| ZDI-25-597 |
ZDI-CAN-26922 |
Autodesk |
CVE-2025-5037 |
7.8 |
2025-07-15 |
2025-07-15 |
Autodesk Revit RFA File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-596 |
ZDI-CAN-26917 |
Autodesk |
CVE-2025-5040 |
7.8 |
2025-07-15 |
2025-07-15 |
Autodesk Revit RTE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-595 |
ZDI-CAN-27098 |
Autodesk |
CVE-2025-5037 |
7.8 |
2025-07-15 |
2025-07-15 |
Autodesk Revit RFA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-594 |
ZDI-CAN-26963 |
Autodesk |
CVE-2025-5037 |
7.8 |
2025-07-15 |
2025-07-15 |
Autodesk Revit RFA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-593 |
ZDI-CAN-26925 |
Autodesk |
CVE-2025-5037 |
7.8 |
2025-07-15 |
2025-07-15 |
Autodesk Revit RVT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-592 |
ZDI-CAN-26923 |
Autodesk |
CVE-2025-5037 |
7.8 |
2025-07-15 |
2025-07-15 |
Autodesk Revit RVT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-591 |
ZDI-CAN-26161 |
Delta Electronics |
CVE-2025-53415 |
7.8 |
2025-07-11 |
2025-07-11 |
Delta Electronics DTM Soft BIN File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-590 |
ZDI-CAN-26240 |
G DATA |
CVE-2025-2790 |
7.8 |
2025-07-11 |
2025-07-11 |
G DATA Total Security GDTunerSvc Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-589 |
ZDI-CAN-25342 |
Trend Micro |
CVE-2025-53378 |
7.6 |
2025-07-11 |
2025-07-11 |
Trend Micro Worry-Free Business Security Missing Authentication Vulnerability |
| ZDI-25-588 |
ZDI-CAN-26484 |
Trend Micro |
CVE-2025-53503 |
7.8 |
2025-07-11 |
2025-07-11 |
Trend Micro Cleaner One Pro Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-587 |
ZDI-CAN-26473 |
Luxion |
CVE-2025-7222 |
7.8 |
2025-07-11 |
2025-07-11 |
Luxion KeyShot 3DM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-586 |
ZDI-CAN-25729 |
Trend Micro |
CVE-2025-52837 |
7.8 |
2025-07-08 |
2025-07-08 |
Trend Micro Password Manager Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-585 |
ZDI-CAN-26887 |
Trend Micro |
CVE-2025-52521 |
7.8 |
2025-07-08 |
2025-07-08 |
Trend Micro Maximum Security Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-584 |
ZDI-CAN-27167 |
Microsoft |
CVE-2025-49727 |
8.8 |
2025-07-08 |
2025-07-08 |
Microsoft Windows win32kfull Out-Of-Bounds Write Local Privilege Escalation Vulnerability |
| ZDI-25-583 |
ZDI-CAN-26791 |
Microsoft |
CVE-2025-49732 |
7.8 |
2025-07-08 |
2025-07-08 |
Microsoft Windows win32kfull Out-Of-Bounds Write Local Privilege Escalation Vulnerability |
| ZDI-25-582 |
ZDI-CAN-27246 |
Microsoft |
CVE-2025-49740 |
7.0 |
2025-07-08 |
2025-07-08 |
Microsoft Windows Startup Folder SmartScreen Bypass Vulnerability |
| ZDI-25-581 |
ZDI-CAN-27247 |
Microsoft |
CVE-2025-49704 |
8.8 |
2025-07-08 |
2025-07-08 |
(Pwn2Own) Microsoft SharePoint DataSetSurrogateSelector Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-580 |
ZDI-CAN-27162 |
Microsoft |
CVE-2025-49706 |
6.5 |
2025-07-08 |
2025-07-08 |
(Pwn2Own) Microsoft SharePoint ToolPane Authentication Bypass Vulnerability |
| ZDI-25-579 |
ZDI-CAN-26249 |
Microsoft |
CVE-2025-47993 |
7.8 |
2025-07-08 |
2025-07-08 |
Microsoft PC Manager Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
| ZDI-25-578 |
ZDI-CAN-26768 |
Microsoft |
CVE-2025-49742 |
7.8 |
2025-07-08 |
2025-07-08 |
Microsoft Windows win32kfull Integer Overflow Local Privilege Escalation Vulnerability |
| ZDI-25-577 |
ZDI-CAN-26358 |
Microsoft |
CVE-2025-48820 |
7.8 |
2025-07-08 |
2025-07-08 |
Microsoft Windows AppX Deployment Service Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-576 |
ZDI-CAN-26572 |
Siemens |
CVE-2025-40738 |
8.8 |
2025-07-08 |
2025-07-08 |
Siemens SINEC NMS uploadFWBinary Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-575 |
ZDI-CAN-26571 |
Siemens |
CVE-2025-40737 |
8.8 |
2025-07-08 |
2025-07-08 |
Siemens SINEC NMS unZipJarFilestoLocation Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-574 |
ZDI-CAN-26569 |
Siemens |
CVE-2025-40736 |
9.8 |
2025-07-08 |
2025-07-08 |
Siemens SINEC NMS reqToChangePassword Authentication Bypass Vulnerability |
| ZDI-25-573 |
ZDI-CAN-26376 |
IrfanView |
CVE-2025-7299 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-572 |
ZDI-CAN-26434 |
IrfanView |
CVE-2025-7325 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-571 |
ZDI-CAN-26430 |
IrfanView |
CVE-2025-7324 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-570 |
ZDI-CAN-26428 |
IrfanView |
CVE-2025-7323 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-569 |
ZDI-CAN-26423 |
IrfanView |
CVE-2025-7322 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-568 |
ZDI-CAN-26421 |
IrfanView |
CVE-2025-7321 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-567 |
ZDI-CAN-26418 |
IrfanView |
CVE-2025-7320 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-566 |
ZDI-CAN-26413 |
IrfanView |
CVE-2025-7319 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-565 |
ZDI-CAN-26412 |
IrfanView |
CVE-2025-7318 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-564 |
ZDI-CAN-26411 |
IrfanView |
CVE-2025-7317 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-563 |
ZDI-CAN-26410 |
IrfanView |
CVE-2025-7316 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-562 |
ZDI-CAN-26408 |
IrfanView |
CVE-2025-7315 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-561 |
ZDI-CAN-26400 |
IrfanView |
CVE-2025-7314 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-560 |
ZDI-CAN-26399 |
IrfanView |
CVE-2025-7313 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-559 |
ZDI-CAN-26398 |
IrfanView |
CVE-2025-7312 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-558 |
ZDI-CAN-26395 |
IrfanView |
CVE-2025-7311 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-557 |
ZDI-CAN-26391 |
IrfanView |
CVE-2025-7309 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-556 |
ZDI-CAN-26393 |
IrfanView |
CVE-2025-7310 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-555 |
ZDI-CAN-26389 |
IrfanView |
CVE-2025-7308 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-554 |
ZDI-CAN-26388 |
IrfanView |
CVE-2025-7307 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-553 |
ZDI-CAN-26387 |
IrfanView |
CVE-2025-7306 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-552 |
ZDI-CAN-26386 |
IrfanView |
CVE-2025-7305 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-551 |
ZDI-CAN-26385 |
IrfanView |
CVE-2025-7304 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-550 |
ZDI-CAN-26384 |
IrfanView |
CVE-2025-7303 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-549 |
ZDI-CAN-26381 |
IrfanView |
CVE-2025-7302 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-548 |
ZDI-CAN-26380 |
IrfanView |
CVE-2025-7301 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-547 |
ZDI-CAN-26377 |
IrfanView |
CVE-2025-7300 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-546 |
ZDI-CAN-26243 |
IrfanView |
CVE-2025-7296 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-545 |
ZDI-CAN-26244 |
IrfanView |
CVE-2025-7297 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-544 |
ZDI-CAN-26242 |
IrfanView |
CVE-2025-7295 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-543 |
ZDI-CAN-26230 |
IrfanView |
CVE-2025-7294 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-542 |
ZDI-CAN-26246 |
IrfanView |
CVE-2025-7298 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-541 |
ZDI-CAN-26229 |
IrfanView |
CVE-2025-7293 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-540 |
ZDI-CAN-26228 |
IrfanView |
CVE-2025-7292 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-539 |
ZDI-CAN-26227 |
IrfanView |
CVE-2025-7291 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-538 |
ZDI-CAN-26226 |
IrfanView |
CVE-2025-7290 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-537 |
ZDI-CAN-26221 |
IrfanView |
CVE-2025-7285 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-536 |
ZDI-CAN-26220 |
IrfanView |
CVE-2025-7284 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-535 |
ZDI-CAN-26225 |
IrfanView |
CVE-2025-7289 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-534 |
ZDI-CAN-26224 |
IrfanView |
CVE-2025-7288 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-533 |
ZDI-CAN-26223 |
IrfanView |
CVE-2025-7287 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-532 |
ZDI-CAN-26222 |
IrfanView |
CVE-2025-7286 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-531 |
ZDI-CAN-26219 |
IrfanView |
CVE-2025-7283 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-530 |
ZDI-CAN-26216 |
IrfanView |
CVE-2025-7282 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-529 |
ZDI-CAN-26215 |
IrfanView |
CVE-2025-7281 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-528 |
ZDI-CAN-26214 |
IrfanView |
CVE-2025-7280 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-527 |
ZDI-CAN-26213 |
IrfanView |
CVE-2025-7279 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-526 |
ZDI-CAN-26211 |
IrfanView |
CVE-2025-7278 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-525 |
ZDI-CAN-26203 |
IrfanView |
CVE-2025-7274 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-524 |
ZDI-CAN-26209 |
IrfanView |
CVE-2025-7277 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-523 |
ZDI-CAN-26208 |
IrfanView |
CVE-2025-7276 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-522 |
ZDI-CAN-26204 |
IrfanView |
CVE-2025-7275 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-521 |
ZDI-CAN-26198 |
IrfanView |
CVE-2025-7272 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-520 |
ZDI-CAN-26193 |
IrfanView |
CVE-2025-7271 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-519 |
ZDI-CAN-26202 |
IrfanView |
CVE-2025-7273 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-518 |
ZDI-CAN-26189 |
IrfanView |
CVE-2025-7270 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-517 |
ZDI-CAN-26188 |
IrfanView |
CVE-2025-7269 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-516 |
ZDI-CAN-26182 |
IrfanView |
CVE-2025-7268 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-515 |
ZDI-CAN-26179 |
IrfanView |
CVE-2025-7267 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-514 |
ZDI-CAN-26174 |
IrfanView |
CVE-2025-7266 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-513 |
ZDI-CAN-26173 |
IrfanView |
CVE-2025-7265 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-512 |
ZDI-CAN-26171 |
IrfanView |
CVE-2025-7264 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-511 |
ZDI-CAN-26170 |
IrfanView |
CVE-2025-7263 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-510 |
ZDI-CAN-26132 |
IrfanView |
CVE-2025-7262 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-509 |
ZDI-CAN-26130 |
IrfanView |
CVE-2025-7261 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-508 |
ZDI-CAN-26129 |
IrfanView |
CVE-2025-7260 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-507 |
ZDI-CAN-26127 |
IrfanView |
CVE-2025-7258 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-506 |
ZDI-CAN-26085 |
IrfanView |
CVE-2025-7239 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-505 |
ZDI-CAN-26084 |
IrfanView |
CVE-2025-7238 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-504 |
ZDI-CAN-26083 |
IrfanView |
CVE-2025-7237 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-503 |
ZDI-CAN-26126 |
IrfanView |
CVE-2025-7257 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-502 |
ZDI-CAN-26119 |
IrfanView |
CVE-2025-7256 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-501 |
ZDI-CAN-26098 |
IrfanView |
CVE-2025-7248 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-500 |
ZDI-CAN-26118 |
IrfanView |
CVE-2025-7255 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-499 |
ZDI-CAN-26096 |
IrfanView |
CVE-2025-7247 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-498 |
ZDI-CAN-26095 |
IrfanView |
CVE-2025-7246 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-497 |
ZDI-CAN-26093 |
IrfanView |
CVE-2025-7244 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-496 |
ZDI-CAN-26113 |
IrfanView |
CVE-2025-7254 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-495 |
ZDI-CAN-26074 |
IrfanView |
CVE-2025-7234 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin CGM File Parsing Out-of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-494 |
ZDI-CAN-26072 |
IrfanView |
CVE-2025-7233 |
3.3 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-493 |
ZDI-CAN-26112 |
IrfanView |
CVE-2025-7253 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-492 |
ZDI-CAN-26100 |
IrfanView |
CVE-2025-7249 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-491 |
ZDI-CAN-26091 |
IrfanView |
CVE-2025-7243 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-490 |
ZDI-CAN-26088 |
IrfanView |
CVE-2025-7242 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-489 |
ZDI-CAN-26087 |
IrfanView |
CVE-2025-7241 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-488 |
ZDI-CAN-26086 |
IrfanView |
CVE-2025-7240 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-487 |
ZDI-CAN-26080 |
IrfanView |
CVE-2025-7236 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-486 |
ZDI-CAN-26107 |
IrfanView |
CVE-2025-7250 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-485 |
ZDI-CAN-26075 |
IrfanView |
CVE-2025-7235 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-484 |
ZDI-CAN-26109 |
IrfanView |
CVE-2025-7252 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-483 |
ZDI-CAN-26108 |
IrfanView |
CVE-2025-7251 |
7.8 |
2025-07-08 |
2025-07-08 |
IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-482 |
ZDI-CAN-25724 |
INVT |
CVE-2025-7231 |
7.8 |
2025-07-07 |
2025-07-07 |
(0Day) INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-481 |
ZDI-CAN-25723 |
INVT |
CVE-2025-7230 |
7.8 |
2025-07-07 |
2025-07-07 |
(0Day) INVT VT-Designer PM3 File Parsing Type Confusion Remote Code Execution Vulnerability |
| ZDI-25-480 |
ZDI-CAN-25722 |
INVT |
CVE-2025-7229 |
7.8 |
2025-07-07 |
2025-07-07 |
(0Day) INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-479 |
ZDI-CAN-25571 |
INVT |
CVE-2025-7228 |
7.8 |
2025-07-07 |
2025-07-07 |
(0Day) INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-478 |
ZDI-CAN-25550 |
INVT |
CVE-2025-7227 |
7.8 |
2025-07-07 |
2025-07-07 |
(0Day) INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-477 |
ZDI-CAN-25048 |
INVT |
CVE-2025-7226 |
7.8 |
2025-07-07 |
2025-07-07 |
(0Day) INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-476 |
ZDI-CAN-25047 |
INVT |
CVE-2025-7225 |
7.8 |
2025-07-07 |
2025-07-07 |
(0Day) INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-475 |
ZDI-CAN-25045 |
INVT |
CVE-2025-7224 |
7.8 |
2025-07-07 |
2025-07-07 |
(0Day) INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-474 |
ZDI-CAN-25044 |
INVT |
CVE-2025-7223 |
7.8 |
2025-07-07 |
2025-07-07 |
(0Day) INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-473 |
ZDI-CAN-25039 |
Parallels |
CVE-2025-6812 |
7.3 |
2025-07-07 |
2025-07-07 |
Parallels Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
| ZDI-25-472 |
ZDI-CAN-26720 |
Delta Electronics |
CVE-2025-47726 |
7.8 |
2025-07-03 |
2025-07-03 |
Delta Electronics CNCSoft Screen Editor DPB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-471 |
ZDI-CAN-26842 |
Delta Electronics |
CVE-2025-47727 |
7.8 |
2025-07-03 |
2025-07-03 |
Delta Electronics CNCSoft Screen Editor DPB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-470 |
ZDI-CAN-26719 |
Delta Electronics |
CVE-2025-47725 |
7.8 |
2025-07-03 |
2025-07-03 |
Delta Electronics CNCSoft Screen Editor DPB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-469 |
ZDI-CAN-26718 |
Delta Electronics |
CVE-2025-47724 |
7.8 |
2025-07-03 |
2025-07-03 |
Delta Electronics CNCSoft Screen Editor DPB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-468 |
ZDI-CAN-26061 |
GFI |
CVE-2019-18935, CVE-2017-11317, CVE-2014-2217 |
9.8 |
2025-07-03 |
2025-07-03 |
GFI Archiver Telerik Web UI Remote Code Execution Vulnerability |
| ZDI-25-467 |
ZDI-CAN-27381 |
GStreamer |
CVE-2025-6663 |
7.8 |
2025-07-03 |
2025-07-03 |
GStreamer H266 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-466 |
ZDI-CAN-25218 |
Marvell |
CVE-2025-6809 |
9.8 |
2025-06-27 |
2025-06-27 |
(0Day) Marvell QConvergeConsole readNICParametersFromFile Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-465 |
ZDI-CAN-25217 |
Marvell |
CVE-2025-6808 |
9.8 |
2025-06-27 |
2025-06-27 |
(0Day) Marvell QConvergeConsole readObjectFromConfigFile Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-464 |
ZDI-CAN-24922 |
Marvell |
CVE-2025-6802 |
9.8 |
2025-06-27 |
2025-06-27 |
(0Day) Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Remote Code Execution Vulnerability |
| ZDI-25-463 |
ZDI-CAN-24980 |
Marvell |
CVE-2025-6807 |
5.3 |
2025-06-27 |
2025-06-27 |
(0Day) Marvell QConvergeConsole getDriverTmpPath Directory Traversal Information Disclosure Vulnerability |
| ZDI-25-462 |
ZDI-CAN-24979 |
Marvell |
CVE-2025-6806 |
8.2 |
2025-06-27 |
2025-06-27 |
(0Day) Marvell QConvergeConsole decryptFile Directory Traversal Arbitrary File Write Vulnerability |
| ZDI-25-461 |
ZDI-CAN-24925 |
Marvell |
CVE-2025-6805 |
8.2 |
2025-06-27 |
2025-06-27 |
(0Day) Marvell QConvergeConsole deleteEventLogFile Directory Traversal Arbitrary File Deletion Vulnerability |
| ZDI-25-460 |
ZDI-CAN-24921 |
Marvell |
CVE-2025-6801 |
8.2 |
2025-06-27 |
2025-06-27 |
(0Day) Marvell QConvergeConsole saveNICParamsToFile Directory Traversal Arbitrary File Write Vulnerability |
| ZDI-25-459 |
ZDI-CAN-24920 |
Marvell |
CVE-2025-6800 |
7.5 |
2025-06-27 |
2025-06-27 |
(0Day) Marvell QConvergeConsole restoreESwitchConfig Directory Traversal Information Disclosure Vulnerability |
| ZDI-25-458 |
ZDI-CAN-24919 |
Marvell |
CVE-2025-6799 |
7.5 |
2025-06-27 |
2025-06-27 |
(0Day) Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability |
| ZDI-25-457 |
ZDI-CAN-24918 |
Marvell |
CVE-2025-6798 |
8.2 |
2025-06-27 |
2025-06-27 |
(0Day) Marvell QConvergeConsole deleteAppFile Directory Traversal Arbitrary File Deletion Vulnerability |
| ZDI-25-456 |
ZDI-CAN-24917 |
Marvell |
CVE-2025-6797 |
7.5 |
2025-06-27 |
2025-06-27 |
(0Day) Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability |
| ZDI-25-455 |
ZDI-CAN-24914 |
Marvell |
CVE-2025-6795 |
5.3 |
2025-06-27 |
2025-06-27 |
(0Day) Marvell QConvergeConsole getFileUploadSize Directory Traversal Information Disclosure Vulnerability |
| ZDI-25-454 |
ZDI-CAN-24913 |
Marvell |
CVE-2025-6794 |
9.8 |
2025-06-27 |
2025-06-27 |
(0Day) Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-453 |
ZDI-CAN-24924 |
Marvell |
CVE-2025-6804 |
7.5 |
2025-06-27 |
2025-06-27 |
(0Day) Marvell QConvergeConsole compressFirmwareDumpFiles Directory Traversal Information Disclosure Vulnerability |
| ZDI-25-452 |
ZDI-CAN-24923 |
Marvell |
CVE-2025-6803 |
7.5 |
2025-06-27 |
2025-06-27 |
(0Day) Marvell QConvergeConsole compressDriverFiles Directory Traversal Information Disclosure Vulnerability |
| ZDI-25-451 |
ZDI-CAN-24916 |
Marvell |
CVE-2025-6796 |
7.5 |
2025-06-27 |
2025-06-27 |
(0Day) Marvell QConvergeConsole getAppFileBytes Directory Traversal Information Disclosure Vulnerability |
| ZDI-25-450 |
ZDI-CAN-24912 |
Marvell |
CVE-2025-6793 |
9.4 |
2025-06-27 |
2025-06-27 |
(0Day) Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability |
| ZDI-25-449 |
ZDI-CAN-25397 |
Mescius |
CVE-2025-6811 |
9.8 |
2025-06-27 |
2025-06-27 |
(0Day) Mescius ActiveReports.NET TypeResolutionService Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-448 |
ZDI-CAN-25246 |
Mescius |
CVE-2025-6810 |
9.8 |
2025-06-27 |
2025-06-27 |
(0Day) Mescius ActiveReports.NET ReadValue Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-447 |
ZDI-CAN-26985 |
PDF-XChange |
CVE-2025-6662 |
3.3 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-446 |
ZDI-CAN-26823 |
PDF-XChange |
CVE-2025-6661 |
7.8 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor App Object Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-445 |
ZDI-CAN-26734 |
PDF-XChange |
CVE-2025-6659 |
7.8 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor PRC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-444 |
ZDI-CAN-26733 |
PDF-XChange |
CVE-2025-6658 |
3.3 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-443 |
ZDI-CAN-26763 |
PDF-XChange |
CVE-2025-6660 |
7.8 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor GIF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-442 |
ZDI-CAN-26732 |
PDF-XChange |
CVE-2025-6657 |
3.3 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-441 |
ZDI-CAN-26731 |
PDF-XChange |
CVE-2025-6656 |
3.3 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-440 |
ZDI-CAN-26730 |
PDF-XChange |
CVE-2025-6655 |
3.3 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-439 |
ZDI-CAN-26729 |
PDF-XChange |
CVE-2025-6654 |
7.8 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor PRC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-438 |
ZDI-CAN-26726 |
PDF-XChange |
CVE-2025-6653 |
3.3 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-437 |
ZDI-CAN-26724 |
PDF-XChange |
CVE-2025-6652 |
3.3 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-436 |
ZDI-CAN-26713 |
PDF-XChange |
CVE-2025-6651 |
7.8 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-435 |
ZDI-CAN-26712 |
PDF-XChange |
CVE-2025-6650 |
3.3 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-434 |
ZDI-CAN-26709 |
PDF-XChange |
CVE-2025-6649 |
3.3 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-433 |
ZDI-CAN-26671 |
PDF-XChange |
CVE-2025-6648 |
3.3 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-432 |
ZDI-CAN-26644 |
PDF-XChange |
CVE-2025-6647 |
7.8 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-431 |
ZDI-CAN-26643 |
PDF-XChange |
CVE-2025-6646 |
3.3 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor U3D File Parsing Use-After-Free Information Disclosure Vulnerability |
| ZDI-25-430 |
ZDI-CAN-26642 |
PDF-XChange |
CVE-2025-6645 |
7.8 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-429 |
ZDI-CAN-26536 |
PDF-XChange |
CVE-2025-6644 |
7.8 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-428 |
ZDI-CAN-26532 |
PDF-XChange |
CVE-2025-6643 |
3.3 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-427 |
ZDI-CAN-26530 |
PDF-XChange |
CVE-2025-6642 |
7.8 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-426 |
ZDI-CAN-26528 |
PDF-XChange |
CVE-2025-6641 |
3.3 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-425 |
ZDI-CAN-26527 |
PDF-XChange |
CVE-2025-6640 |
7.8 |
2025-06-25 |
2025-06-25 |
PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-424 |
ZDI-CAN-26415 |
Mikrotik |
CVE-2025-6443 |
7.2 |
2025-06-25 |
2025-06-25 |
Mikrotik RouterOS VXLAN Source IP Improper Access Control Vulnerability |
| ZDI-25-423 |
ZDI-CAN-23719 |
Microsoft |
|
9.8 |
2025-06-25 |
2025-06-25 |
Microsoft WinJS winjsdevelop Uncontrolled Search Path Element Remote Code Execution Vulnerability |
| ZDI-25-422 |
ZDI-CAN-24823 |
Microsoft |
|
3.7 |
2025-06-25 |
2025-06-25 |
Microsoft Azure Machine Learning Environments Denial-of-Service Vulnerability |
| ZDI-25-421 |
ZDI-CAN-24622 |
Microsoft |
|
5.3 |
2025-06-25 |
2025-06-25 |
Microsoft Azure App Services Information Disclosure Vulnerability |
| ZDI-25-420 |
ZDI-CAN-26241 |
PaperCut |
CVE-2024-8404 |
7.8 |
2025-06-25 |
2025-06-25 |
PaperCut NG web-print-hot-folder Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-419 |
ZDI-CAN-26660 |
TeamViewer |
CVE-2025-36537 |
7.8 |
2025-06-25 |
2025-06-25 |
TeamViewer Incorrect Permission Assignment Local Privilege Escalation Vulnerability |
| ZDI-25-418 |
ZDI-CAN-26498 |
Apple |
CVE-2025-31196 |
4.3 |
2025-06-24 |
2025-06-24 |
Apple macOS CoreGraphics PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-417 |
ZDI-CAN-26010 |
Clam AntiVirus |
CVE-2025-20234 |
6.1 |
2025-06-23 |
2025-06-23 |
Clam AntiVirus UDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-416 |
ZDI-CAN-25837 |
ServiceStack |
CVE-2025-6445 |
8.1 |
2025-06-23 |
2025-06-23 |
ServiceStack FindType Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-415 |
ZDI-CAN-25834 |
ServiceStack |
CVE-2025-6444 |
5.9 |
2025-06-23 |
2025-06-23 |
ServiceStack GetErrorResponse Improper Input Validation NTLM Relay Vulnerability |
| ZDI-25-414 |
ZDI-CAN-21876 |
Ruby |
CVE-2025-6442 |
6.5 |
2025-06-23 |
2025-06-23 |
Ruby WEBrick read_header HTTP Request Smuggling Vulnerability |
| ZDI-25-413 |
ZDI-CAN-26018 |
Fuji Electric |
CVE-2025-41388 |
7.8 |
2025-06-19 |
2025-06-19 |
Fuji Electric Smart Editor TL5 File Parsing Stack-Based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-412 |
ZDI-CAN-26031 |
Fuji Electric |
CVE-2025-41413 |
7.8 |
2025-06-19 |
2025-06-19 |
Fuji Electric Smart Editor X1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-411 |
ZDI-CAN-26167 |
Delta Electronics |
CVE-2025-47728 |
7.8 |
2025-06-19 |
2025-06-19 |
Delta Electronics CNCSoft-G2 DPAX File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-410 |
ZDI-CAN-27104 |
Allegra |
CVE-2025-6216 |
9.8 |
2025-06-19 |
2025-06-19 |
Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability |
| ZDI-25-409 |
ZDI-CAN-27198 |
RARLAB |
CVE-2025-6218 |
7.8 |
2025-06-19 |
2025-06-19 |
RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-408 |
ZDI-CAN-24161 |
PEAK-System |
CVE-2025-6217 |
3.8 |
2025-06-18 |
2025-06-18 |
PEAK-System Driver PCANFD_ADD_FILTERS Time-Of-Check Time-Of-Use Information Disclosure Vulnerability |
| ZDI-25-407 |
ZDI-CAN-25346 |
SolarWinds |
CVE-2024-28988 |
9.8 |
2025-06-17 |
2025-06-17 |
SolarWinds Web Help Desk AjaxProxy Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-406 |
ZDI-CAN-25087 |
SolarWinds |
CVE-2024-45711 |
7.5 |
2025-06-17 |
2025-06-17 |
SolarWinds Serv-U FTP Service Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-405 |
ZDI-CAN-26024 |
Fuji Electric |
CVE-2025-41388 |
7.8 |
2025-06-17 |
2025-06-17 |
Fuji Electric Smart Editor X1 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-404 |
ZDI-CAN-26022 |
Fuji Electric |
CVE-2025-41388 |
7.8 |
2025-06-17 |
2025-06-17 |
Fuji Electric Smart Editor X1 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-403 |
ZDI-CAN-26020 |
Fuji Electric |
CVE-2025-41388 |
7.8 |
2025-06-17 |
2025-06-17 |
Fuji Electric Smart Editor V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-402 |
ZDI-CAN-25942 |
Fuji Electric |
CVE-2025-41388 |
7.8 |
2025-06-17 |
2025-06-17 |
Fuji Electric Smart Editor TL5 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-401 |
ZDI-CAN-26028 |
Fuji Electric |
CVE-2025-41413 |
7.8 |
2025-06-17 |
2025-06-17 |
Fuji Electric Smart Editor V10 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-400 |
ZDI-CAN-26032 |
Fuji Electric |
CVE-2025-32412 |
7.8 |
2025-06-17 |
2025-06-17 |
Fuji Electric Smart Editor TL5 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-399 |
ZDI-CAN-26026 |
Fuji Electric |
CVE-2025-41388 |
7.8 |
2025-06-17 |
2025-06-17 |
Fuji Electric Smart Editor V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-398 |
ZDI-CAN-25876 |
Trend Micro |
CVE-2025-49384 |
7.8 |
2025-06-17 |
2025-06-17 |
Trend Micro Internet Security Platinum Host Service Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-397 |
ZDI-CAN-25049 |
Delta Electronics |
CVE-2025-3495 |
9.8 |
2025-06-17 |
2025-06-17 |
Delta Electronics COMMGR Insufficient Randomization Authentication Bypass Vulnerability |
| ZDI-25-396 |
ZDI-CAN-25916 |
Siemens |
CVE-2025-31353 |
6.5 |
2025-06-16 |
2025-06-16 |
Siemens TeleControl Server Basic UpdateOpcSettings SQL Injection Information Disclosure Vulnerability |
| ZDI-25-395 |
ZDI-CAN-25915 |
Siemens |
CVE-2025-31352 |
6.5 |
2025-06-16 |
2025-06-16 |
Siemens TeleControl Server Basic UpdateGateways SQL Injection Information Disclosure Vulnerability |
| ZDI-25-394 |
ZDI-CAN-25917 |
Siemens |
CVE-2025-31351 |
6.5 |
2025-06-16 |
2025-06-16 |
Siemens TeleControl Server Basic CreateProject SQL Injection Information Disclosure Vulnerability |
| ZDI-25-393 |
ZDI-CAN-25918 |
Siemens |
CVE-2025-31350 |
6.5 |
2025-06-16 |
2025-06-16 |
Siemens TeleControl Server Basic UpdateBufferingSettings SQL Injection Information Disclosure Vulnerability |
| ZDI-25-392 |
ZDI-CAN-25919 |
Siemens |
CVE-2025-31349 |
6.5 |
2025-06-16 |
2025-06-16 |
Siemens TeleControl Server Basic UpdateSmtpSettings SQL Injection Information Disclosure Vulnerability |
| ZDI-25-391 |
ZDI-CAN-25920 |
Siemens |
CVE-2025-31343 |
6.5 |
2025-06-16 |
2025-06-16 |
Siemens TeleControl Server Basic UpdateTcmSettings SQL Injection Information Disclosure Vulnerability |
| ZDI-25-390 |
ZDI-CAN-25921 |
Siemens |
CVE-2025-30032 |
6.5 |
2025-06-16 |
2025-06-16 |
Siemens TeleControl Server Basic UpdateDatabaseSettings SQL Injection Information Disclosure Vulnerability |
| ZDI-25-389 |
ZDI-CAN-25922 |
Siemens |
CVE-2025-30031 |
6.5 |
2025-06-16 |
2025-06-16 |
Siemens TeleControl Server Basic UpdateUsers SQL Injection Information Disclosure Vulnerability |
| ZDI-25-388 |
ZDI-CAN-25924 |
Siemens |
CVE-2025-30030 |
6.5 |
2025-06-16 |
2025-06-16 |
Siemens TeleControl Server Basic ImportDatabase SQL Injection Information Disclosure Vulnerability |
| ZDI-25-387 |
ZDI-CAN-25910 |
Siemens |
CVE-2025-30003 |
6.5 |
2025-06-16 |
2025-06-16 |
Siemens TeleControl Server Basic UpdateProjectConnections SQL Injection Information Disclosure Vulnerability |
| ZDI-25-386 |
ZDI-CAN-25909 |
Siemens |
CVE-2025-30002 |
6.5 |
2025-06-16 |
2025-06-16 |
Siemens TeleControl Server Basic UpdateConnectionVariables SQL Injection Information Disclosure Vulnerability |
| ZDI-25-385 |
ZDI-CAN-25923 |
Siemens |
CVE-2025-29905 |
8.8 |
2025-06-16 |
2025-06-16 |
Siemens TeleControl Server Basic RestoreFromBackup SQL Injection Remote Code Execution Vulnerability |
| ZDI-25-384 |
ZDI-CAN-25913 |
Siemens |
CVE-2025-27540 |
9.8 |
2025-06-16 |
2025-06-16 |
Siemens TeleControl Server Basic Authenticate SQL Injection Remote Code Execution Vulnerability |
| ZDI-25-383 |
ZDI-CAN-25914 |
Siemens |
CVE-2025-27539 |
9.8 |
2025-06-16 |
2025-06-16 |
Siemens TeleControl Server Basic VerifyUser SQL Injection Remote Code Execution Vulnerability |
| ZDI-25-382 |
ZDI-CAN-25912 |
Siemens |
CVE-2025-32475 |
6.5 |
2025-06-16 |
2025-06-16 |
Siemens TeleControl Server Basic UpdateProject SQL Injection Information Disclosure Vulnerability |
| ZDI-25-381 |
ZDI-CAN-25911 |
Siemens |
CVE-2025-27495 |
9.8 |
2025-06-16 |
2025-06-16 |
Siemens TeleControl Server Basic CreateTrace SQL Injection Remote Code Execution Vulnerability |
| ZDI-25-380 |
ZDI-CAN-25877 |
Trend Micro |
CVE-2025-49385 |
7.8 |
2025-06-13 |
2025-06-13 |
Trend Micro Maximum Security Platinum Host Service Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-379 |
ZDI-CAN-25589 |
Ubiquiti Networks |
CVE-2025-23117 |
6.8 |
2025-06-11 |
2025-06-11 |
(Pwn2Own) Ubiquiti Networks AI Bullet Insufficient Firmware Update Validation Remote Code Execution Vulnerability |
| ZDI-25-378 |
ZDI-CAN-25588 |
Ubiquiti Networks |
CVE-2025-23116 |
9.6 |
2025-06-11 |
2025-06-11 |
(Pwn2Own) Ubiquiti Networks UniFi Console Missing Authentication for Critical Function Authentication Bypass Vulnerability |
| ZDI-25-377 |
ZDI-CAN-25603 |
Ubiquiti Networks |
CVE-2025-23119 |
7.5 |
2025-06-11 |
2025-06-11 |
(Pwn2Own) Ubiquiti Networks AI Bullet Improper Neutralization of Escape Sequences Authentication Bypass Vulnerability |
| ZDI-25-376 |
ZDI-CAN-25666 |
Ubiquiti Networks |
CVE-2025-23118 |
7.5 |
2025-06-11 |
2025-06-11 |
(Pwn2Own) Ubiquiti Networks AI Bullet Improper Certificate Validation Authentication Bypass Vulnerability |
| ZDI-25-375 |
ZDI-CAN-25526 |
Trend Micro |
CVE-2025-49218 |
8.8 |
2025-06-11 |
2025-06-11 |
Trend Micro Endpoint Encryption ProcessWhereClause SQL Injection Privilege Escalation Vulnerability |
| ZDI-25-374 |
ZDI-CAN-25505 |
Trend Micro |
CVE-2025-49217 |
8.1 |
2025-06-11 |
2025-06-11 |
Trend Micro Endpoint Encryption ValidateToken Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-373 |
ZDI-CAN-25519 |
Trend Micro |
CVE-2025-49216 |
9.8 |
2025-06-11 |
2025-06-11 |
Trend Micro Endpoint Encryption DbAppDomain Authentication Bypass Vulnerability |
| ZDI-25-372 |
ZDI-CAN-25527 |
Trend Micro |
CVE-2025-49215 |
8.8 |
2025-06-11 |
2025-06-11 |
Trend Micro Endpoint Encryption GetGroupFilteredUsers SQL Injection Privilege Escalation Vulnerability |
| ZDI-25-371 |
ZDI-CAN-25518 |
Trend Micro |
CVE-2025-49212 |
8.8 |
2025-06-11 |
2025-06-11 |
Trend Micro Endpoint Encryption DeserializeFromBase64String Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-370 |
ZDI-CAN-25506 |
Trend Micro |
CVE-2025-49213 |
9.8 |
2025-06-11 |
2025-06-11 |
Trend Micro Endpoint Encryption PolicyServerWindowsService Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-369 |
ZDI-CAN-25507 |
Trend Micro |
CVE-2025-49212 |
9.8 |
2025-06-11 |
2025-06-11 |
Trend Micro Endpoint Encryption PolicyValueTableSerializationBinder Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-368 |
ZDI-CAN-25528 |
Trend Micro |
CVE-2025-49211 |
8.8 |
2025-06-11 |
2025-06-11 |
Trend Micro Endpoint Encryption BuildEnterpriseSearchString SQL Injection Privilege Escalation Vulnerability |
| ZDI-25-367 |
ZDI-CAN-25495 |
Trend Micro |
CVE-2025-49220 |
9.8 |
2025-06-11 |
2025-06-11 |
Trend Micro Apex Central ConvertFromJson Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-366 |
ZDI-CAN-25286 |
Trend Micro |
CVE-2025-49219 |
9.8 |
2025-06-11 |
2025-06-11 |
Trend Micro Apex Central GetReportDetailView Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-365 |
ZDI-CAN-25771 |
Trend Micro |
CVE-2025-49158 |
6.7 |
2025-06-11 |
2025-06-11 |
Trend Micro Apex One Security Agent ntrmv Uncontrolled Search Path Local Privilege Escalation Vulnerability |
| ZDI-25-364 |
ZDI-CAN-25273 |
Trend Micro |
CVE-2025-49157 |
7.8 |
2025-06-11 |
2025-06-11 |
Trend Micro Apex One Damage Cleanup Engine Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-363 |
ZDI-CAN-24973 |
Trend Micro |
CVE-2025-49156 |
7.0 |
2025-06-11 |
2025-06-11 |
Trend Micro Apex One Virus Scan Engine Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-362 |
ZDI-CAN-24571 |
Trend Micro |
CVE-2025-49155 |
8.8 |
2025-06-11 |
2025-06-11 |
Trend Micro Apex One Data Loss Prevention Uncontrolled Search Path Remote Code Execution Vulnerability |
| ZDI-25-361 |
ZDI-CAN-25574 |
Trend Micro |
CVE-2025-48443 |
6.7 |
2025-06-11 |
2025-06-11 |
Trend Micro Password Manager Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-360 |
ZDI-CAN-23056 |
Trend Micro |
CVE-2025-49487 |
6.8 |
2025-06-11 |
2025-06-11 |
Trend Micro Worry-Free Business Security Uncontrolled Search Path Element Arbitrary Code Execution Vulnerability |
| ZDI-25-359 |
ZDI-CAN-26586 |
Microsoft |
CVE-2025-47959 |
7.8 |
2025-06-10 |
2025-06-11 |
Microsoft Visual Studio initializeCommand Insufficient UI Warning Remote Code Execution Vulnerability |
| ZDI-25-358 |
ZDI-CAN-26285 |
Sony |
CVE-2025-5820 |
6.3 |
2025-06-11 |
2025-06-11 |
(Pwn2Own) Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass Vulnerability |
| ZDI-25-357 |
ZDI-CAN-26284 |
Sony |
CVE-2025-5476 |
6.3 |
2025-06-11 |
2025-06-11 |
(Pwn2Own) Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability |
| ZDI-25-356 |
ZDI-CAN-26290 |
Sony |
CVE-2025-5479 |
7.5 |
2025-06-11 |
2025-06-11 |
(Pwn2Own) Sony XAV-AX8500 Bluetooth AVCTP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-355 |
ZDI-CAN-26288 |
Sony |
CVE-2025-5478 |
8.8 |
2025-06-11 |
2025-06-11 |
(Pwn2Own) Sony XAV-AX8500 Bluetooth SDP Protocol Integer Overflow Remote Code Execution Vulnerability |
| ZDI-25-354 |
ZDI-CAN-26286 |
Sony |
CVE-2025-5477 |
7.5 |
2025-06-11 |
2025-06-11 |
(Pwn2Own) Sony XAV-AX8500 Bluetooth L2CAP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-353 |
ZDI-CAN-26283 |
Sony |
CVE-2025-5475 |
7.5 |
2025-06-11 |
2025-06-11 |
(Pwn2Own) Sony XAV-AX8500 Bluetooth Packet Handling Integer Overflow Remote Code Execution Vulnerability |
| ZDI-25-352 |
ZDI-CAN-26079 |
Pioneer |
CVE-2025-5832 |
6.8 |
2025-06-11 |
2025-06-11 |
Pioneer DMH-WT7600NEX Software Update Signing Insufficient Verification of Data Authenticity Vulnerability |
| ZDI-25-351 |
ZDI-CAN-26078 |
Pioneer |
CVE-2025-5834 |
4.4 |
2025-06-11 |
2025-06-11 |
Pioneer DMH-WT7600NEX Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability |
| ZDI-25-350 |
ZDI-CAN-26077 |
Pioneer |
CVE-2025-5833 |
4.6 |
2025-06-11 |
2025-06-11 |
Pioneer DMH-WT7600NEX Root Filesystem Insufficient Verification of Data Authenticity Vulnerability |
| ZDI-25-349 |
ZDI-CAN-26327 |
Autel |
CVE-2025-5830 |
8.8 |
2025-06-11 |
2025-06-11 |
(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial DLB_SlaveRegister Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-348 |
ZDI-CAN-26330 |
Autel |
CVE-2025-5829 |
6.8 |
2025-06-11 |
2025-06-11 |
(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial autocharge Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-347 |
ZDI-CAN-26328 |
Autel |
CVE-2025-5828 |
6.8 |
2025-06-11 |
2025-06-11 |
(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial wLength Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-346 |
ZDI-CAN-26369 |
Autel |
CVE-2025-5827 |
8.8 |
2025-06-11 |
2025-06-11 |
(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-345 |
ZDI-CAN-26368 |
Autel |
CVE-2025-5826 |
6.3 |
2025-06-11 |
2025-06-11 |
(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Misinterpretation of Input Vulnerability |
| ZDI-25-344 |
ZDI-CAN-26354 |
Autel |
CVE-2025-5825 |
7.5 |
2025-06-11 |
2025-06-11 |
(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial Firmware Downgrade Remote Code Execution Vulnerability |
| ZDI-25-343 |
ZDI-CAN-26353 |
Autel |
CVE-2025-5824 |
5.0 |
2025-06-11 |
2025-06-11 |
(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial Origin Validation Error Authentication Bypass Vulnerability |
| ZDI-25-342 |
ZDI-CAN-26352 |
Autel |
|
7.5 |
2025-06-11 |
2025-06-11 |
(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial PIN Missing Authentication Information Disclosure Vulnerability |
| ZDI-25-341 |
ZDI-CAN-26351 |
Autel |
CVE-2025-5823 |
4.9 |
2025-06-11 |
2025-06-11 |
(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial Serial Number Exposed Dangerous Method Information Disclosure Vulnerability |
| ZDI-25-340 |
ZDI-CAN-26325 |
Autel |
CVE-2025-5822 |
7.1 |
2025-06-11 |
2025-06-11 |
(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial Technician API Incorrect Authorization Privilege Escalation Vulnerability |
| ZDI-25-339 |
ZDI-CAN-25932 |
Jupyter |
CVE-2025-30167 |
7.3 |
2025-06-10 |
2025-06-10 |
JupyterLab Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
| ZDI-25-338 |
ZDI-CAN-26593 |
Adobe |
CVE-2025-43574 |
7.8 |
2025-06-10 |
2025-06-10 |
Adobe Acrobat Reader DC Collab Object Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-337 |
ZDI-CAN-26777 |
Adobe |
CVE-2025-47112 |
3.3 |
2025-06-10 |
2025-06-10 |
Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-336 |
ZDI-CAN-26590 |
Adobe |
CVE-2025-43573 |
7.8 |
2025-06-10 |
2025-06-10 |
Adobe Acrobat Reader DC Collab Object Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-335 |
ZDI-CAN-26342 |
Adobe |
CVE-2025-43575 |
7.8 |
2025-06-10 |
2025-06-10 |
Adobe Acrobat Reader DC Doc Object Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-334 |
ZDI-CAN-26776 |
Microsoft |
CVE-2025-30394 |
8.6 |
2025-06-10 |
2025-06-10 |
Microsoft Windows Remote Desktop Gateway Service Null Pointer Dereference Denial-of-Service Vulnerability |
| ZDI-25-333 |
ZDI-CAN-26487 |
Microsoft |
CVE-2025-32714 |
7.8 |
2025-06-10 |
2025-06-10 |
Microsoft Windows Installer Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
| ZDI-25-332 |
ZDI-CAN-26710 |
Microsoft |
CVE-2025-33075 |
7.8 |
2025-06-10 |
2025-06-10 |
Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-331 |
ZDI-CAN-26852 |
Autodesk |
CVE-2025-5036 |
7.8 |
2025-06-06 |
2025-06-06 |
Autodesk Revit RFA File Parsing Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-330 |
ZDI-CAN-26292 |
WOLFBOX |
CVE-2025-5751 |
4.6 |
2025-06-06 |
2025-06-06 |
(0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Authentication Bypass Vulnerability |
| ZDI-25-329 |
ZDI-CAN-26294 |
WOLFBOX |
CVE-2025-5750 |
8.8 |
2025-06-06 |
2025-06-06 |
(0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger tuya_svc_devos_activate_result_parse Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-328 |
ZDI-CAN-26295 |
WOLFBOX |
CVE-2025-5749 |
6.3 |
2025-06-06 |
2025-06-06 |
(0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger BLE Encryption Keys Uninitialized Variable Authentication Bypass Vulnerability |
| ZDI-25-327 |
ZDI-CAN-26349 |
WOLFBOX |
CVE-2025-5748 |
8.0 |
2025-06-06 |
2025-06-06 |
(0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger LAN OTA Exposed Dangerous Method Remote Code Execution Vulnerability |
| ZDI-25-326 |
ZDI-CAN-26501 |
WOLFBOX |
CVE-2025-5747 |
8.0 |
2025-06-06 |
2025-06-06 |
(0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability |
| ZDI-25-325 |
ZDI-CAN-25954 |
Hewlett Packard Enterprise |
CVE-2025-37099 |
9.8 |
2025-06-05 |
2025-06-05 |
Hewlett Packard Enterprise Insight Remote Support processAttachmentDataStream Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-324 |
ZDI-CAN-26168 |
Sante |
CVE-2025-5481 |
7.8 |
2025-06-03 |
2025-06-03 |
Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-323 |
ZDI-CAN-26767 |
Action1 |
CVE-2025-5480 |
7.8 |
2025-06-03 |
2025-06-06 |
Action1 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
| ZDI-25-322 |
ZDI-CAN-26962 |
2BrightSparks |
CVE-2025-5474 |
7.3 |
2025-06-03 |
2025-06-06 |
2BrightSparks SyncBackFree Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-321 |
ZDI-CAN-26752 |
GIMP |
CVE-2025-5473 |
7.8 |
2025-06-03 |
2025-06-06 |
GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability |
| ZDI-25-320 |
ZDI-CAN-26279 |
SolarWinds |
CVE-2025-26396 |
7.8 |
2025-06-02 |
2025-06-02 |
SolarWinds DameWare Mini Remote Control Service Incorrect Permissions Local Privilege Escalation Vulnerability |
| ZDI-25-319 |
ZDI-CAN-25316 |
Hewlett Packard Enterprise |
CVE-2025-37096 |
7.2 |
2025-06-02 |
2025-06-02 |
Hewlett Packard Enterprise StoreOnce VSA getServerCertificate Command Injection Remote Code Execution Vulnerability |
| ZDI-25-318 |
ZDI-CAN-25315 |
Hewlett Packard Enterprise |
CVE-2025-37095 |
4.9 |
2025-06-02 |
2025-06-02 |
Hewlett Packard Enterprise StoreOnce VSA getServerPayload Directory Traversal Information Disclosure Vulnerability |
| ZDI-25-317 |
ZDI-CAN-25314 |
Hewlett Packard Enterprise |
CVE-2025-37094 |
5.5 |
2025-06-02 |
2025-06-02 |
Hewlett Packard Enterprise StoreOnce VSA deletePackages Directory Traversal Arbitrary File Deletion Vulnerability |
| ZDI-25-316 |
ZDI-CAN-24985 |
Hewlett Packard Enterprise |
CVE-2025-37093 |
9.8 |
2025-06-02 |
2025-06-02 |
Hewlett Packard Enterprise StoreOnce VSA Authentication Bypass Vulnerability |
| ZDI-25-315 |
ZDI-CAN-24984 |
Hewlett Packard Enterprise |
CVE-2025-37092 |
7.2 |
2025-06-02 |
2025-06-02 |
Hewlett Packard Enterprise StoreOnce VSA queryHardwareReportLocally Command Injection Remote Code Execution Vulnerability |
| ZDI-25-314 |
ZDI-CAN-24983 |
Hewlett Packard Enterprise |
CVE-2025-37091 |
7.2 |
2025-06-02 |
2025-06-02 |
Hewlett Packard Enterprise StoreOnce VSA doExecute Command Injection Remote Code Execution Vulnerability |
| ZDI-25-313 |
ZDI-CAN-24982 |
Hewlett Packard Enterprise |
CVE-2025-37090 |
5.3 |
2025-06-02 |
2025-06-02 |
Hewlett Packard Enterprise StoreOnce VSA determineInclusionAndExtract Server-Side Request Forgery Vulnerability |
| ZDI-25-312 |
ZDI-CAN-24981 |
Hewlett Packard Enterprise |
CVE-2025-37089 |
7.2 |
2025-06-02 |
2025-06-02 |
Hewlett Packard Enterprise StoreOnce VSA setLocateBeaconOnHardware Command Injection Remote Code Execution Vulnerability |
| ZDI-25-311 |
ZDI-CAN-25865 |
Sonos |
CVE-2025-1051 |
8.8 |
2025-05-29 |
2025-05-29 |
(Pwn2Own) Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-310 |
ZDI-CAN-26505 |
Linux |
CVE-2025-22037 |
6.8 |
2025-05-29 |
2025-06-03 |
Linux Kernel ksmbd Session Setup Null Pointer Dereference Denial-of-Service Vulnerability |
| ZDI-25-309 |
ZDI-CAN-25779 |
Canon |
CVE-2025-2146 |
8.8 |
2025-05-28 |
2025-05-28 |
(Pwn2Own) Canon imageCLASS MF656Cdw sfpcmAuthenticateSecAdmin Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-308 |
ZDI-CAN-25684 |
Adobe |
CVE-2025-30310 |
7.8 |
2025-05-21 |
2025-05-21 |
Adobe Dreamweaver V8 Remote Code Execution Vulnerability |
| ZDI-25-307 |
ZDI-CAN-26711 |
Linux |
|
6.7 |
2025-05-21 |
2025-05-21 |
Linux Kernel OpenvSwitch Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-306 |
ZDI-CAN-23513 |
Docker |
CVE-2024-5652 |
7.8 |
2025-05-21 |
2025-05-21 |
Docker Desktop Helper Service Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-305 |
ZDI-CAN-24156 |
Apple |
CVE-2025-31219 |
8.8 |
2025-05-21 |
2025-05-21 |
Apple XNU kernel vm_map Race Condition Local Privilege Escalation Vulnerability |
| ZDI-25-304 |
ZDI-CAN-26603 |
Apple |
CVE-2025-31251 |
8.8 |
2025-05-21 |
2025-05-21 |
Apple macOS JPEG Image Decoding Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-303 |
ZDI-CAN-26148 |
Apple |
CVE-2025-24222 |
4.3 |
2025-05-21 |
2025-05-21 |
Apple Safari SandboxBroker ZIP File Processing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-302 |
ZDI-CAN-26650 |
Apple |
CVE-2025-31239 |
7.8 |
2025-05-21 |
2025-05-21 |
Apple macOS CoreMedia Framework Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-301 |
ZDI-CAN-26150 |
Apple |
CVE-2025-31238 |
8.8 |
2025-05-21 |
2025-05-21 |
Apple Safari Scrollbar Animation Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-300 |
ZDI-CAN-26714 |
Apple |
CVE-2025-31209 |
3.3 |
2025-05-21 |
2025-05-21 |
Apple macOS PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-299 |
ZDI-CAN-26783 |
Apple |
CVE-2025-31208 |
3.3 |
2025-05-21 |
2025-05-21 |
Apple macOS acv2 Codec Converter Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-298 |
ZDI-CAN-26826 |
Apple |
CVE-2025-31233 |
8.8 |
2025-05-21 |
2025-05-21 |
Apple macOS MP4 File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-297 |
ZDI-CAN-24936 |
Trend Micro |
CVE-2025-47867 |
7.5 |
2025-05-21 |
2025-05-21 |
Trend Micro Apex Central widget getBlock Local File Inclusion Remote Code Execution Vulnerability |
| ZDI-25-296 |
ZDI-CAN-25331 |
Trend Micro |
CVE-2025-47866 |
4.3 |
2025-05-21 |
2025-05-21 |
Trend Micro Apex Central modTMCM Unrestricted File Upload Vulnerability |
| ZDI-25-295 |
ZDI-CAN-24938 |
Trend Micro |
CVE-2025-47865 |
7.5 |
2025-05-21 |
2025-05-21 |
Trend Micro Apex Central widget getObjWGFServiceApiByApiName Local File Inclusion Remote Code Execution Vulnerability |
| ZDI-25-294 |
ZDI-CAN-26137 |
Microsoft |
CVE-2025-29975 |
7.8 |
2025-05-21 |
2025-05-21 |
Microsoft PC Manager MSPCManagerService Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-293 |
ZDI-CAN-26153 |
Microsoft |
CVE-2025-29837 |
6.1 |
2025-05-21 |
2025-05-21 |
Microsoft Windows Installer Service Link Following Information Disclosure Vulnerability |
| ZDI-25-292 |
ZDI-CAN-27202 |
Mozilla |
CVE-2025-4918 |
8.8 |
2025-05-21 |
2025-06-12 |
(Pwn2Own) Mozilla Firefox SpiderMonkey Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-291 |
ZDI-CAN-27172 |
Mozilla |
CVE-2025-4919 |
8.8 |
2025-05-21 |
2025-05-21 |
(Pwn2Own) Mozilla Firefox IonMonkey JIT Compiler Integer Overflow Remote Code Execution Vulnerability |
| ZDI-25-290 |
ZDI-CAN-25727 |
Rockwell Automation |
CVE-2025-3617 |
7.8 |
2025-05-13 |
2025-05-21 |
Rockwell Automation ThinManager ThinServer Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-289 |
ZDI-CAN-25872 |
Rockwell Automation |
CVE-2025-3618 |
7.5 |
2025-05-13 |
2025-05-13 |
Rockwell Automation ThinManager ThinServer Null Pointer Dereference Denial-of-Service Vulnerability |
| ZDI-25-288 |
ZDI-CAN-25181 |
Fortinet |
CVE-2025-25254 |
7.2 |
2025-05-13 |
2025-05-13 |
Fortinet FortiWeb cgi_httpcontentrouting_post Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-287 |
ZDI-CAN-25977 |
JetBrains |
CVE-2025-46618 |
5.4 |
2025-05-13 |
2025-05-13 |
JetBrains TeamCity Diagnostics Data Directory Cross-Site Scripting Vulnerability |
| ZDI-25-286 |
ZDI-CAN-26017 |
Dassault Systèmes |
CVE-2025-1883 |
7.8 |
2025-05-13 |
2025-05-13 |
Dassault Systèmes eDrawings Viewer OBJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-285 |
ZDI-CAN-26029 |
Dassault Systèmes |
CVE-2025-1884 |
7.8 |
2025-05-13 |
2025-05-13 |
Dassault Systèmes eDrawings Viewer SLDPRT File Parsing Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-284 |
ZDI-CAN-22063 |
MATE Desktop |
|
7.8 |
2025-05-02 |
2025-05-02 |
MATE Desktop Atril Document Viewer EPUB File Parsing Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-283 |
ZDI-CAN-22225 |
MATE Desktop |
|
7.8 |
2025-05-02 |
2025-05-02 |
MATE Desktop Atril Document Viewer CBT File Parsing Argument Injection Remote Code Execution Vulnerability |
| ZDI-25-282 |
ZDI-CAN-26502 |
Webmin |
CVE-2025-2774 |
8.8 |
2025-05-01 |
2025-05-01 |
Webmin CRLF Injection Privilege Escalation Vulnerability |
| ZDI-25-281 |
ZDI-CAN-25017 |
Cisco |
CVE-2025-20175 |
8.8 |
2025-05-01 |
2025-05-01 |
Cisco IOS XE SNMP SET cewProxyClass Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-280 |
ZDI-CAN-25024 |
Cisco |
CVE-2025-20170 |
6.5 |
2025-05-01 |
2025-05-01 |
Cisco IOS XE SNMP GET-NEXT ciscoFlashChipCode Unexpected Sign Extension Denial-of-Service Vulnerability |
| ZDI-25-279 |
ZDI-CAN-25022 |
Cisco |
CVE-2025-20173 |
8.8 |
2025-05-01 |
2025-05-01 |
Cisco IOS XE SNMP GET-NEXT cContextMappingBridgeDomainIdentifier Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-278 |
ZDI-CAN-25021 |
Cisco |
CVE-2025-20176 |
8.8 |
2025-05-01 |
2025-05-01 |
Cisco IOS XE SNMP GET-NEXT ctspIpSgtValue Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-277 |
ZDI-CAN-25020 |
Cisco |
CVE-2025-20175 |
8.8 |
2025-05-01 |
2025-05-01 |
Cisco IOS XE SNMP SET cewEventTime Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-276 |
ZDI-CAN-25019 |
Cisco |
CVE-2025-20174 |
7.5 |
2025-05-01 |
2025-05-01 |
Cisco IOS XE SNMP GET-NEXT cilmCurrentImageLevel Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-275 |
ZDI-CAN-25018 |
Cisco |
CVE-2025-20171 |
6.5 |
2025-05-01 |
2025-05-01 |
Cisco IOS XE SNMP GET-NEXT callHomeUserDefCmdName Unexpected Sign Extension Denial-of-Service Vulnerability |
| ZDI-25-274 |
ZDI-CAN-25575 |
Cisco |
CVE-2025-20172 |
4.3 |
2025-05-01 |
2025-05-01 |
Cisco IOS XE SNMP OID Handling Out-Of-Bounds Read Denial-of-Service Vulnerability |
| ZDI-25-273 |
ZDI-CAN-25023 |
Cisco |
CVE-2025-20172 |
4.3 |
2025-05-01 |
2025-05-01 |
Cisco IOS XE SNMP OID Handling Out-Of-Bounds Read Denial-of-Service Vulnerability |
| ZDI-25-272 |
ZDI-CAN-25576 |
Cisco |
CVE-2025-20172 |
4.3 |
2025-05-01 |
2025-05-01 |
Cisco IOS XE SNMP OID Handling Out-Of-Bounds Read Denial-of-Service Vulnerability |
| ZDI-25-271 |
ZDI-CAN-25577 |
Cisco |
CVE-2025-20172 |
4.3 |
2025-05-01 |
2025-05-01 |
Cisco IOS XE SNMP OID Handling Out-Of-Bounds Read Denial-of-Service Vulnerability |
| ZDI-25-270 |
ZDI-CAN-25030 |
Cisco |
CVE-2025-20169 |
6.5 |
2025-05-01 |
2025-05-01 |
Cisco IOS XE SNMP GET-NEXT ciscoFlashFileSize Unexpected Sign Extension Denial-of-Service Vulnerability |
| ZDI-25-269 |
ZDI-CAN-25663 |
Synology |
CVE-2024-10445 |
5.3 |
2025-05-01 |
2025-05-01 |
(Pwn2Own) Synology BeeStation BST150-4T Unnecessary Privileges Remote Code Execution Vulnerability |
| ZDI-25-268 |
ZDI-CAN-25448 |
GStreamer |
CVE-2025-2759 |
7.0 |
2025-04-30 |
2025-04-30 |
GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability |
| ZDI-25-267 |
ZDI-CAN-26596 |
GStreamer |
CVE-2025-3887 |
8.8 |
2025-04-30 |
2025-07-03 |
GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-266 |
ZDI-CAN-22235 |
Apache |
CVE-2025-29953 |
8.1 |
2025-04-30 |
2025-04-30 |
Apache ActiveMQ NMS Body Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-265 |
ZDI-CAN-23800 |
Tesla |
CVE-2025-2082 |
7.5 |
2025-04-30 |
2025-04-30 |
(Pwn2Own) Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerability |
| ZDI-25-264 |
ZDI-CAN-23201 |
Tesla |
CVE-2024-6032 |
7.8 |
2025-04-30 |
2025-04-30 |
(Pwn2Own) Tesla Model S Iris Modem ql_atfwd Command Injection Code Execution Vulnerability |
| ZDI-25-263 |
ZDI-CAN-23200 |
Tesla |
CVE-2024-6030 |
7.0 |
2025-04-30 |
2025-04-30 |
(Pwn2Own) Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerability |
| ZDI-25-262 |
ZDI-CAN-23199 |
Tesla |
CVE-2024-13943 |
7.8 |
2025-04-30 |
2025-04-30 |
(Pwn2Own) Tesla Model S Iris Modem QCMAP_ConnectionManager Improper Input Validation Sandbox Escape Vulnerability |
| ZDI-25-261 |
ZDI-CAN-23198 |
Tesla |
CVE-2024-6031 |
7.8 |
2025-04-30 |
2025-04-30 |
(Pwn2Own) Tesla Model S oFono AT Command Heap-based Buffer Overflow Code Execution Vulnerability |
| ZDI-25-260 |
ZDI-CAN-23197 |
Tesla |
CVE-2024-6029 |
5.0 |
2025-04-30 |
2025-04-30 |
(Pwn2Own) Tesla Model S Iris Modem Race Condition Firewall Bypass Vulnerability |
| ZDI-25-259 |
ZDI-CAN-23843 |
Adobe |
CVE-2024-34098 |
7.8 |
2025-04-30 |
2025-04-30 |
(Pwn2Own) Adobe Acrobat Reader DC Collab Command Injection Remote Code Execution Vulnerability |
| ZDI-25-258 |
ZDI-CAN-23553 |
Adobe |
CVE-2024-34099 |
7.8 |
2025-04-30 |
2025-04-30 |
(Pwn2Own) Adobe Acrobat Reader DC distributionURL JavaScript API Restrictions Bypass Vulnerability |
| ZDI-25-257 |
ZDI-CAN-23786 |
Oracle |
CVE-2024-21113 |
8.2 |
2025-04-30 |
2025-04-30 |
(Pwn2Own) Oracle VirtualBox OHCI USB Controller Race Condition Local Privilege Escalation Vulnerability |
| ZDI-25-256 |
ZDI-CAN-26610 |
Avast |
CVE-2025-3500 |
8.8 |
2025-04-24 |
2025-04-24 |
Avast Free Antivirus Integer Overflow Local Privilege Escalation Vulnerability |
| ZDI-25-255 |
ZDI-CAN-25730 |
Allegra |
CVE-2025-3486 |
7.2 |
2025-04-24 |
2025-04-24 |
Allegra isZipEntryValide Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-254 |
ZDI-CAN-26524 |
Allegra |
CVE-2025-3485 |
7.2 |
2025-04-24 |
2025-06-06 |
Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-253 |
ZDI-CAN-25726 |
SonicWALL |
CVE-2025-32817 |
6.1 |
2025-04-24 |
2025-05-21 |
SonicWALL Connect Tunnel Link Following Denial-of-Service Vulnerability |
| ZDI-25-252 |
ZDI-CAN-23275 |
Cato Networks |
|
7.8 |
2025-04-23 |
2025-04-24 |
(0Day) Cato Networks Cato Client for macOS Helper Service Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability |
| ZDI-25-251 |
ZDI-CAN-23942 |
Harman Becker |
CVE-2025-3885 |
5.3 |
2025-04-23 |
2025-04-23 |
(0Day) Harman Becker MGU21 Bluetooth Improper Input Validation Denial-of-Service Vulnerability |
| ZDI-25-250 |
ZDI-CAN-24332 |
Cloudera |
CVE-2025-3884 |
7.5 |
2025-04-23 |
2025-04-23 |
(0Day) Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability |
| ZDI-25-249 |
ZDI-CAN-23115 |
eCharge Hardy Barth |
CVE-2025-3883 |
8.8 |
2025-04-23 |
2025-04-23 |
(0Day) eCharge Hardy Barth cPH2 index.php Command Injection Remote Code Execution Vulnerability |
| ZDI-25-248 |
ZDI-CAN-23114 |
eCharge Hardy Barth |
CVE-2025-3882 |
8.8 |
2025-04-23 |
2025-04-23 |
(0Day) eCharge Hardy Barth cPH2 nwcheckexec.php dest Command Injection Remote Code Execution Vulnerability |
| ZDI-25-247 |
ZDI-CAN-23113 |
eCharge Hardy Barth |
CVE-2025-3881 |
8.8 |
2025-04-23 |
2025-04-23 |
(0Day) eCharge Hardy Barth cPH2 check_req.php ntp Command Injection Remote Code Execution Vulnerability |
| ZDI-25-246 |
ZDI-CAN-25842 |
MedDream |
CVE-2025-3480 |
5.3 |
2025-04-09 |
2025-04-22 |
MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure Vulnerability |
| ZDI-25-245 |
ZDI-CAN-25827 |
MedDream |
CVE-2025-3481 |
9.8 |
2025-04-09 |
2025-04-22 |
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-244 |
ZDI-CAN-25826 |
MedDream |
CVE-2025-3482 |
9.8 |
2025-04-09 |
2025-04-22 |
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-243 |
ZDI-CAN-25825 |
MedDream |
CVE-2025-3483 |
9.8 |
2025-04-09 |
2025-04-22 |
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-242 |
ZDI-CAN-25853 |
MedDream |
CVE-2025-3484 |
9.8 |
2025-04-09 |
2025-04-22 |
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-241 |
ZDI-CAN-25681 |
Trend Micro |
CVE-2025-30642 |
5.5 |
2025-04-09 |
2025-04-09 |
Trend Micro Deep Security Agent Link Following Denial-of-Service Vulnerability |
| ZDI-25-240 |
ZDI-CAN-24931 |
Trend Micro |
CVE-2025-30641 |
7.8 |
2025-04-09 |
2025-04-09 |
Trend Micro Deep Security Anti-Malware Solution Platform Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-239 |
ZDI-CAN-24930 |
Trend Micro |
CVE-2025-30640 |
7.8 |
2025-04-09 |
2025-04-09 |
Trend Micro Deep Security Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-238 |
ZDI-CAN-25524 |
Trend Micro |
CVE-2025-30680 |
7.1 |
2025-04-09 |
2025-04-09 |
Trend Micro Apex Central Query Server-Side Request Forgery Information Disclosure Vulnerability |
| ZDI-25-237 |
ZDI-CAN-24934 |
Trend Micro |
CVE-2025-30679 |
6.5 |
2025-04-09 |
2025-04-09 |
Trend Micro Apex Central modOSCE Server-Side Request Forgery Information Disclosure Vulnerability |
| ZDI-25-236 |
ZDI-CAN-24939 |
Trend Micro |
CVE-2025-30678 |
6.5 |
2025-04-09 |
2025-04-09 |
Trend Micro Apex Central modTMSM Server-Side Request Forgery Information Disclosure Vulnerability |
| ZDI-25-235 |
ZDI-CAN-25953 |
Ivanti |
CVE-2025-22461 |
7.2 |
2025-04-09 |
2025-04-09 |
Ivanti Endpoint Manager OpenRecordSet SQL Injection Remote Code Execution Vulnerability |
| ZDI-25-234 |
ZDI-CAN-25985 |
Microsoft |
CVE-2025-29812 |
8.8 |
2025-04-09 |
2025-04-09 |
Microsoft Windows dxkrnl Untrusted Pointer Dereference Local Privilege Escalation Vulnerability |
| ZDI-25-233 |
ZDI-CAN-24586 |
Luxion |
CVE-2025-1045 |
7.8 |
2025-04-09 |
2025-04-09 |
Luxion KeyShot Viewer KSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-232 |
ZDI-CAN-23694 |
Luxion |
CVE-2025-1047 |
7.8 |
2025-04-09 |
2025-04-09 |
Luxion KeyShot PVS File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability |
| ZDI-25-231 |
ZDI-CAN-23646 |
Luxion |
CVE-2025-1046 |
7.8 |
2025-04-09 |
2025-04-09 |
Luxion KeyShot SKP File Parsing Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-230 |
ZDI-CAN-25651 |
Samsung |
CVE-2024-49413 |
7.5 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Samsung Galaxy S24 Smart Switch Agent Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability |
| ZDI-25-229 |
ZDI-CAN-25650 |
Samsung |
CVE-2024-49421 |
5.9 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Samsung Galaxy S24 Quick Share Directory Traversal Arbitrary File Write Vulnerability |
| ZDI-25-228 |
ZDI-CAN-25649 |
Samsung |
|
5.3 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Samsung Galaxy S24 Quick Share Insufficient UI Warning Arbitrary File Write Vulnerability |
| ZDI-25-227 |
ZDI-CAN-25648 |
Samsung |
CVE-2024-49420 |
5.3 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Samsung Galaxy S24 Gaming Hub Exposed Dangerous Method Local Privilege Escalation Vulnerability |
| ZDI-25-226 |
ZDI-CAN-25581 |
Samsung |
CVE-2024-49419, CVE-2024-49418 |
5.4 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Samsung Galaxy S24 Gaming Hub Improper Input Validation Privilege Escalation Vulnerability |
| ZDI-25-225 |
ZDI-CAN-25606 |
Sonos |
CVE-2025-1050 |
8.8 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-224 |
ZDI-CAN-25601 |
Sonos |
CVE-2025-1049 |
8.8 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-223 |
ZDI-CAN-25535 |
Sonos |
CVE-2025-1048 |
8.8 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Sonos Era 300 Speaker libsmb2 Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-222 |
ZDI-CAN-25674 |
Lexmark |
CVE-2024-11346 |
4.3 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Lexmark CX331adwe concatstrings Type Confusion Information Disclosure Vulnerability |
| ZDI-25-221 |
ZDI-CAN-25849 |
Lexmark |
|
7.0 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Lexmark CX331adwe httpd extract-trace Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-220 |
ZDI-CAN-25848 |
Lexmark |
|
6.3 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Lexmark CX331adwe basic_auth.cgi PATH_TRANSLATED Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-219 |
ZDI-CAN-25676 |
Lexmark |
CVE-2024-11347 |
8.8 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Lexmark CX331adwe JBIG2 File Parsing new_image Integer Overflow Remote Code Execution Vulnerability |
| ZDI-25-218 |
ZDI-CAN-25621 |
Lexmark |
CVE-2024-11345 |
8.8 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Lexmark CX331adwe JPEG2000 Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-217 |
ZDI-CAN-25539 |
Lexmark |
CVE-2024-11344 |
8.8 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Lexmark CX331adwe loadCFFdata Type Confusion Remote Code Execution Vulnerability |
| ZDI-25-216 |
ZDI-CAN-25538 |
Synology |
CVE-2024-11131 |
8.8 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Synology TC500 ONVIF Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-215 |
ZDI-CAN-25487 |
Synology |
CVE-2024-10444 |
7.5 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Synology DiskStation DS1823xs+ LDAP Client Improper Certificate Validation Authentication Bypass Vulnerability |
| ZDI-25-214 |
ZDI-CAN-25403 |
Synology |
CVE-2024-10441 |
8.8 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Synology DiskStation DS1823xs+ Vue.JS Improper Neutralization of Argument Delimiters Remote Code Execution Vulnerability |
| ZDI-25-213 |
ZDI-CAN-25659 |
Synology |
CVE-2024-50631 |
6.4 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Synology BeeStation BST150-4T SQL Injection Remote Code Execution Vulnerability |
| ZDI-25-212 |
ZDI-CAN-25658 |
Synology |
CVE-2024-50630 |
7.5 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Synology BeeStation BST150-4T Improper Authentication Vulnerability |
| ZDI-25-211 |
ZDI-CAN-25613 |
Synology |
CVE-2024-50629 |
6.5 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Synology BeeStation BST150-4T CRLF Injection Information Disclosure Vulnerability |
| ZDI-25-210 |
ZDI-CAN-25662 |
Synology |
CVE-2024-10445 |
7.5 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Synology BeeStation BST150-4T Improper Input Validation Remote Code Execution Vulnerability |
| ZDI-25-209 |
ZDI-CAN-25617 |
Synology |
CVE-2024-10445 |
4.3 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Synology BeeStation BST150-4T Cleartext Transmission of Sensitive Information Vulnerability |
| ZDI-25-208 |
ZDI-CAN-25607 |
Synology |
CVE-2024-10442 |
7.5 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Synology DiskStation DS1823xs+ Replication Service Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-207 |
ZDI-CAN-25623 |
Synology |
CVE-2024-10443 |
8.8 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Synology BeeStation BST150-4T Command Injection Remote Code Execution Vulnerability |
| ZDI-25-206 |
ZDI-CAN-25427 |
Amazon |
|
9.8 |
2025-04-07 |
2025-04-07 |
Amazon AWS CloudFormation Templates Uncontrolled Search Path Element Remote Code Execution Vulnerability |
| ZDI-25-205 |
ZDI-CAN-25426 |
Amazon |
|
9.8 |
2025-04-07 |
2025-04-07 |
Amazon AWS CloudFormation Templates Uncontrolled Search Path Element Remote Code Execution Vulnerability |
| ZDI-25-204 |
ZDI-CAN-25100 |
GIMP |
CVE-2025-2761 |
7.8 |
2025-04-07 |
2025-04-07 |
GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-203 |
ZDI-CAN-25082 |
GIMP |
CVE-2025-2760 |
7.8 |
2025-04-07 |
2025-04-07 |
GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability |
| ZDI-25-202 |
ZDI-CAN-25559 |
Fortinet |
CVE-2024-55597 |
5.5 |
2025-04-07 |
2025-04-07 |
Fortinet FortiWeb cgi_xmlprotection_xmlschemafile_post Directory Traversal Arbitrary File Write Vulnerability |
| ZDI-25-201 |
ZDI-CAN-25572 |
Trend Micro |
CVE-2025-27529 |
4.4 |
2025-04-07 |
2025-04-07 |
Trend Micro Cleaner One Pro Link Following Denial-of-Service Vulnerability |
| ZDI-25-200 |
ZDI-CAN-26250 |
Exim |
CVE-2025-30232 |
7.8 |
2025-04-07 |
2025-04-07 |
Exim Use-After-Free Local Privilege Escalation Vulnerability |
| ZDI-25-199 |
ZDI-CAN-25970 |
Autodesk |
CVE-2025-1660 |
7.8 |
2025-04-03 |
2025-04-03 |
Autodesk Navisworks Freedom DWFX File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-198 |
ZDI-CAN-25968 |
Autodesk |
CVE-2025-1659 |
7.8 |
2025-04-03 |
2025-04-03 |
Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-197 |
ZDI-CAN-25971 |
Autodesk |
CVE-2025-1658 |
7.8 |
2025-04-03 |
2025-04-03 |
Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-196 |
ZDI-CAN-25736 |
Apple |
CVE-2025-24185 |
7.8 |
2025-04-01 |
2025-04-01 |
Apple macOS ICC Profile Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-195 |
ZDI-CAN-25812 |
Apple |
CVE-2025-24210 |
4.3 |
2025-04-01 |
2025-04-01 |
Apple macOS CoreGraphics Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-194 |
ZDI-CAN-26063 |
Apple |
CVE-2025-24256 |
6.4 |
2025-04-01 |
2025-04-01 |
Apple macOS AppleIntelKBLGraphics Time-Of-Check Time-Of-Use Information Disclosure Vulnerability |
| ZDI-25-193 |
ZDI-CAN-26154 |
Apple |
CVE-2025-24182 |
3.3 |
2025-04-01 |
2025-04-01 |
Apple macOS CoreText Font Glyphs Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-192 |
ZDI-CAN-26494 |
Apple |
CVE-2025-24190 |
8.8 |
2025-04-01 |
2025-04-01 |
Apple macOS MP4 File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-191 |
ZDI-CAN-26497 |
Apple |
CVE-2025-24211 |
8.8 |
2025-04-01 |
2025-04-01 |
Apple macOS MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-190 |
ZDI-CAN-26495 |
Apple |
CVE-2025-24230 |
4.3 |
2025-04-01 |
2025-04-01 |
Apple macOS MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-189 |
ZDI-CAN-26248 |
Apple |
CVE-2025-24243 |
7.8 |
2025-04-01 |
2025-04-01 |
Apple macOS AudioToolbox AMR File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-188 |
ZDI-CAN-26247 |
Apple |
CVE-2025-24244 |
3.3 |
2025-04-01 |
2025-04-01 |
Apple macOS AudioToolboxCore WAV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-187 |
ZDI-CAN-25903 |
BEC Technologies |
CVE-2025-2773 |
7.2 |
2025-03-25 |
2025-03-25 |
(0Day) BEC Technologies Multiple Routers sys ping Command Injection Remote Code Execution Vulnerability |
| ZDI-25-186 |
ZDI-CAN-25986 |
BEC Technologies |
CVE-2025-2770 |
4.9 |
2025-03-25 |
2025-03-25 |
(0Day) BEC Technologies Multiple Routers Cleartext Password Storage Information Disclosure Vulnerability |
| ZDI-25-185 |
ZDI-CAN-25895 |
BEC Technologies |
CVE-2025-2772 |
5.3 |
2025-03-25 |
2025-03-25 |
(0Day) BEC Technologies Multiple Routers Insufficiently Protected Credentials Information Disclosure Vulnerability |
| ZDI-25-184 |
ZDI-CAN-25894 |
BEC Technologies |
CVE-2025-2771 |
5.3 |
2025-03-25 |
2025-03-25 |
(0Day) BEC Technologies Multiple Routers Authentication Bypass Vulnerability |
| ZDI-25-183 |
ZDI-CAN-25295 |
Bdrive |
CVE-2025-2769 |
7.8 |
2025-03-25 |
2025-03-25 |
(0Day) Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
| ZDI-25-182 |
ZDI-CAN-25041 |
Bdrive |
CVE-2025-2768 |
7.8 |
2025-03-25 |
2025-03-25 |
(0Day) Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
| ZDI-25-181 |
ZDI-CAN-24407 |
Arista |
CVE-2025-2767 |
8.8 |
2025-03-25 |
2025-03-25 |
(0Day) Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability |
| ZDI-25-180 |
ZDI-CAN-24996 |
70mai |
CVE-2025-2766 |
8.8 |
2025-03-25 |
2025-03-25 |
(0Day) 70mai A510 Use of Default Password Authentication Bypass Vulnerability |
| ZDI-25-179 |
ZDI-CAN-24356 |
CarlinKit |
CVE-2025-2763 |
6.8 |
2025-03-25 |
2025-03-25 |
(0Day) CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability |
| ZDI-25-178 |
ZDI-CAN-24355 |
CarlinKit |
CVE-2025-2764 |
8.0 |
2025-03-25 |
2025-03-25 |
(0Day) CarlinKit CPC200-CCPA update.cgi Improper Verification of Cryptographic Signature Code Execution Vulnerability |
| ZDI-25-177 |
ZDI-CAN-24349 |
CarlinKit |
CVE-2025-2765 |
7.6 |
2025-03-25 |
2025-03-25 |
(0Day) CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authentication Bypass Vulnerability |
| ZDI-25-176 |
ZDI-CAN-25948 |
CarlinKit |
CVE-2025-2762 |
7.8 |
2025-03-25 |
2025-03-25 |
(0Day) CarlinKit CPC200-CCPA Missing Root of Trust Local Privilege Escalation Vulnerability |
| ZDI-25-175 |
ZDI-CAN-23709 |
Luxion |
CVE-2025-2532 |
7.8 |
2025-03-20 |
2025-03-20 |
(0Day) Luxion KeyShot USDC File Parsing Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-174 |
ZDI-CAN-23704 |
Luxion |
CVE-2025-2531 |
7.8 |
2025-03-20 |
2025-03-20 |
(0Day) Luxion KeyShot DAE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-173 |
ZDI-CAN-23698 |
Luxion |
CVE-2025-2530 |
7.8 |
2025-03-20 |
2025-03-20 |
(0Day) Luxion KeyShot DAE File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability |
| ZDI-25-172 |
ZDI-CAN-25319 |
Apple |
CVE-2025-24124 |
8.8 |
2025-03-18 |
2025-03-18 |
Apple macOS MOV File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-171 |
ZDI-CAN-25242 |
Apple |
CVE-2024-54500 |
3.3 |
2025-03-18 |
2025-03-18 |
Apple macOS ImageIO Pixel Conversion Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-170 |
ZDI-CAN-25546 |
Apple |
CVE-2024-54501 |
3.3 |
2025-03-18 |
2025-03-18 |
Apple macOS WindowServer Denial-of-Service Vulnerability |
| ZDI-25-169 |
ZDI-CAN-25201 |
Apple |
CVE-2024-54497 |
4.3 |
2025-03-18 |
2025-03-18 |
Apple macOS WindowServer Unchecked Input for Loop Condition Denial-of-Service Vulnerability |
| ZDI-25-168 |
ZDI-CAN-25370 |
Apple |
CVE-2025-24123 |
8.8 |
2025-03-18 |
2025-03-18 |
Apple macOS MOV File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-167 |
ZDI-CAN-25735 |
Apple |
CVE-2025-24139 |
3.3 |
2025-03-18 |
2025-03-18 |
Apple macOS ICC Profile Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-166 |
ZDI-CAN-25338 |
Apple |
CVE-2024-54486 |
3.3 |
2025-03-18 |
2025-03-18 |
Apple macOS libFontParser Glyph Mapping Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-165 |
ZDI-CAN-25661 |
Apple |
CVE-2024-54499 |
3.3 |
2025-03-18 |
2025-03-18 |
Apple macOS ImageIO JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-164 |
ZDI-CAN-25808 |
Apple |
CVE-2025-24149 |
3.3 |
2025-03-18 |
2025-03-18 |
Apple SceneKit Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-163 |
ZDI-CAN-26554 |
Autodesk |
CVE-2025-1652 |
7.8 |
2025-03-18 |
2025-03-18 |
Autodesk AutoCAD MODEL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-162 |
ZDI-CAN-25695 |
Autodesk |
CVE-2025-1427 |
7.8 |
2025-03-18 |
2025-03-18 |
Autodesk AutoCAD CATProduct File Parsing Uninitialized Variable Remote Code Execution Vulnerability |
| ZDI-25-161 |
ZDI-CAN-25767 |
Autodesk |
CVE-2025-1428 |
7.8 |
2025-03-18 |
2025-03-18 |
Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-160 |
ZDI-CAN-25784 |
Autodesk |
CVE-2025-1429 |
7.8 |
2025-03-18 |
2025-03-18 |
Autodesk AutoCAD MODEL File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-159 |
ZDI-CAN-25811 |
Autodesk |
CVE-2025-1649 |
7.8 |
2025-03-18 |
2025-03-18 |
Autodesk AutoCAD CATPRODUCT File Parsing Uninitialized Variable Remote Code Execution Vulnerability |
| ZDI-25-158 |
ZDI-CAN-25951 |
Autodesk |
CVE-2025-1650 |
7.8 |
2025-03-18 |
2025-03-18 |
Autodesk AutoCAD CATProduct File Parsing Uninitialized Variable Remote Code Execution Vulnerability |
| ZDI-25-157 |
ZDI-CAN-25952 |
Autodesk |
CVE-2025-1651 |
7.8 |
2025-03-18 |
2025-03-18 |
Autodesk AutoCAD MODEL File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-156 |
ZDI-CAN-25989 |
Autodesk |
CVE-2025-1430 |
7.8 |
2025-03-18 |
2025-03-18 |
Autodesk AutoCAD SLDPRT File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-155 |
ZDI-CAN-26521 |
Autodesk |
CVE-2025-1433 |
7.8 |
2025-03-18 |
2025-03-18 |
Autodesk AutoCAD MODEL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-154 |
ZDI-CAN-26135 |
Autodesk |
CVE-2025-1432 |
7.8 |
2025-03-18 |
2025-03-18 |
Autodesk AutoCAD 3DM File Parsing Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-153 |
ZDI-CAN-25997 |
Autodesk |
CVE-2025-1431 |
7.8 |
2025-03-18 |
2025-03-18 |
Autodesk AutoCAD SLDPRT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-152 |
ZDI-CAN-25481 |
Rockwell Automation |
CVE-2024-12130 |
7.8 |
2025-03-18 |
2025-03-18 |
Rockwell Automation Arena Simulation DOE File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-151 |
ZDI-CAN-25708 |
Progress Software |
CVE-2025-1758 |
9.8 |
2025-03-18 |
2025-03-18 |
Progress Software Kemp LoadMaster mangle Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-150 |
ZDI-CAN-26371 |
Microsoft |
CVE-2025-26633 |
7.0 |
2025-03-18 |
2025-03-18 |
Microsoft Windows MSC File Insufficient UI Warning Remote Code Execution Vulnerability |
| ZDI-25-149 |
ZDI-CAN-26251 |
Adobe |
CVE-2025-271561 |
7.8 |
2025-03-18 |
2025-03-18 |
Adobe Acrobat Reader DC AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-148 |
ZDI-CAN-25373 |
Microsoft |
|
7.0 |
2025-03-18 |
2025-03-18 |
(0Day) Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability |
| ZDI-25-147 |
ZDI-CAN-22833 |
NI |
CVE-2025-2450 |
7.8 |
2025-03-17 |
2025-03-17 |
(0Day) NI Vision Builder AI VBAI File Processing Missing Warning Remote Code Execution Vulnerability |
| ZDI-25-146 |
ZDI-CAN-21805 |
NI |
CVE-2025-2449 |
7.8 |
2025-03-17 |
2025-03-17 |
(0Day) NI FlexLogger usiReg URI File Parsing Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-145 |
ZDI-CAN-25794 |
NVIDIA |
CVE-2025-23242 |
7.3 |
2025-03-13 |
2025-03-13 |
NVIDIA Riva Triton Inference Server Missing Authentication Vulnerability |
| ZDI-25-144 |
ZDI-CAN-25682 |
NVIDIA |
CVE-2025-23243 |
6.5 |
2025-03-13 |
2025-03-13 |
NVIDIA Riva gRPC API Missing Authentication for Critical Function Authentication Bypass Vulnerability |
| ZDI-25-143 |
ZDI-CAN-25544 |
X.Org |
CVE-2025-26594 |
7.8 |
2025-03-13 |
2025-03-13 |
X.Org Server ChangeWindowAttributes Use-After-Free Privilege Escalation Vulnerability |
| ZDI-25-142 |
ZDI-CAN-25545 |
X.Org |
CVE-2025-26595 |
7.8 |
2025-03-13 |
2025-03-13 |
X.Org Server XkbVModMaskText Stack-based Buffer Overflow Privilege Escalation Vulnerability |
| ZDI-25-141 |
ZDI-CAN-25543 |
X.Org |
CVE-2025-26596 |
7.8 |
2025-03-13 |
2025-03-13 |
X.Org Server XkbSizeKeySyms Heap-based Buffer Overflow Privilege Escalation Vulnerability |
| ZDI-25-140 |
ZDI-CAN-25683 |
X.Org |
CVE-2025-26597 |
7.8 |
2025-03-13 |
2025-03-13 |
X.Org Server XkbChangeTypesOfKey Heap-based Buffer Overflow Privilege Escalation Vulnerability |
| ZDI-25-139 |
ZDI-CAN-25740 |
X.Org |
CVE-2025-26598 |
7.8 |
2025-03-13 |
2025-03-13 |
X.Org Server CreatePointerBarrierClient Out-Of-Bounds Write Local Privilege Escalation Vulnerability |
| ZDI-25-138 |
ZDI-CAN-25851 |
X.Org |
CVE-2025-26599 |
7.8 |
2025-03-13 |
2025-03-13 |
X.Org Server compRedirectWindow Type Confusion Local Privilege Escalation Vulnerability |
| ZDI-25-137 |
ZDI-CAN-25871 |
X.Org |
CVE-2025-26600 |
7.8 |
2025-03-13 |
2025-03-13 |
X.Org Server PlayReleasedEvents Use-After-Free Local Privilege Escalation Vulnerability |
| ZDI-25-136 |
ZDI-CAN-25870 |
X.Org |
CVE-2025-26601 |
7.8 |
2025-03-13 |
2025-03-13 |
X.Org Server SyncInitTrigger Use-After-Free Local Privilege Escalation Vulnerability |
| ZDI-25-135 |
ZDI-CAN-26232 |
Adobe |
CVE-2025-27162 |
7.8 |
2025-03-13 |
2025-03-13 |
Adobe Acrobat Reader DC AcroForm Use of Uninitialized Variable Remote Code Execution Vulnerability |
| ZDI-25-134 |
ZDI-CAN-25734 |
Adobe |
CVE-2025-24431 |
7.8 |
2025-03-13 |
2025-03-13 |
Adobe Acrobat Reader DC Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-133 |
ZDI-CAN-26231 |
Adobe |
CVE-2025-27174 |
7.8 |
2025-03-13 |
2025-03-13 |
Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-132 |
ZDI-CAN-26147 |
Adobe |
CVE-2025-27159 |
7.8 |
2025-03-13 |
2025-03-13 |
Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-131 |
ZDI-CAN-26169 |
Adobe |
CVE-2025-27160 |
7.8 |
2025-03-13 |
2025-03-13 |
Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-130 |
ZDI-CAN-25443 |
Siemens |
CVE-2025-25175 |
7.8 |
2025-03-13 |
2025-03-13 |
Siemens Simcenter Femap NEU File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-129 |
ZDI-CAN-25473 |
PDF-XChange |
CVE-2025-2231 |
7.8 |
2025-03-12 |
2025-03-12 |
PDF-XChange Editor RTF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-128 |
ZDI-CAN-21907 |
NI |
CVE-2024-12742 |
7.8 |
2025-03-11 |
2025-03-11 |
NI G Web Development GWEBPROJECT File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-127 |
ZDI-CAN-25615 |
Samsung |
CVE-2025-2233 |
8.8 |
2025-03-11 |
2025-04-16 |
(0Day) (Pwn2Own) Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability |
| ZDI-25-126 |
ZDI-CAN-25276 |
Ashlar-Vellum |
CVE-2025-2022 |
7.8 |
2025-03-10 |
2025-03-10 |
(0Day) Ashlar-Vellum Cobalt VS File Parsing Type Confusion Remote Code Execution Vulnerability |
| ZDI-25-125 |
ZDI-CAN-25264 |
Ashlar-Vellum |
CVE-2025-2021 |
7.8 |
2025-03-10 |
2025-03-10 |
(0Day) Ashlar-Vellum Cobalt XE File Parsing Integer Overflow Remote Code Execution Vulnerability |
| ZDI-25-124 |
ZDI-CAN-25254 |
Ashlar-Vellum |
CVE-2025-2020 |
7.8 |
2025-03-10 |
2025-03-10 |
(0Day) Ashlar-Vellum Cobalt VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-123 |
ZDI-CAN-25252 |
Ashlar-Vellum |
CVE-2025-2019 |
7.8 |
2025-03-10 |
2025-03-10 |
(0Day) Ashlar-Vellum Cobalt VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-122 |
ZDI-CAN-25348 |
Ashlar-Vellum |
CVE-2025-2023 |
7.8 |
2025-03-10 |
2025-03-10 |
(0Day) Ashlar-Vellum Cobalt LI File Parsing Integer Overflow Remote Code Execution Vulnerability |
| ZDI-25-121 |
ZDI-CAN-25240 |
Ashlar-Vellum |
CVE-2025-2017 |
7.8 |
2025-03-10 |
2025-03-10 |
(0Day) Ashlar-Vellum Cobalt CO File Parsing Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-120 |
ZDI-CAN-25186 |
Ashlar-Vellum |
CVE-2025-2013 |
7.8 |
2025-03-10 |
2025-03-10 |
(0Day) Ashlar-Vellum Cobalt CO File Parsing Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-119 |
ZDI-CAN-25185 |
Ashlar-Vellum |
CVE-2025-2012 |
7.8 |
2025-03-10 |
2025-03-10 |
(0Day) Ashlar-Vellum Cobalt VS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-118 |
ZDI-CAN-25245 |
Ashlar-Vellum |
CVE-2025-2018 |
7.8 |
2025-03-10 |
2025-03-10 |
(0Day) Ashlar-Vellum Cobalt VS File Parsing Type Confusion Remote Code Execution Vulnerability |
| ZDI-25-117 |
ZDI-CAN-25238 |
Ashlar-Vellum |
CVE-2025-2016 |
7.8 |
2025-03-10 |
2025-03-10 |
(0Day) Ashlar-Vellum Cobalt VC6 File Parsing Type Confusion Remote Code Execution Vulnerability |
| ZDI-25-116 |
ZDI-CAN-25236 |
Ashlar-Vellum |
CVE-2025-2015 |
7.8 |
2025-03-10 |
2025-03-10 |
(0Day) Ashlar-Vellum Cobalt VS File Parsing Type Confusion Remote Code Execution Vulnerability |
| ZDI-25-115 |
ZDI-CAN-25235 |
Ashlar-Vellum |
CVE-2025-2014 |
7.8 |
2025-03-10 |
2025-03-10 |
(0Day) Ashlar-Vellum Cobalt VS File Parsing Use of Uninitialized Variable Remote Code Execution Vulnerability |
| ZDI-25-114 |
ZDI-CAN-25312 |
Ivanti |
CVE-2024-13171 |
7.8 |
2025-03-10 |
2025-03-10 |
Ivanti Endpoint Manager Patch Unrestricted File Upload Remote Code Execution Vulnerability |
| ZDI-25-113 |
ZDI-CAN-25882 |
Autodesk |
CVE-2024-12198 |
7.8 |
2025-03-10 |
2025-03-10 |
Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-112 |
ZDI-CAN-25869 |
Autodesk |
CVE-2024-12193 |
7.8 |
2025-03-10 |
2025-03-10 |
Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-111 |
ZDI-CAN-25210 |
Trimble |
CVE-2025-2024 |
7.8 |
2025-03-06 |
2025-03-06 |
Trimble SketchUp SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability |
| ZDI-25-110 |
ZDI-CAN-25013 |
SEW-EURODRIVE |
|
7.8 |
2025-03-05 |
2025-03-05 |
SEW-EURODRIVE MOVITOOLS MotionStudio mticomp0 ICP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-109 |
ZDI-CAN-24001 |
Apache |
CVE-2024-56325 |
9.8 |
2025-03-03 |
2025-03-03 |
Apache Pinot Improper Neutralization of Special Elements Authentication Bypass Vulnerability |
| ZDI-25-108 |
ZDI-CAN-26611 |
HP |
CVE-2025-26507 |
7.8 |
2025-03-03 |
2025-03-03 |
(Pwn2Own) HP LaserJet Pro MFP 3301fdw suidexec Command Injection Local Privilege Escalation Vulnerability |
| ZDI-25-107 |
ZDI-CAN-25594 |
HP |
CVE-2025-26506 |
8.8 |
2025-03-03 |
2025-03-03 |
(Pwn2Own) HP LaserJet Pro MFP 3301fdw PostScript File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-106 |
ZDI-CAN-25533 |
HP |
CVE-2025-26508 |
8.8 |
2025-03-03 |
2025-03-03 |
(Pwn2Own) HP LaserJet Pro MFP 3301fdw PostScript File Parsing Type Confusion Remote Code Execution Vulnerability |
| ZDI-25-105 |
ZDI-CAN-21908 |
NI |
CVE-2024-12741 |
7.8 |
2025-03-03 |
2025-03-03 |
NI DAQExpress LVPROJECT File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-104 |
ZDI-CAN-25334 |
SolarWinds |
CVE-2024-52606 |
7.1 |
2025-03-03 |
2025-03-03 |
SolarWinds Platform TestWebsiteUrl Server-Side Request Forgery Information Disclosure Vulnerability |
| ZDI-25-103 |
ZDI-CAN-25031 |
Delta Electronics |
|
7.8 |
2025-03-03 |
2025-03-03 |
(0Day) Delta Electronics ISPSoft CBDGL File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-102 |
ZDI-CAN-25225 |
Delta Electronics |
|
7.8 |
2025-03-03 |
2025-03-03 |
(0Day) Delta Electronics ISPSoft DVP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-101 |
ZDI-CAN-25284 |
Delta Electronics |
|
7.8 |
2025-03-03 |
2025-03-03 |
(0Day) Delta Electronics ISPSoft DVP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-100 |
ZDI-CAN-25737 |
Linux |
|
9.0 |
2025-02-27 |
2025-02-27 |
Linux Kernel ksmbd Session Setup Race Condition Remote Code Execution Vulnerability |
| ZDI-25-099 |
ZDI-CAN-25350 |
PostHog |
CVE-2025-1520 |
7.1 |
2025-02-25 |
2025-02-25 |
PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability |
| ZDI-25-098 |
ZDI-CAN-25300 |
Delta Electronics |
CVE-2025-22880 |
7.8 |
2025-02-25 |
2025-02-25 |
Delta Electronics CNCSoft-G2 DPAX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-097 |
ZDI-CAN-25358 |
PostHog |
CVE-2025-1522 |
7.1 |
2025-02-25 |
2025-02-25 |
PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability |
| ZDI-25-096 |
ZDI-CAN-25352 |
PostHog |
CVE-2025-1521 |
7.1 |
2025-02-25 |
2025-02-25 |
PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability |
| ZDI-25-095 |
ZDI-CAN-25180 |
Fortinet |
CVE-2024-50569 |
6.6 |
2025-02-24 |
2025-02-24 |
Fortinet FortiWeb gui_upload_compress_act Command Injection Remote Code Execution Vulnerability |
| ZDI-25-094 |
ZDI-CAN-25182 |
Fortinet |
CVE-2024-50567 |
7.2 |
2025-02-24 |
2025-02-24 |
Fortinet FortiWeb cgi_grpc_idl_file_post Command Injection Remote Code Execution Vulnerability |
| ZDI-25-093 |
ZDI-CAN-26551 |
Apple |
CVE-2024-27834 |
5.0 |
2025-02-24 |
2025-02-24 |
(Pwn2Own) Apple Safari Pointer Authentication Code Bypass Vulnerability |
| ZDI-25-092 |
ZDI-CAN-23795 |
Apple |
CVE-2024-27833 |
5.4 |
2025-02-24 |
2025-02-24 |
(Pwn2Own) Apple Safari B3 JIT Compiler Integer Underflow Remote Code Execution Vulnerability |
| ZDI-25-091 |
ZDI-CAN-25761 |
Microsoft |
CVE-2025-21373 |
7.8 |
2025-02-24 |
2025-02-24 |
Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-090 |
ZDI-CAN-25393 |
Microsoft |
CVE-2025-21404 |
7.5 |
2025-02-24 |
2025-02-24 |
Microsoft Edge UI Misrepresentation Remote Code Execution Vulnerability |
| ZDI-25-089 |
ZDI-CAN-24785 |
mySCADA |
CVE-2025-20014 |
9.8 |
2025-02-19 |
2025-02-19 |
mySCADA myPRO Command Injection Remote Code Execution Vulnerability |
| ZDI-25-088 |
ZDI-CAN-24784 |
mySCADA |
CVE-2025-20061 |
9.8 |
2025-02-19 |
2025-02-19 |
mySCADA myPRO Command Injection Remote Code Execution Vulnerability |
| ZDI-25-087 |
ZDI-CAN-26525 |
NVIDIA |
CVE-2025-23359 |
9.0 |
2025-02-19 |
2025-02-19 |
NVIDIA Container Toolkit mount_files Time-Of-Check Time-Of-Use Race Condition Privilege Escalation Vulnerability |
| ZDI-25-086 |
ZDI-CAN-25368 |
PDF-XChange |
CVE-2025-0900 |
3.3 |
2025-02-11 |
2025-02-11 |
PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-085 |
ZDI-CAN-25336 |
Logsign |
CVE-2025-1044 |
9.8 |
2025-02-05 |
2025-02-05 |
Logsign Unified SecOps Platform Authentication Bypass Vulnerability |
| ZDI-25-084 |
ZDI-CAN-23382 |
Mintty |
CVE-2025-1052 |
8.8 |
2025-02-05 |
2025-02-05 |
Mintty Sixel Image Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-083 |
ZDI-CAN-24690 |
Microsoft |
|
7.5 |
2025-02-04 |
2025-02-04 |
Microsoft Edge ms-its: Scheme Remote Code Execution Vulnerability |
| ZDI-25-082 |
ZDI-CAN-25014 |
Parallels |
CVE-2025-0413 |
7.8 |
2025-02-04 |
2025-06-25 |
Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-081 |
ZDI-CAN-25816 |
TeamViewer |
CVE-2025-0065 |
7.8 |
2025-02-03 |
2025-02-03 |
TeamViewer Improper Neutralization of Argument Delimiters Local Privilege Escalation Vulnerability |
| ZDI-25-080 |
ZDI-CAN-22834 |
NI |
CVE-2024-12740 |
7.8 |
2025-02-03 |
2025-02-03 |
NI Vision Builder AI JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-079 |
ZDI-CAN-22611 |
NI |
CVE-2024-12740 |
7.8 |
2025-02-03 |
2025-02-03 |
NI Vision Development Module Vision Assistant JPG File Parsing Out-of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-078 |
ZDI-CAN-22884 |
NI |
CVE-2024-12740 |
7.8 |
2025-02-03 |
2025-02-03 |
NI Vision Builder AI JPG File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-077 |
ZDI-CAN-22663 |
NI |
CVE-2024-12740 |
7.8 |
2025-02-03 |
2025-02-03 |
NI Vision Development Module Vision Assistant JPG File Parsing Out-of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-076 |
ZDI-CAN-25094 |
NoMachine |
CVE-2024-9632 |
6.7 |
2025-02-03 |
2025-02-03 |
NoMachine Incorrect Permission Assignment Local Privilege Escalation Vulnerability |
| ZDI-25-075 |
ZDI-CAN-25622 |
Canon |
CVE-2024-12649 |
8.8 |
2025-01-31 |
2025-01-31 |
(Pwn2Own) Canon imageCLASS MF656Cdw TTF Parsing Write-What-Where Condition Remote Code Execution Vulnerability |
| ZDI-25-074 |
ZDI-CAN-25592 |
Canon |
CVE-2024-12648 |
8.8 |
2025-01-31 |
2025-01-31 |
(Pwn2Own) Canon imageCLASS MF656Cdw TIF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-073 |
ZDI-CAN-25490 |
Canon |
CVE-2024-12647 |
8.8 |
2025-01-31 |
2025-01-31 |
(Pwn2Own) Canon imageCLASS MF656Cdw listObjects2 Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-072 |
ZDI-CAN-25405 |
PDF-XChange |
CVE-2025-0902 |
3.3 |
2025-01-31 |
2025-01-31 |
PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-071 |
ZDI-CAN-25422 |
PDF-XChange |
CVE-2025-0904 |
3.3 |
2025-01-31 |
2025-01-31 |
PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-070 |
ZDI-CAN-25421 |
PDF-XChange |
CVE-2025-0903 |
7.8 |
2025-01-31 |
2025-01-31 |
PDF-XChange Editor RTF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-069 |
ZDI-CAN-25435 |
PDF-XChange |
CVE-2025-0907 |
3.3 |
2025-01-31 |
2025-01-31 |
PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-068 |
ZDI-CAN-25434 |
PDF-XChange |
CVE-2025-0906 |
3.3 |
2025-01-31 |
2025-01-31 |
PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-067 |
ZDI-CAN-25433 |
PDF-XChange |
CVE-2025-0905 |
3.3 |
2025-01-31 |
2025-01-31 |
PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-066 |
ZDI-CAN-25957 |
PDF-XChange |
CVE-2025-0911 |
3.3 |
2025-01-31 |
2025-01-31 |
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-065 |
ZDI-CAN-25748 |
PDF-XChange |
CVE-2025-0910 |
7.8 |
2025-01-31 |
2025-01-31 |
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-064 |
ZDI-CAN-25678 |
PDF-XChange |
CVE-2025-0909 |
3.3 |
2025-01-31 |
2025-01-31 |
PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-063 |
ZDI-CAN-25557 |
PDF-XChange |
CVE-2025-0908 |
3.3 |
2025-01-31 |
2025-02-05 |
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-062 |
ZDI-CAN-25372 |
PDF-XChange |
CVE-2025-0901 |
7.8 |
2025-01-31 |
2025-01-31 |
PDF-XChange Editor Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-061 |
ZDI-CAN-25349 |
PDF-XChange |
CVE-2025-0899 |
7.8 |
2025-01-31 |
2025-01-31 |
PDF-XChange Editor AcroForm Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-060 |
ZDI-CAN-25396 |
Google |
CVE-2024-9954 |
7.5 |
2025-01-30 |
2025-01-30 |
Google Chrome AI Manager Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-059 |
ZDI-CAN-25000 |
Siemens |
CVE-2024-53041 |
7.8 |
2025-01-22 |
2025-01-22 |
Siemens Tecnomatix Plant Simulation WRL File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-058 |
ZDI-CAN-25206 |
Siemens |
CVE-2024-53242 |
7.8 |
2025-01-22 |
2025-01-22 |
Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-057 |
ZDI-CAN-25205 |
Siemens |
CVE-2024-45471 |
7.8 |
2025-01-22 |
2025-01-22 |
Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-056 |
ZDI-CAN-25202 |
Siemens |
CVE-2024-45469 |
7.8 |
2025-01-22 |
2025-01-22 |
Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-055 |
ZDI-CAN-25318 |
Sante |
CVE-2025-0574 |
8.2 |
2025-01-20 |
2025-01-20 |
Sante PACS Server URL path Memory Corruption Denial-of-Service Vulnerability |
| ZDI-25-054 |
ZDI-CAN-25308 |
Sante |
CVE-2025-0572 |
4.3 |
2025-01-20 |
2025-01-20 |
Sante PACS Server Web Portal DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability |
| ZDI-25-053 |
ZDI-CAN-25309 |
Sante |
CVE-2025-0573 |
5.3 |
2025-01-20 |
2025-01-20 |
Sante PACS Server DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability |
| ZDI-25-052 |
ZDI-CAN-25303 |
Sante |
CVE-2025-0569 |
7.5 |
2025-01-20 |
2025-01-20 |
Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability |
| ZDI-25-051 |
ZDI-CAN-25305 |
Sante |
CVE-2025-0571 |
6.5 |
2025-01-20 |
2025-01-20 |
Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability |
| ZDI-25-050 |
ZDI-CAN-25304 |
Sante |
CVE-2025-0570 |
6.5 |
2025-01-20 |
2025-01-20 |
Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability |
| ZDI-25-049 |
ZDI-CAN-25302 |
Sante |
CVE-2025-0568 |
7.5 |
2025-01-20 |
2025-01-20 |
Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability |
| ZDI-25-048 |
ZDI-CAN-24012 |
Apple |
CVE-2024-27856 |
8.8 |
2025-01-20 |
2025-03-06 |
Apple WebKit WebCore ContainerNode Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-047 |
ZDI-CAN-24986 |
WinZip Computing |
CVE-2025-1240 |
7.8 |
2025-02-11 |
2025-05-02 |
WinZip 7Z File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-046 |
ZDI-CAN-25333 |
Adobe |
CVE-2025-21127 |
7.3 |
2025-01-20 |
2025-01-20 |
Adobe Photoshop node_modules Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
| ZDI-25-045 |
ZDI-CAN-25456 |
7-Zip |
CVE-2025-0411 |
7.0 |
2025-01-19 |
2025-01-19 |
7-Zip Mark-of-the-Web Bypass Vulnerability |
| ZDI-25-044 |
ZDI-CAN-25713 |
Ivanti |
CVE-2024-13179 |
7.3 |
2025-01-19 |
2025-01-19 |
Ivanti Avalanche SecureFilter Authentication Bypass Vulnerability |
| ZDI-25-043 |
ZDI-CAN-25712 |
Ivanti |
CVE-2024-13180 |
7.5 |
2025-01-19 |
2025-01-19 |
Ivanti Avalanche Faces ResourceManager Information Disclosure Vulnerability |
| ZDI-25-042 |
ZDI-CAN-25711 |
Ivanti |
CVE-2024-13181 |
7.3 |
2025-01-19 |
2025-01-19 |
Ivanti Avalanche SecureFilter allowPassThrough Authentication Bypass Vulnerability |
| ZDI-25-041 |
ZDI-CAN-25929 |
Ivanti |
CVE-2024-13162 |
7.2 |
2025-01-19 |
2025-01-19 |
Ivanti Endpoint Manager updateAssetInfo SQL Injection Remote Code Execution Vulnerability |
| ZDI-25-040 |
ZDI-CAN-25432 |
Ivanti |
CVE-2024-13163 |
7.8 |
2025-01-19 |
2025-01-19 |
Ivanti Endpoint Manager DecodeBase64Object Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-039 |
ZDI-CAN-25431 |
Ivanti |
CVE-2024-13164 |
6.2 |
2025-01-19 |
2025-01-19 |
Ivanti Endpoint Manager AlertService Uninitialized Memory Information Disclosure Vulnerability |
| ZDI-25-038 |
ZDI-CAN-25420 |
Ivanti |
CVE-2024-13165 |
7.5 |
2025-01-19 |
2025-01-19 |
Ivanti Endpoint Manager Improper Input Validation AlertService Denial-of-Service Vulnerability |
| ZDI-25-037 |
ZDI-CAN-25419 |
Ivanti |
CVE-2024-13166 |
7.5 |
2025-01-19 |
2025-01-19 |
Ivanti Endpoint Manager AlertService Improper Input Validation Denial-of-Service Vulnerability |
| ZDI-25-036 |
ZDI-CAN-25418 |
Ivanti |
CVE-2024-13167 |
7.5 |
2025-01-19 |
2025-01-19 |
Ivanti Endpoint Manager AlertService Improper Input Validation Denial-of-Service Vulnerability |
| ZDI-25-035 |
ZDI-CAN-25417 |
Ivanti |
CVE-2024-13168 |
7.5 |
2025-01-19 |
2025-01-19 |
Ivanti Endpoint Manager AlertService Improper Input Validation Denial-of-Service Vulnerability |
| ZDI-25-034 |
ZDI-CAN-25416 |
Ivanti |
CVE-2024-13169 |
5.5 |
2025-01-19 |
2025-01-19 |
Ivanti Endpoint Manager AlertService Type Confusion Information Disclosure Vulnerability |
| ZDI-25-033 |
ZDI-CAN-25415 |
Ivanti |
CVE-2024-13170 |
7.5 |
2025-01-19 |
2025-01-19 |
Ivanti Endpoint Manager AlertService Improper Input Validation Denial-of-Service Vulnerability |
| ZDI-25-032 |
ZDI-CAN-25249 |
Ivanti |
CVE-2024-13172 |
7.8 |
2025-01-19 |
2025-01-19 |
Ivanti Endpoint Manager HIIDriver Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability |
| ZDI-25-031 |
ZDI-CAN-25209 |
Ivanti |
CVE-2024-13158 |
7.2 |
2025-01-19 |
2025-01-19 |
Ivanti Endpoint Manager MyResolveEventHandler Untrusted Search Path Remote Code Execution Vulnerability |
| ZDI-25-030 |
ZDI-CAN-25187 |
Microsoft |
CVE-2025-21363 |
7.8 |
2025-01-15 |
2025-01-15 |
Microsoft Office Word DOCX File Parsing Uninitialized Pointer Remote Code Execution Vulnerability |
| ZDI-25-029 |
ZDI-CAN-25332 |
Microsoft |
CVE-2025-21331 |
7.8 |
2025-01-15 |
2025-01-15 |
Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-028 |
ZDI-CAN-25188 |
Microsoft |
CVE-2025-21298 |
7.8 |
2025-01-15 |
2025-01-15 |
Microsoft Office Word RTF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-027 |
ZDI-CAN-23793 |
Google |
CVE-2024-2886 |
5.4 |
2025-01-12 |
2025-01-12 |
(Pwn2Own) Google Chrome VideoFrame Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-026 |
ZDI-CAN-24744 |
Mintty |
CVE-2024-45301 |
5.3 |
2025-01-10 |
2025-01-10 |
Mintty Path Conversion Improper Input Validation Information Disclosure Vulnerability |
| ZDI-25-025 |
ZDI-CAN-22247 |
Avira |
CVE-2024-9525 |
7.8 |
2025-01-09 |
2025-01-09 |
Avira Prime System Speedup Service Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-024 |
ZDI-CAN-22246 |
Avira |
CVE-2024-9524 |
7.8 |
2025-01-09 |
2025-01-09 |
Avira Prime System Speedup Service Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-023 |
ZDI-CAN-22245 |
Avira |
CVE-2024-9523 |
7.8 |
2025-01-09 |
2025-01-09 |
Avira Prime System Speedup Service Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-022 |
ZDI-CAN-25404 |
Apple |
|
3.3 |
2025-01-09 |
2025-01-09 |
Apple macOS libFontValidation Font Glyph YCoordinate Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-021 |
ZDI-CAN-25364 |
Apple |
|
3.3 |
2025-01-09 |
2025-01-09 |
Apple macOS libFontValidation Font Glyph Flags Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-020 |
ZDI-CAN-25366 |
Apple |
|
3.3 |
2025-01-09 |
2025-01-09 |
Apple macOS libFontValidation post Table Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-019 |
ZDI-CAN-25339 |
Apple |
|
3.3 |
2025-01-09 |
2025-01-09 |
Apple macOS libFontValidation loca Table Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-018 |
ZDI-CAN-25341 |
Apple |
|
3.3 |
2025-01-09 |
2025-01-09 |
Apple macOS libFontValidation Font Header Name Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-017 |
ZDI-CAN-25340 |
Apple |
|
3.3 |
2025-01-09 |
2025-01-09 |
Apple macOS libFontValidation kern Table Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-016 |
ZDI-CAN-25263 |
Apple |
CVE-2024-44240, CVE-2024-44302 |
3.3 |
2025-01-09 |
2025-01-09 |
Apple macOS CoreText Font Ligature Caret List Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-015 |
ZDI-CAN-25213 |
Apple |
CVE-2024-44240, CVE-2024-44302 |
3.3 |
2025-01-09 |
2025-01-09 |
Apple macOS CoreText Font Ligature Caret List Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-014 |
ZDI-CAN-24821 |
SonicWALL |
CVE-2024-53706 |
7.8 |
2025-01-09 |
2025-01-09 |
SonicWALL NSv setSshdConfig Exposed Dangerous Function Local Privilege Escalation Vulnerability |
| ZDI-25-013 |
ZDI-CAN-24820 |
SonicWALL |
CVE-2024-53705 |
8.1 |
2025-01-09 |
2025-01-09 |
SonicWALL NSv SSH Management Server-Side Request Forgery Vulnerability |
| ZDI-25-012 |
ZDI-CAN-24819 |
SonicWALL |
CVE-2024-53704 |
9.8 |
2025-01-09 |
2025-01-09 |
SonicWALL NSv Authentication Bypass Vulnerability |
| ZDI-25-011 |
ZDI-CAN-24818 |
SonicWALL |
CVE-2024-40762 |
8.8 |
2025-01-09 |
2025-01-09 |
SonicWALL NSv Cryptographically Weak PRNG Authentication Bypass Vulnerability |
| ZDI-25-010 |
ZDI-CAN-24487 |
Redis |
CVE-2024-46981 |
7.2 |
2025-01-09 |
2025-01-09 |
Redis Stack Lua Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-009 |
ZDI-CAN-24143 |
Redis |
CVE-2024-55656 |
8.8 |
2025-01-09 |
2025-01-09 |
Redis Stack RedisBloom Integer Overflow Remote Code Execution Vulnerability |
| ZDI-25-008 |
ZDI-CAN-24932 |
Trend Micro |
CVE-2024-55955 |
6.7 |
2025-01-08 |
2025-01-08 |
Trend Micro Deep Security Agent Incorrect Permissions Local Privilege Escalation Vulnerability |
| ZDI-25-007 |
ZDI-CAN-23401 |
Trend Micro |
CVE-2024-52047 |
7.5 |
2025-01-08 |
2025-01-08 |
Trend Micro Apex One widget getWidgetPoolManager Local File Inclusion Remote Code Execution Vulnerability |
| ZDI-25-006 |
ZDI-CAN-24674 |
Trend Micro |
CVE-2024-52049 |
7.8 |
2025-01-08 |
2025-01-08 |
Trend Micro Apex One LogServer Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-005 |
ZDI-CAN-24675 |
Trend Micro |
CVE-2024-52048 |
7.8 |
2025-01-08 |
2025-01-08 |
Trend Micro Apex One LogServer Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-004 |
ZDI-CAN-24566 |
Trend Micro |
CVE-2024-55917 |
7.8 |
2025-01-08 |
2025-01-08 |
Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability |
| ZDI-25-003 |
ZDI-CAN-24557 |
Trend Micro |
CVE-2024-55632 |
7.8 |
2025-01-08 |
2025-01-08 |
Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-002 |
ZDI-CAN-24609 |
Trend Micro |
CVE-2024-52050 |
7.8 |
2025-01-08 |
2025-01-08 |
Trend Micro Apex One LogServer Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-001 |
ZDI-CAN-23995 |
Trend Micro |
CVE-2024-55631 |
7.8 |
2025-01-08 |
2025-01-08 |
Trend Micro Apex One Damage Cleanup Engine Link Following Local Privilege Escalation Vulnerability |
