ZDI-CAN-25546 |
Apple |
CVE-2024-54501 |
3.3 |
2025-03-18 |
2025-03-18 |
Apple macOS WindowServer Denial-of-Service Vulnerability |
| ZDI-25-169 |
ZDI-CAN-25201 |
Apple |
CVE-2024-54497 |
4.3 |
2025-03-18 |
2025-03-18 |
Apple macOS WindowServer Unchecked Input for Loop Condition Denial-of-Service Vulnerability |
| ZDI-25-168 |
ZDI-CAN-25370 |
Apple |
CVE-2025-24123 |
8.8 |
2025-03-18 |
2025-03-18 |
Apple macOS MOV File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-167 |
ZDI-CAN-25735 |
Apple |
CVE-2025-24139 |
3.3 |
2025-03-18 |
2025-03-18 |
Apple macOS ICC Profile Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-166 |
ZDI-CAN-25338 |
Apple |
CVE-2024-54486 |
3.3 |
2025-03-18 |
2025-03-18 |
Apple macOS libFontParser Glyph Mapping Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-165 |
ZDI-CAN-25661 |
Apple |
CVE-2024-54499 |
3.3 |
2025-03-18 |
2025-03-18 |
Apple macOS ImageIO JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-164 |
ZDI-CAN-25808 |
Apple |
CVE-2025-24149 |
3.3 |
2025-03-18 |
2025-03-18 |
Apple SceneKit Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-163 |
ZDI-CAN-26554 |
Autodesk |
CVE-2025-1652 |
7.8 |
2025-03-18 |
2025-03-18 |
Autodesk AutoCAD MODEL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-162 |
ZDI-CAN-25695 |
Autodesk |
CVE-2025-1427 |
7.8 |
2025-03-18 |
2025-03-18 |
Autodesk AutoCAD CATProduct File Parsing Uninitialized Variable Remote Code Execution Vulnerability |
| ZDI-25-161 |
ZDI-CAN-25767 |
Autodesk |
CVE-2025-1428 |
7.8 |
2025-03-18 |
2025-03-18 |
Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-160 |
ZDI-CAN-25784 |
Autodesk |
CVE-2025-1429 |
7.8 |
2025-03-18 |
2025-03-18 |
Autodesk AutoCAD MODEL File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-159 |
ZDI-CAN-25811 |
Autodesk |
CVE-2025-1649 |
7.8 |
2025-03-18 |
2025-03-18 |
Autodesk AutoCAD CATPRODUCT File Parsing Uninitialized Variable Remote Code Execution Vulnerability |
| ZDI-25-158 |
ZDI-CAN-25951 |
Autodesk |
CVE-2025-1650 |
7.8 |
2025-03-18 |
2025-03-18 |
Autodesk AutoCAD CATProduct File Parsing Uninitialized Variable Remote Code Execution Vulnerability |
| ZDI-25-157 |
ZDI-CAN-25952 |
Autodesk |
CVE-2025-1651 |
7.8 |
2025-03-18 |
2025-03-18 |
Autodesk AutoCAD MODEL File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-156 |
ZDI-CAN-25989 |
Autodesk |
CVE-2025-1430 |
7.8 |
2025-03-18 |
2025-03-18 |
Autodesk AutoCAD SLDPRT File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-155 |
ZDI-CAN-26521 |
Autodesk |
CVE-2025-1433 |
7.8 |
2025-03-18 |
2025-03-18 |
Autodesk AutoCAD MODEL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-154 |
ZDI-CAN-26135 |
Autodesk |
CVE-2025-1432 |
7.8 |
2025-03-18 |
2025-03-18 |
Autodesk AutoCAD 3DM File Parsing Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-153 |
ZDI-CAN-25997 |
Autodesk |
CVE-2025-1431 |
7.8 |
2025-03-18 |
2025-03-18 |
Autodesk AutoCAD SLDPRT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-152 |
ZDI-CAN-25481 |
Rockwell Automation |
CVE-2024-12130 |
7.8 |
2025-03-18 |
2025-03-18 |
Rockwell Automation Arena Simulation DOE File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-151 |
ZDI-CAN-25708 |
Progress Software |
CVE-2025-1758 |
9.8 |
2025-03-18 |
2025-03-18 |
Progress Software Kemp LoadMaster mangle Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-150 |
ZDI-CAN-26371 |
Microsoft |
CVE-2025-26633 |
7.0 |
2025-03-18 |
2025-03-18 |
Microsoft Windows MSC File Insufficient UI Warning Remote Code Execution Vulnerability |
| ZDI-25-149 |
ZDI-CAN-26251 |
Adobe |
CVE-2025-271561 |
7.8 |
2025-03-18 |
2025-03-18 |
Adobe Acrobat Reader DC AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-148 |
ZDI-CAN-25373 |
Microsoft |
CVE-2025-9491 |
7.0 |
2025-03-18 |
2025-10-30 |
(0Day) Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability |
| ZDI-25-147 |
ZDI-CAN-22833 |
NI |
CVE-2025-2450 |
7.8 |
2025-03-17 |
2025-03-17 |
(0Day) NI Vision Builder AI VBAI File Processing Missing Warning Remote Code Execution Vulnerability |
| ZDI-25-146 |
ZDI-CAN-21805 |
NI |
CVE-2025-2449 |
7.8 |
2025-03-17 |
2025-03-17 |
(0Day) NI FlexLogger usiReg URI File Parsing Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-145 |
ZDI-CAN-25794 |
NVIDIA |
CVE-2025-23242 |
7.3 |
2025-03-13 |
2025-03-13 |
NVIDIA Riva Triton Inference Server Missing Authentication Vulnerability |
| ZDI-25-144 |
ZDI-CAN-25682 |
NVIDIA |
CVE-2025-23243 |
6.5 |
2025-03-13 |
2025-03-13 |
NVIDIA Riva gRPC API Missing Authentication for Critical Function Authentication Bypass Vulnerability |
| ZDI-25-143 |
ZDI-CAN-25544 |
X.Org |
CVE-2025-26594 |
7.8 |
2025-03-13 |
2025-03-13 |
X.Org Server ChangeWindowAttributes Use-After-Free Privilege Escalation Vulnerability |
| ZDI-25-142 |
ZDI-CAN-25545 |
X.Org |
CVE-2025-26595 |
7.8 |
2025-03-13 |
2025-03-13 |
X.Org Server XkbVModMaskText Stack-based Buffer Overflow Privilege Escalation Vulnerability |
| ZDI-25-141 |
ZDI-CAN-25543 |
X.Org |
CVE-2025-26596 |
7.8 |
2025-03-13 |
2025-03-13 |
X.Org Server XkbSizeKeySyms Heap-based Buffer Overflow Privilege Escalation Vulnerability |
| ZDI-25-140 |
ZDI-CAN-25683 |
X.Org |
CVE-2025-26597 |
7.8 |
2025-03-13 |
2025-03-13 |
X.Org Server XkbChangeTypesOfKey Heap-based Buffer Overflow Privilege Escalation Vulnerability |
| ZDI-25-139 |
ZDI-CAN-25740 |
X.Org |
CVE-2025-26598 |
7.8 |
2025-03-13 |
2025-03-13 |
X.Org Server CreatePointerBarrierClient Out-Of-Bounds Write Local Privilege Escalation Vulnerability |
| ZDI-25-138 |
ZDI-CAN-25851 |
X.Org |
CVE-2025-26599 |
7.8 |
2025-03-13 |
2025-03-13 |
X.Org Server compRedirectWindow Type Confusion Local Privilege Escalation Vulnerability |
| ZDI-25-137 |
ZDI-CAN-25871 |
X.Org |
CVE-2025-26600 |
7.8 |
2025-03-13 |
2025-03-13 |
X.Org Server PlayReleasedEvents Use-After-Free Local Privilege Escalation Vulnerability |
| ZDI-25-136 |
ZDI-CAN-25870 |
X.Org |
CVE-2025-26601 |
7.8 |
2025-03-13 |
2025-03-13 |
X.Org Server SyncInitTrigger Use-After-Free Local Privilege Escalation Vulnerability |
| ZDI-25-135 |
ZDI-CAN-26232 |
Adobe |
CVE-2025-27162 |
7.8 |
2025-03-13 |
2025-03-13 |
Adobe Acrobat Reader DC AcroForm Use of Uninitialized Variable Remote Code Execution Vulnerability |
| ZDI-25-134 |
ZDI-CAN-25734 |
Adobe |
CVE-2025-24431 |
7.8 |
2025-03-13 |
2025-03-13 |
Adobe Acrobat Reader DC Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-133 |
ZDI-CAN-26231 |
Adobe |
CVE-2025-27174 |
7.8 |
2025-03-13 |
2025-03-13 |
Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-132 |
ZDI-CAN-26147 |
Adobe |
CVE-2025-27159 |
7.8 |
2025-03-13 |
2025-03-13 |
Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-131 |
ZDI-CAN-26169 |
Adobe |
CVE-2025-27160 |
7.8 |
2025-03-13 |
2025-03-13 |
Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-130 |
ZDI-CAN-25443 |
Siemens |
CVE-2025-25175 |
7.8 |
2025-03-13 |
2025-03-13 |
Siemens Simcenter Femap NEU File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-129 |
ZDI-CAN-25473 |
PDF-XChange |
CVE-2025-2231 |
7.8 |
2025-03-12 |
2025-03-12 |
PDF-XChange Editor RTF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-128 |
ZDI-CAN-21907 |
NI |
CVE-2024-12742 |
7.8 |
2025-03-11 |
2025-03-11 |
NI G Web Development GWEBPROJECT File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-127 |
ZDI-CAN-25615 |
Samsung |
CVE-2025-2233 |
8.8 |
2025-03-11 |
2025-04-16 |
(0Day) (Pwn2Own) Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability |
| ZDI-25-126 |
ZDI-CAN-25276 |
Ashlar-Vellum |
CVE-2025-2022 |
7.8 |
2025-03-10 |
2025-03-10 |
(0Day) Ashlar-Vellum Cobalt VS File Parsing Type Confusion Remote Code Execution Vulnerability |
| ZDI-25-125 |
ZDI-CAN-25264 |
Ashlar-Vellum |
CVE-2025-2021 |
7.8 |
2025-03-10 |
2025-03-10 |
(0Day) Ashlar-Vellum Cobalt XE File Parsing Integer Overflow Remote Code Execution Vulnerability |
| ZDI-25-124 |
ZDI-CAN-25254 |
Ashlar-Vellum |
CVE-2025-2020 |
7.8 |
2025-03-10 |
2025-03-10 |
(0Day) Ashlar-Vellum Cobalt VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-123 |
ZDI-CAN-25252 |
Ashlar-Vellum |
CVE-2025-2019 |
7.8 |
2025-03-10 |
2025-03-10 |
(0Day) Ashlar-Vellum Cobalt VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-122 |
ZDI-CAN-25348 |
Ashlar-Vellum |
CVE-2025-2023 |
7.8 |
2025-03-10 |
2025-03-10 |
(0Day) Ashlar-Vellum Cobalt LI File Parsing Integer Overflow Remote Code Execution Vulnerability |
| ZDI-25-121 |
ZDI-CAN-25240 |
Ashlar-Vellum |
CVE-2025-2017 |
7.8 |
2025-03-10 |
2025-03-10 |
(0Day) Ashlar-Vellum Cobalt CO File Parsing Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-120 |
ZDI-CAN-25186 |
Ashlar-Vellum |
CVE-2025-2013 |
7.8 |
2025-03-10 |
2025-03-10 |
(0Day) Ashlar-Vellum Cobalt CO File Parsing Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-119 |
ZDI-CAN-25185 |
Ashlar-Vellum |
CVE-2025-2012 |
7.8 |
2025-03-10 |
2025-03-10 |
(0Day) Ashlar-Vellum Cobalt VS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-118 |
ZDI-CAN-25245 |
Ashlar-Vellum |
CVE-2025-2018 |
7.8 |
2025-03-10 |
2025-03-10 |
(0Day) Ashlar-Vellum Cobalt VS File Parsing Type Confusion Remote Code Execution Vulnerability |
| ZDI-25-117 |
ZDI-CAN-25238 |
Ashlar-Vellum |
CVE-2025-2016 |
7.8 |
2025-03-10 |
2025-03-10 |
(0Day) Ashlar-Vellum Cobalt VC6 File Parsing Type Confusion Remote Code Execution Vulnerability |
| ZDI-25-116 |
ZDI-CAN-25236 |
Ashlar-Vellum |
CVE-2025-2015 |
7.8 |
2025-03-10 |
2025-03-10 |
(0Day) Ashlar-Vellum Cobalt VS File Parsing Type Confusion Remote Code Execution Vulnerability |
| ZDI-25-115 |
ZDI-CAN-25235 |
Ashlar-Vellum |
CVE-2025-2014 |
7.8 |
2025-03-10 |
2025-03-10 |
(0Day) Ashlar-Vellum Cobalt VS File Parsing Use of Uninitialized Variable Remote Code Execution Vulnerability |
| ZDI-25-114 |
ZDI-CAN-25312 |
Ivanti |
CVE-2024-13171 |
7.8 |
2025-03-10 |
2025-03-10 |
Ivanti Endpoint Manager Patch Unrestricted File Upload Remote Code Execution Vulnerability |
| ZDI-25-113 |
ZDI-CAN-25882 |
Autodesk |
CVE-2024-12198 |
7.8 |
2025-03-10 |
2025-03-10 |
Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-112 |
ZDI-CAN-25869 |
Autodesk |
CVE-2024-12193 |
7.8 |
2025-03-10 |
2025-03-10 |
Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-111 |
ZDI-CAN-25210 |
Trimble |
CVE-2025-2024 |
7.8 |
2025-03-06 |
2025-03-06 |
Trimble SketchUp SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability |
| ZDI-25-110 |
ZDI-CAN-25013 |
SEW-EURODRIVE |
|
7.8 |
2025-03-05 |
2025-03-05 |
SEW-EURODRIVE MOVITOOLS MotionStudio mticomp0 ICP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-109 |
ZDI-CAN-24001 |
Apache |
CVE-2024-56325 |
9.8 |
2025-03-03 |
2025-03-03 |
Apache Pinot Improper Neutralization of Special Elements Authentication Bypass Vulnerability |
| ZDI-25-108 |
ZDI-CAN-26611 |
HP |
CVE-2025-26507 |
7.8 |
2025-03-03 |
2025-03-03 |
(Pwn2Own) HP LaserJet Pro MFP 3301fdw suidexec Command Injection Local Privilege Escalation Vulnerability |
| ZDI-25-107 |
ZDI-CAN-25594 |
HP |
CVE-2025-26506 |
8.8 |
2025-03-03 |
2025-03-03 |
(Pwn2Own) HP LaserJet Pro MFP 3301fdw PostScript File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-106 |
ZDI-CAN-25533 |
HP |
CVE-2025-26508 |
8.8 |
2025-03-03 |
2025-03-03 |
(Pwn2Own) HP LaserJet Pro MFP 3301fdw PostScript File Parsing Type Confusion Remote Code Execution Vulnerability |
| ZDI-25-105 |
ZDI-CAN-21908 |
NI |
CVE-2024-12741 |
7.8 |
2025-03-03 |
2025-03-03 |
NI DAQExpress LVPROJECT File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-104 |
ZDI-CAN-25334 |
SolarWinds |
CVE-2024-52606 |
7.1 |
2025-03-03 |
2025-03-03 |
SolarWinds Platform TestWebsiteUrl Server-Side Request Forgery Information Disclosure Vulnerability |
| ZDI-25-103 |
ZDI-CAN-25031 |
Delta Electronics |
|
7.8 |
2025-03-03 |
2025-03-03 |
(0Day) Delta Electronics ISPSoft CBDGL File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-102 |
ZDI-CAN-25225 |
Delta Electronics |
|
7.8 |
2025-03-03 |
2025-03-03 |
(0Day) Delta Electronics ISPSoft DVP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-101 |
ZDI-CAN-25284 |
Delta Electronics |
|
7.8 |
2025-03-03 |
2025-03-03 |
(0Day) Delta Electronics ISPSoft DVP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-100 |
ZDI-CAN-25737 |
Linux |
|
9.0 |
2025-02-27 |
2025-02-27 |
Linux Kernel ksmbd Session Setup Race Condition Remote Code Execution Vulnerability |
| ZDI-25-099 |
ZDI-CAN-25350 |
PostHog |
CVE-2025-1520 |
7.1 |
2025-02-25 |
2025-02-25 |
PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability |
| ZDI-25-098 |
ZDI-CAN-25300 |
Delta Electronics |
CVE-2025-22880 |
7.8 |
2025-02-25 |
2025-02-25 |
Delta Electronics CNCSoft-G2 DPAX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-097 |
ZDI-CAN-25358 |
PostHog |
CVE-2025-1522 |
7.1 |
2025-02-25 |
2025-02-25 |
PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability |
| ZDI-25-096 |
ZDI-CAN-25352 |
PostHog |
CVE-2025-1521 |
7.1 |
2025-02-25 |
2025-02-25 |
PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability |
| ZDI-25-095 |
ZDI-CAN-25180 |
Fortinet |
CVE-2024-50569 |
6.6 |
2025-02-24 |
2025-02-24 |
Fortinet FortiWeb gui_upload_compress_act Command Injection Remote Code Execution Vulnerability |
| ZDI-25-094 |
ZDI-CAN-25182 |
Fortinet |
CVE-2024-50567 |
7.2 |
2025-02-24 |
2025-02-24 |
Fortinet FortiWeb cgi_grpc_idl_file_post Command Injection Remote Code Execution Vulnerability |
| ZDI-25-093 |
ZDI-CAN-26551 |
Apple |
CVE-2024-27834 |
5.0 |
2025-02-24 |
2025-02-24 |
(Pwn2Own) Apple Safari Pointer Authentication Code Bypass Vulnerability |
| ZDI-25-092 |
ZDI-CAN-23795 |
Apple |
CVE-2024-27833 |
5.4 |
2025-02-24 |
2025-02-24 |
(Pwn2Own) Apple Safari B3 JIT Compiler Integer Underflow Remote Code Execution Vulnerability |
| ZDI-25-091 |
ZDI-CAN-25761 |
Microsoft |
CVE-2025-21373 |
7.8 |
2025-02-24 |
2025-02-24 |
Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-090 |
ZDI-CAN-25393 |
Microsoft |
CVE-2025-21404 |
7.5 |
2025-02-24 |
2025-02-24 |
Microsoft Edge UI Misrepresentation Remote Code Execution Vulnerability |
| ZDI-25-089 |
ZDI-CAN-24785 |
mySCADA |
CVE-2025-20014 |
9.8 |
2025-02-19 |
2025-02-19 |
mySCADA myPRO Command Injection Remote Code Execution Vulnerability |
| ZDI-25-088 |
ZDI-CAN-24784 |
mySCADA |
CVE-2025-20061 |
9.8 |
2025-02-19 |
2025-02-19 |
mySCADA myPRO Command Injection Remote Code Execution Vulnerability |
| ZDI-25-087 |
ZDI-CAN-26525 |
NVIDIA |
CVE-2025-23359 |
9.0 |
2025-02-19 |
2025-02-19 |
NVIDIA Container Toolkit mount_files Time-Of-Check Time-Of-Use Race Condition Privilege Escalation Vulnerability |
| ZDI-25-086 |
ZDI-CAN-25368 |
PDF-XChange |
CVE-2025-0900 |
3.3 |
2025-02-11 |
2025-02-11 |
PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-085 |
ZDI-CAN-25336 |
Logsign |
CVE-2025-1044 |
9.8 |
2025-02-05 |
2025-02-05 |
Logsign Unified SecOps Platform Authentication Bypass Vulnerability |
| ZDI-25-084 |
ZDI-CAN-23382 |
Mintty |
CVE-2025-1052 |
8.8 |
2025-02-05 |
2025-02-05 |
Mintty Sixel Image Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-083 |
ZDI-CAN-24690 |
Microsoft |
|
7.5 |
2025-02-04 |
2025-02-04 |
Microsoft Edge ms-its: Scheme Remote Code Execution Vulnerability |
| ZDI-25-082 |
ZDI-CAN-25014 |
Parallels |
CVE-2025-0413 |
7.8 |
2025-02-04 |
2025-06-25 |
Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-081 |
ZDI-CAN-25816 |
TeamViewer |
CVE-2025-0065 |
7.8 |
2025-02-03 |
2025-02-03 |
TeamViewer Improper Neutralization of Argument Delimiters Local Privilege Escalation Vulnerability |
| ZDI-25-080 |
ZDI-CAN-22834 |
NI |
CVE-2024-12740 |
7.8 |
2025-02-03 |
2025-02-03 |
NI Vision Builder AI JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-079 |
ZDI-CAN-22611 |
NI |
CVE-2024-12740 |
7.8 |
2025-02-03 |
2025-02-03 |
NI Vision Development Module Vision Assistant JPG File Parsing Out-of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-078 |
ZDI-CAN-22884 |
NI |
CVE-2024-12740 |
7.8 |
2025-02-03 |
2025-02-03 |
NI Vision Builder AI JPG File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-077 |
ZDI-CAN-22663 |
NI |
CVE-2024-12740 |
7.8 |
2025-02-03 |
2025-02-03 |
NI Vision Development Module Vision Assistant JPG File Parsing Out-of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-076 |
ZDI-CAN-25094 |
NoMachine |
CVE-2024-9632 |
6.7 |
2025-02-03 |
2025-02-03 |
NoMachine Incorrect Permission Assignment Local Privilege Escalation Vulnerability |
| ZDI-25-075 |
ZDI-CAN-25622 |
Canon |
CVE-2024-12649 |
8.8 |
2025-01-31 |
2025-01-31 |
(Pwn2Own) Canon imageCLASS MF656Cdw TTF Parsing Write-What-Where Condition Remote Code Execution Vulnerability |
| ZDI-25-074 |
ZDI-CAN-25592 |
Canon |
CVE-2024-12648 |
8.8 |
2025-01-31 |
2025-01-31 |
(Pwn2Own) Canon imageCLASS MF656Cdw TIF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-073 |
ZDI-CAN-25490 |
Canon |
CVE-2024-12647 |
8.8 |
2025-01-31 |
2025-01-31 |
(Pwn2Own) Canon imageCLASS MF656Cdw listObjects2 Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-072 |
ZDI-CAN-25405 |
PDF-XChange |
CVE-2025-0902 |
3.3 |
2025-01-31 |
2025-01-31 |
PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-071 |
ZDI-CAN-25422 |
PDF-XChange |
CVE-2025-0904 |
3.3 |
2025-01-31 |
2025-01-31 |
PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-070 |
ZDI-CAN-25421 |
PDF-XChange |
CVE-2025-0903 |
7.8 |
2025-01-31 |
2025-01-31 |
PDF-XChange Editor RTF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-069 |
ZDI-CAN-25435 |
PDF-XChange |
CVE-2025-0907 |
3.3 |
2025-01-31 |
2025-01-31 |
PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-068 |
ZDI-CAN-25434 |
PDF-XChange |
CVE-2025-0906 |
3.3 |
2025-01-31 |
2025-01-31 |
PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-067 |
ZDI-CAN-25433 |
PDF-XChange |
CVE-2025-0905 |
3.3 |
2025-01-31 |
2025-01-31 |
PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-066 |
ZDI-CAN-25957 |
PDF-XChange |
CVE-2025-0911 |
3.3 |
2025-01-31 |
2025-01-31 |
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-065 |
ZDI-CAN-25748 |
PDF-XChange |
CVE-2025-0910 |
7.8 |
2025-01-31 |
2025-01-31 |
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-064 |
ZDI-CAN-25678 |
PDF-XChange |
CVE-2025-0909 |
3.3 |
2025-01-31 |
2025-01-31 |
PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-063 |
ZDI-CAN-25557 |
PDF-XChange |
CVE-2025-0908 |
3.3 |
2025-01-31 |
2025-02-05 |
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-062 |
ZDI-CAN-25372 |
PDF-XChange |
CVE-2025-0901 |
7.8 |
2025-01-31 |
2025-01-31 |
PDF-XChange Editor Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-061 |
ZDI-CAN-25349 |
PDF-XChange |
CVE-2025-0899 |
7.8 |
2025-01-31 |
2025-01-31 |
PDF-XChange Editor AcroForm Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-060 |
ZDI-CAN-25396 |
Google |
CVE-2024-9954 |
7.5 |
2025-01-30 |
2025-01-30 |
Google Chrome AI Manager Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-059 |
ZDI-CAN-25000 |
Siemens |
CVE-2024-53041 |
7.8 |
2025-01-22 |
2025-01-22 |
Siemens Tecnomatix Plant Simulation WRL File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-058 |
ZDI-CAN-25206 |
Siemens |
CVE-2024-53242 |
7.8 |
2025-01-22 |
2025-01-22 |
Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-057 |
ZDI-CAN-25205 |
Siemens |
CVE-2024-45471 |
7.8 |
2025-01-22 |
2025-01-22 |
Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-056 |
ZDI-CAN-25202 |
Siemens |
CVE-2024-45469 |
7.8 |
2025-01-22 |
2025-01-22 |
Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-055 |
ZDI-CAN-25318 |
Sante |
CVE-2025-0574 |
8.2 |
2025-01-20 |
2025-01-20 |
Sante PACS Server URL path Memory Corruption Denial-of-Service Vulnerability |
| ZDI-25-054 |
ZDI-CAN-25308 |
Sante |
CVE-2025-0572 |
4.3 |
2025-01-20 |
2025-01-20 |
Sante PACS Server Web Portal DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability |
| ZDI-25-053 |
ZDI-CAN-25309 |
Sante |
CVE-2025-0573 |
5.3 |
2025-01-20 |
2025-01-20 |
Sante PACS Server DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability |
| ZDI-25-052 |
ZDI-CAN-25303 |
Sante |
CVE-2025-0569 |
7.5 |
2025-01-20 |
2025-01-20 |
Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability |
| ZDI-25-051 |
ZDI-CAN-25305 |
Sante |
CVE-2025-0571 |
6.5 |
2025-01-20 |
2025-01-20 |
Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability |
| ZDI-25-050 |
ZDI-CAN-25304 |
Sante |
CVE-2025-0570 |
6.5 |
2025-01-20 |
2025-01-20 |
Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability |
| ZDI-25-049 |
ZDI-CAN-25302 |
Sante |
CVE-2025-0568 |
7.5 |
2025-01-20 |
2025-01-20 |
Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability |
| ZDI-25-048 |
ZDI-CAN-24012 |
Apple |
CVE-2024-27856 |
8.8 |
2025-01-20 |
2025-03-06 |
Apple WebKit WebCore ContainerNode Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-047 |
ZDI-CAN-24986 |
WinZip Computing |
CVE-2025-1240 |
7.8 |
2025-02-11 |
2025-05-02 |
WinZip 7Z File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-046 |
ZDI-CAN-25333 |
Adobe |
CVE-2025-21127 |
7.3 |
2025-01-20 |
2025-01-20 |
Adobe Photoshop node_modules Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
| ZDI-25-045 |
ZDI-CAN-25456 |
7-Zip |
CVE-2025-0411 |
7.0 |
2025-01-19 |
2025-01-19 |
7-Zip Mark-of-the-Web Bypass Vulnerability |
| ZDI-25-044 |
ZDI-CAN-25713 |
Ivanti |
CVE-2024-13179 |
7.3 |
2025-01-19 |
2025-01-19 |
Ivanti Avalanche SecureFilter Authentication Bypass Vulnerability |
| ZDI-25-043 |
ZDI-CAN-25712 |
Ivanti |
CVE-2024-13180 |
7.5 |
2025-01-19 |
2025-01-19 |
Ivanti Avalanche Faces ResourceManager Information Disclosure Vulnerability |
| ZDI-25-042 |
ZDI-CAN-25711 |
Ivanti |
CVE-2024-13181 |
7.3 |
2025-01-19 |
2025-01-19 |
Ivanti Avalanche SecureFilter allowPassThrough Authentication Bypass Vulnerability |
| ZDI-25-041 |
ZDI-CAN-25929 |
Ivanti |
CVE-2024-13162 |
7.2 |
2025-01-19 |
2025-01-19 |
Ivanti Endpoint Manager updateAssetInfo SQL Injection Remote Code Execution Vulnerability |
| ZDI-25-040 |
ZDI-CAN-25432 |
Ivanti |
CVE-2024-13163 |
7.8 |
2025-01-19 |
2025-01-19 |
Ivanti Endpoint Manager DecodeBase64Object Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-039 |
ZDI-CAN-25431 |
Ivanti |
CVE-2024-13164 |
6.2 |
2025-01-19 |
2025-01-19 |
Ivanti Endpoint Manager AlertService Uninitialized Memory Information Disclosure Vulnerability |
| ZDI-25-038 |
ZDI-CAN-25420 |
Ivanti |
CVE-2024-13165 |
7.5 |
2025-01-19 |
2025-01-19 |
Ivanti Endpoint Manager Improper Input Validation AlertService Denial-of-Service Vulnerability |
| ZDI-25-037 |
ZDI-CAN-25419 |
Ivanti |
CVE-2024-13166 |
7.5 |
2025-01-19 |
2025-01-19 |
Ivanti Endpoint Manager AlertService Improper Input Validation Denial-of-Service Vulnerability |
| ZDI-25-036 |
ZDI-CAN-25418 |
Ivanti |
CVE-2024-13167 |
7.5 |
2025-01-19 |
2025-01-19 |
Ivanti Endpoint Manager AlertService Improper Input Validation Denial-of-Service Vulnerability |
| ZDI-25-035 |
ZDI-CAN-25417 |
Ivanti |
CVE-2024-13168 |
7.5 |
2025-01-19 |
2025-01-19 |
Ivanti Endpoint Manager AlertService Improper Input Validation Denial-of-Service Vulnerability |
| ZDI-25-034 |
ZDI-CAN-25416 |
Ivanti |
CVE-2024-13169 |
5.5 |
2025-01-19 |
2025-01-19 |
Ivanti Endpoint Manager AlertService Type Confusion Information Disclosure Vulnerability |
| ZDI-25-033 |
ZDI-CAN-25415 |
Ivanti |
CVE-2024-13170 |
7.5 |
2025-01-19 |
2025-01-19 |
Ivanti Endpoint Manager AlertService Improper Input Validation Denial-of-Service Vulnerability |
| ZDI-25-032 |
ZDI-CAN-25249 |
Ivanti |
CVE-2024-13172 |
7.8 |
2025-01-19 |
2025-01-19 |
Ivanti Endpoint Manager HIIDriver Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability |
| ZDI-25-031 |
ZDI-CAN-25209 |
Ivanti |
CVE-2024-13158 |
7.2 |
2025-01-19 |
2025-01-19 |
Ivanti Endpoint Manager MyResolveEventHandler Untrusted Search Path Remote Code Execution Vulnerability |
| ZDI-25-030 |
ZDI-CAN-25187 |
Microsoft |
CVE-2025-21363 |
7.8 |
2025-01-15 |
2025-01-15 |
Microsoft Office Word DOCX File Parsing Uninitialized Pointer Remote Code Execution Vulnerability |
| ZDI-25-029 |
ZDI-CAN-25332 |
Microsoft |
CVE-2025-21331 |
7.8 |
2025-01-15 |
2025-01-15 |
Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-028 |
ZDI-CAN-25188 |
Microsoft |
CVE-2025-21298 |
7.8 |
2025-01-15 |
2025-01-15 |
Microsoft Office Word RTF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-027 |
ZDI-CAN-23793 |
Google |
CVE-2024-2886 |
5.4 |
2025-01-12 |
2025-01-12 |
(Pwn2Own) Google Chrome VideoFrame Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-026 |
ZDI-CAN-24744 |
Mintty |
CVE-2024-45301 |
5.3 |
2025-01-10 |
2025-01-10 |
Mintty Path Conversion Improper Input Validation Information Disclosure Vulnerability |
| ZDI-25-025 |
ZDI-CAN-22247 |
Avira |
CVE-2024-9525 |
7.8 |
2025-01-09 |
2025-01-09 |
Avira Prime System Speedup Service Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-024 |
ZDI-CAN-22246 |
Avira |
CVE-2024-9524 |
7.8 |
2025-01-09 |
2025-01-09 |
Avira Prime System Speedup Service Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-023 |
ZDI-CAN-22245 |
Avira |
CVE-2024-9523 |
7.8 |
2025-01-09 |
2025-01-09 |
Avira Prime System Speedup Service Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-022 |
ZDI-CAN-25404 |
Apple |
|
3.3 |
2025-01-09 |
2025-01-09 |
Apple macOS libFontValidation Font Glyph YCoordinate Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-021 |
ZDI-CAN-25364 |
Apple |
|
3.3 |
2025-01-09 |
2025-01-09 |
Apple macOS libFontValidation Font Glyph Flags Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-020 |
ZDI-CAN-25366 |
Apple |
|
3.3 |
2025-01-09 |
2025-01-09 |
Apple macOS libFontValidation post Table Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-019 |
ZDI-CAN-25339 |
Apple |
|
3.3 |
2025-01-09 |
2025-01-09 |
Apple macOS libFontValidation loca Table Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-018 |
ZDI-CAN-25341 |
Apple |
|
3.3 |
2025-01-09 |
2025-01-09 |
Apple macOS libFontValidation Font Header Name Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-017 |
ZDI-CAN-25340 |
Apple |
|
3.3 |
2025-01-09 |
2025-01-09 |
Apple macOS libFontValidation kern Table Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-016 |
ZDI-CAN-25263 |
Apple |
CVE-2024-44240, CVE-2024-44302 |
3.3 |
2025-01-09 |
2025-01-09 |
Apple macOS CoreText Font Ligature Caret List Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-015 |
ZDI-CAN-25213 |
Apple |
CVE-2024-44240, CVE-2024-44302 |
3.3 |
2025-01-09 |
2025-01-09 |
Apple macOS CoreText Font Ligature Caret List Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-014 |
ZDI-CAN-24821 |
SonicWALL |
CVE-2024-53706 |
7.8 |
2025-01-09 |
2025-01-09 |
SonicWALL NSv setSshdConfig Exposed Dangerous Function Local Privilege Escalation Vulnerability |
| ZDI-25-013 |
ZDI-CAN-24820 |
SonicWALL |
CVE-2024-53705 |
8.1 |
2025-01-09 |
2025-01-09 |
SonicWALL NSv SSH Management Server-Side Request Forgery Vulnerability |
| ZDI-25-012 |
ZDI-CAN-24819 |
SonicWALL |
CVE-2024-53704 |
9.8 |
2025-01-09 |
2025-01-09 |
SonicWALL NSv Authentication Bypass Vulnerability |
| ZDI-25-011 |
ZDI-CAN-24818 |
SonicWALL |
CVE-2024-40762 |
8.8 |
2025-01-09 |
2025-01-09 |
SonicWALL NSv Cryptographically Weak PRNG Authentication Bypass Vulnerability |
| ZDI-25-010 |
ZDI-CAN-24487 |
Redis |
CVE-2024-46981 |
7.2 |
2025-01-09 |
2025-01-09 |
Redis Stack Lua Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-009 |
ZDI-CAN-24143 |
Redis |
CVE-2024-55656 |
8.8 |
2025-01-09 |
2025-01-09 |
Redis Stack RedisBloom Integer Overflow Remote Code Execution Vulnerability |
| ZDI-25-008 |
ZDI-CAN-24932 |
Trend Micro |
CVE-2024-55955 |
6.7 |
2025-01-08 |
2025-01-08 |
Trend Micro Deep Security Agent Incorrect Permissions Local Privilege Escalation Vulnerability |
| ZDI-25-007 |
ZDI-CAN-23401 |
Trend Micro |
CVE-2024-52047 |
7.5 |
2025-01-08 |
2025-01-08 |
Trend Micro Apex One widget getWidgetPoolManager Local File Inclusion Remote Code Execution Vulnerability |
| ZDI-25-006 |
ZDI-CAN-24674 |
Trend Micro |
CVE-2024-52049 |
7.8 |
2025-01-08 |
2025-01-08 |
Trend Micro Apex One LogServer Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-005 |
ZDI-CAN-24675 |
Trend Micro |
CVE-2024-52048 |
7.8 |
2025-01-08 |
2025-01-08 |
Trend Micro Apex One LogServer Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-004 |
ZDI-CAN-24566 |
Trend Micro |
CVE-2024-55917 |
7.8 |
2025-01-08 |
2025-01-08 |
Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability |
| ZDI-25-003 |
ZDI-CAN-24557 |
Trend Micro |
CVE-2024-55632 |
7.8 |
2025-01-08 |
2025-01-08 |
Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-002 |
ZDI-CAN-24609 |
Trend Micro |
CVE-2024-52050 |
7.8 |
2025-01-08 |
2025-01-08 |
Trend Micro Apex One LogServer Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-001 |
ZDI-CAN-23995 |
Trend Micro |
CVE-2024-55631 |
7.8 |
2025-01-08 |
2025-01-08 |
Trend Micro Apex One Damage Cleanup Engine Link Following Local Privilege Escalation Vulnerability |
