| ZDI-25-308 |
ZDI-CAN-25684 |
Adobe |
CVE-2025-30310 |
7.8 |
2025-05-21 |
2025-05-21 |
Adobe Dreamweaver V8 Remote Code Execution Vulnerability |
| ZDI-25-307 |
ZDI-CAN-26711 |
Linux |
|
6.7 |
2025-05-21 |
2025-05-21 |
Linux Kernel OpenvSwitch Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-306 |
ZDI-CAN-23513 |
Docker |
CVE-2024-5652 |
7.8 |
2025-05-21 |
2025-05-21 |
Docker Desktop Helper Service Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-305 |
ZDI-CAN-24156 |
Apple |
CVE-2025-31219 |
8.8 |
2025-05-21 |
2025-05-21 |
Apple XNU kernel vm_map Race Condition Local Privilege Escalation Vulnerability |
| ZDI-25-304 |
ZDI-CAN-26603 |
Apple |
CVE-2025-31251 |
8.8 |
2025-05-21 |
2025-05-21 |
Apple macOS JPEG Image Decoding Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-303 |
ZDI-CAN-26148 |
Apple |
CVE-2025-24222 |
4.3 |
2025-05-21 |
2025-05-21 |
Apple Safari SandboxBroker ZIP File Processing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-302 |
ZDI-CAN-26650 |
Apple |
CVE-2025-31239 |
7.8 |
2025-05-21 |
2025-05-21 |
Apple macOS CoreMedia Framework Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-301 |
ZDI-CAN-26150 |
Apple |
CVE-2025-31238 |
8.8 |
2025-05-21 |
2025-05-21 |
Apple Safari Scrollbar Animation Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-300 |
ZDI-CAN-26714 |
Apple |
CVE-2025-31209 |
3.3 |
2025-05-21 |
2025-05-21 |
Apple macOS PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-299 |
ZDI-CAN-26783 |
Apple |
CVE-2025-31208 |
3.3 |
2025-05-21 |
2025-05-21 |
Apple macOS acv2 Codec Converter Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-298 |
ZDI-CAN-26826 |
Apple |
CVE-2025-31233 |
8.8 |
2025-05-21 |
2025-05-21 |
Apple macOS MP4 File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-297 |
ZDI-CAN-24936 |
Trend Micro |
CVE-2025-47867 |
7.5 |
2025-05-21 |
2025-05-21 |
Trend Micro Apex Central widget getBlock Local File Inclusion Remote Code Execution Vulnerability |
| ZDI-25-296 |
ZDI-CAN-25331 |
Trend Micro |
CVE-2025-47866 |
4.3 |
2025-05-21 |
2025-05-21 |
Trend Micro Apex Central modTMCM Unrestricted File Upload Vulnerability |
| ZDI-25-295 |
ZDI-CAN-24938 |
Trend Micro |
CVE-2025-47865 |
7.5 |
2025-05-21 |
2025-05-21 |
Trend Micro Apex Central widget getObjWGFServiceApiByApiName Local File Inclusion Remote Code Execution Vulnerability |
| ZDI-25-294 |
ZDI-CAN-26137 |
Microsoft |
CVE-2025-29975 |
7.8 |
2025-05-21 |
2025-05-21 |
Microsoft PC Manager MSPCManagerService Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-293 |
ZDI-CAN-26153 |
Microsoft |
CVE-2025-29837 |
6.1 |
2025-05-21 |
2025-05-21 |
Microsoft Windows Installer Service Link Following Information Disclosure Vulnerability |
| ZDI-25-292 |
ZDI-CAN-27202 |
Mozilla |
CVE-2025-4919 |
8.8 |
2025-05-21 |
2025-05-21 |
(Pwn2Own) Mozilla Firefox SpiderMonkey Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-291 |
ZDI-CAN-27172 |
Mozilla |
CVE-2025-4919 |
8.8 |
2025-05-21 |
2025-05-21 |
(Pwn2Own) Mozilla Firefox IonMonkey JIT Compiler Integer Overflow Remote Code Execution Vulnerability |
| ZDI-25-290 |
ZDI-CAN-25727 |
Rockwell Automation |
CVE-2025-3617 |
7.8 |
2025-05-13 |
2025-05-21 |
Rockwell Automation ThinManager ThinServer Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-289 |
ZDI-CAN-25872 |
Rockwell Automation |
CVE-2025-3618 |
7.5 |
2025-05-13 |
2025-05-13 |
Rockwell Automation ThinManager ThinServer Null Pointer Dereference Denial-of-Service Vulnerability |
| ZDI-25-288 |
ZDI-CAN-25181 |
Fortinet |
CVE-2025-25254 |
7.2 |
2025-05-13 |
2025-05-13 |
Fortinet FortiWeb cgi_httpcontentrouting_post Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-287 |
ZDI-CAN-25977 |
JetBrains |
CVE-2025-46618 |
5.4 |
2025-05-13 |
2025-05-13 |
JetBrains TeamCity Diagnostics Data Directory Cross-Site Scripting Vulnerability |
| ZDI-25-286 |
ZDI-CAN-26017 |
Dassault Systèmes |
CVE-2025-1883 |
7.8 |
2025-05-13 |
2025-05-13 |
Dassault Systèmes eDrawings Viewer OBJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-285 |
ZDI-CAN-26029 |
Dassault Systèmes |
CVE-2025-1884 |
7.8 |
2025-05-13 |
2025-05-13 |
Dassault Systèmes eDrawings Viewer SLDPRT File Parsing Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-284 |
ZDI-CAN-22063 |
MATE Desktop |
|
7.8 |
2025-05-02 |
2025-05-02 |
MATE Desktop Atril Document Viewer EPUB File Parsing Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-283 |
ZDI-CAN-22225 |
MATE Desktop |
|
7.8 |
2025-05-02 |
2025-05-02 |
MATE Desktop Atril Document Viewer CBT File Parsing Argument Injection Remote Code Execution Vulnerability |
| ZDI-25-282 |
ZDI-CAN-26502 |
Webmin |
CVE-2025-2774 |
8.8 |
2025-05-01 |
2025-05-01 |
Webmin CRLF Injection Privilege Escalation Vulnerability |
| ZDI-25-281 |
ZDI-CAN-25017 |
Cisco |
CVE-2025-20175 |
8.8 |
2025-05-01 |
2025-05-01 |
Cisco IOS XE SNMP SET cewProxyClass Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-280 |
ZDI-CAN-25024 |
Cisco |
CVE-2025-20170 |
6.5 |
2025-05-01 |
2025-05-01 |
Cisco IOS XE SNMP GET-NEXT ciscoFlashChipCode Unexpected Sign Extension Denial-of-Service Vulnerability |
| ZDI-25-279 |
ZDI-CAN-25022 |
Cisco |
CVE-2025-20173 |
8.8 |
2025-05-01 |
2025-05-01 |
Cisco IOS XE SNMP GET-NEXT cContextMappingBridgeDomainIdentifier Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-278 |
ZDI-CAN-25021 |
Cisco |
CVE-2025-20176 |
8.8 |
2025-05-01 |
2025-05-01 |
Cisco IOS XE SNMP GET-NEXT ctspIpSgtValue Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-277 |
ZDI-CAN-25020 |
Cisco |
CVE-2025-20175 |
8.8 |
2025-05-01 |
2025-05-01 |
Cisco IOS XE SNMP SET cewEventTime Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-276 |
ZDI-CAN-25019 |
Cisco |
CVE-2025-20174 |
7.5 |
2025-05-01 |
2025-05-01 |
Cisco IOS XE SNMP GET-NEXT cilmCurrentImageLevel Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-275 |
ZDI-CAN-25018 |
Cisco |
CVE-2025-20171 |
6.5 |
2025-05-01 |
2025-05-01 |
Cisco IOS XE SNMP GET-NEXT callHomeUserDefCmdName Unexpected Sign Extension Denial-of-Service Vulnerability |
| ZDI-25-274 |
ZDI-CAN-25575 |
Cisco |
CVE-2025-20172 |
4.3 |
2025-05-01 |
2025-05-01 |
Cisco IOS XE SNMP OID Handling Out-Of-Bounds Read Denial-of-Service Vulnerability |
| ZDI-25-273 |
ZDI-CAN-25023 |
Cisco |
CVE-2025-20172 |
4.3 |
2025-05-01 |
2025-05-01 |
Cisco IOS XE SNMP OID Handling Out-Of-Bounds Read Denial-of-Service Vulnerability |
| ZDI-25-272 |
ZDI-CAN-25576 |
Cisco |
CVE-2025-20172 |
4.3 |
2025-05-01 |
2025-05-01 |
Cisco IOS XE SNMP OID Handling Out-Of-Bounds Read Denial-of-Service Vulnerability |
| ZDI-25-271 |
ZDI-CAN-25577 |
Cisco |
CVE-2025-20172 |
4.3 |
2025-05-01 |
2025-05-01 |
Cisco IOS XE SNMP OID Handling Out-Of-Bounds Read Denial-of-Service Vulnerability |
| ZDI-25-270 |
ZDI-CAN-25030 |
Cisco |
CVE-2025-20169 |
6.5 |
2025-05-01 |
2025-05-01 |
Cisco IOS XE SNMP GET-NEXT ciscoFlashFileSize Unexpected Sign Extension Denial-of-Service Vulnerability |
| ZDI-25-269 |
ZDI-CAN-25663 |
Synology |
CVE-2024-10445 |
5.3 |
2025-05-01 |
2025-05-01 |
(Pwn2Own) Synology BeeStation BST150-4T Unnecessary Privileges Remote Code Execution Vulnerability |
| ZDI-25-268 |
ZDI-CAN-25448 |
GStreamer |
CVE-2025-2759 |
7.0 |
2025-04-30 |
2025-04-30 |
GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability |
| ZDI-25-267 |
ZDI-CAN-26596 |
GStreamer |
CVE-2025-3887 |
8.8 |
2025-04-30 |
2025-04-30 |
GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-266 |
ZDI-CAN-22235 |
Apache |
CVE-2025-29953 |
8.1 |
2025-04-30 |
2025-04-30 |
Apache ActiveMQ NMS Body Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-265 |
ZDI-CAN-23800 |
Tesla |
CVE-2025-2082 |
7.5 |
2025-04-30 |
2025-04-30 |
(Pwn2Own) Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerability |
| ZDI-25-264 |
ZDI-CAN-23201 |
Tesla |
CVE-2024-6032 |
7.8 |
2025-04-30 |
2025-04-30 |
(Pwn2Own) Tesla Model S Iris Modem ql_atfwd Command Injection Code Execution Vulnerability |
| ZDI-25-263 |
ZDI-CAN-23200 |
Tesla |
CVE-2024-6030 |
7.0 |
2025-04-30 |
2025-04-30 |
(Pwn2Own) Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerability |
| ZDI-25-262 |
ZDI-CAN-23199 |
Tesla |
CVE-2024-13943 |
7.8 |
2025-04-30 |
2025-04-30 |
(Pwn2Own) Tesla Model S Iris Modem QCMAP_ConnectionManager Improper Input Validation Sandbox Escape Vulnerability |
| ZDI-25-261 |
ZDI-CAN-23198 |
Tesla |
CVE-2024-6031 |
7.8 |
2025-04-30 |
2025-04-30 |
(Pwn2Own) Tesla Model S oFono AT Command Heap-based Buffer Overflow Code Execution Vulnerability |
| ZDI-25-260 |
ZDI-CAN-23197 |
Tesla |
CVE-2024-6029 |
5.0 |
2025-04-30 |
2025-04-30 |
(Pwn2Own) Tesla Model S Iris Modem Race Condition Firewall Bypass Vulnerability |
| ZDI-25-259 |
ZDI-CAN-23843 |
Adobe |
CVE-2024-34098 |
7.8 |
2025-04-30 |
2025-04-30 |
(Pwn2Own) Adobe Acrobat Reader DC Collab Command Injection Remote Code Execution Vulnerability |
| ZDI-25-258 |
ZDI-CAN-23553 |
Adobe |
CVE-2024-34099 |
7.8 |
2025-04-30 |
2025-04-30 |
(Pwn2Own) Adobe Acrobat Reader DC distributionURL JavaScript API Restrictions Bypass Vulnerability |
| ZDI-25-257 |
ZDI-CAN-23786 |
Oracle |
CVE-2024-21113 |
8.2 |
2025-04-30 |
2025-04-30 |
(Pwn2Own) Oracle VirtualBox OHCI USB Controller Race Condition Local Privilege Escalation Vulnerability |
| ZDI-25-256 |
ZDI-CAN-26610 |
Avast |
CVE-2025-3500 |
8.8 |
2025-04-24 |
2025-04-24 |
Avast Free Antivirus Integer Overflow Local Privilege Escalation Vulnerability |
| ZDI-25-255 |
ZDI-CAN-25730 |
Allegra |
CVE-2025-3486 |
7.2 |
2025-04-24 |
2025-04-24 |
Allegra isZipEntryValide Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-254 |
ZDI-CAN-26524 |
Allegra |
CVE-2025-3485 |
7.2 |
2025-04-24 |
2025-04-24 |
Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-253 |
ZDI-CAN-25726 |
SonicWALL |
CVE-2025-32817 |
6.1 |
2025-04-24 |
2025-05-21 |
SonicWALL Connect Tunnel Link Following Denial-of-Service Vulnerability |
| ZDI-25-252 |
ZDI-CAN-23275 |
Cato Networks |
|
7.8 |
2025-04-23 |
2025-04-24 |
(0Day) Cato Networks Cato Client for macOS Helper Service Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability |
| ZDI-25-251 |
ZDI-CAN-23942 |
Harman Becker |
CVE-2025-3885 |
5.3 |
2025-04-23 |
2025-04-23 |
(0Day) Harman Becker MGU21 Bluetooth Improper Input Validation Denial-of-Service Vulnerability |
| ZDI-25-250 |
ZDI-CAN-24332 |
Cloudera |
CVE-2025-3884 |
7.5 |
2025-04-23 |
2025-04-23 |
(0Day) Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability |
| ZDI-25-249 |
ZDI-CAN-23115 |
eCharge Hardy Barth |
CVE-2025-3883 |
8.8 |
2025-04-23 |
2025-04-23 |
(0Day) eCharge Hardy Barth cPH2 index.php Command Injection Remote Code Execution Vulnerability |
| ZDI-25-248 |
ZDI-CAN-23114 |
eCharge Hardy Barth |
CVE-2025-3882 |
8.8 |
2025-04-23 |
2025-04-23 |
(0Day) eCharge Hardy Barth cPH2 nwcheckexec.php dest Command Injection Remote Code Execution Vulnerability |
| ZDI-25-247 |
ZDI-CAN-23113 |
eCharge Hardy Barth |
CVE-2025-3881 |
8.8 |
2025-04-23 |
2025-04-23 |
(0Day) eCharge Hardy Barth cPH2 check_req.php ntp Command Injection Remote Code Execution Vulnerability |
| ZDI-25-246 |
ZDI-CAN-25842 |
MedDream |
CVE-2025-3480 |
5.3 |
2025-04-09 |
2025-04-22 |
MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure Vulnerability |
| ZDI-25-245 |
ZDI-CAN-25827 |
MedDream |
CVE-2025-3481 |
9.8 |
2025-04-09 |
2025-04-22 |
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-244 |
ZDI-CAN-25826 |
MedDream |
CVE-2025-3482 |
9.8 |
2025-04-09 |
2025-04-22 |
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-243 |
ZDI-CAN-25825 |
MedDream |
CVE-2025-3483 |
9.8 |
2025-04-09 |
2025-04-22 |
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-242 |
ZDI-CAN-25853 |
MedDream |
CVE-2025-3484 |
9.8 |
2025-04-09 |
2025-04-22 |
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-241 |
ZDI-CAN-25681 |
Trend Micro |
CVE-2025-30642 |
5.5 |
2025-04-09 |
2025-04-09 |
Trend Micro Deep Security Agent Link Following Denial-of-Service Vulnerability |
| ZDI-25-240 |
ZDI-CAN-24931 |
Trend Micro |
CVE-2025-30641 |
7.8 |
2025-04-09 |
2025-04-09 |
Trend Micro Deep Security Anti-Malware Solution Platform Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-239 |
ZDI-CAN-24930 |
Trend Micro |
CVE-2025-30640 |
7.8 |
2025-04-09 |
2025-04-09 |
Trend Micro Deep Security Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-238 |
ZDI-CAN-25524 |
Trend Micro |
CVE-2025-30680 |
7.1 |
2025-04-09 |
2025-04-09 |
Trend Micro Apex Central Query Server-Side Request Forgery Information Disclosure Vulnerability |
| ZDI-25-237 |
ZDI-CAN-24934 |
Trend Micro |
CVE-2025-30679 |
6.5 |
2025-04-09 |
2025-04-09 |
Trend Micro Apex Central modOSCE Server-Side Request Forgery Information Disclosure Vulnerability |
| ZDI-25-236 |
ZDI-CAN-24939 |
Trend Micro |
CVE-2025-30678 |
6.5 |
2025-04-09 |
2025-04-09 |
Trend Micro Apex Central modTMSM Server-Side Request Forgery Information Disclosure Vulnerability |
| ZDI-25-235 |
ZDI-CAN-25953 |
Ivanti |
CVE-2025-22461 |
7.2 |
2025-04-09 |
2025-04-09 |
Ivanti Endpoint Manager OpenRecordSet SQL Injection Remote Code Execution Vulnerability |
| ZDI-25-234 |
ZDI-CAN-25985 |
Microsoft |
CVE-2025-29812 |
8.8 |
2025-04-09 |
2025-04-09 |
Microsoft Windows dxkrnl Untrusted Pointer Dereference Local Privilege Escalation Vulnerability |
| ZDI-25-233 |
ZDI-CAN-24586 |
Luxion |
CVE-2025-1045 |
7.8 |
2025-04-09 |
2025-04-09 |
Luxion KeyShot Viewer KSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-232 |
ZDI-CAN-23694 |
Luxion |
CVE-2025-1047 |
7.8 |
2025-04-09 |
2025-04-09 |
Luxion KeyShot PVS File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability |
| ZDI-25-231 |
ZDI-CAN-23646 |
Luxion |
CVE-2025-1046 |
7.8 |
2025-04-09 |
2025-04-09 |
Luxion KeyShot SKP File Parsing Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-230 |
ZDI-CAN-25651 |
Samsung |
CVE-2024-49413 |
7.5 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Samsung Galaxy S24 Smart Switch Agent Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability |
| ZDI-25-229 |
ZDI-CAN-25650 |
Samsung |
CVE-2024-49421 |
5.9 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Samsung Galaxy S24 Quick Share Directory Traversal Arbitrary File Write Vulnerability |
| ZDI-25-228 |
ZDI-CAN-25649 |
Samsung |
|
5.3 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Samsung Galaxy S24 Quick Share Insufficient UI Warning Arbitrary File Write Vulnerability |
| ZDI-25-227 |
ZDI-CAN-25648 |
Samsung |
CVE-2024-49420 |
5.3 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Samsung Galaxy S24 Gaming Hub Exposed Dangerous Method Local Privilege Escalation Vulnerability |
| ZDI-25-226 |
ZDI-CAN-25581 |
Samsung |
CVE-2024-49419, CVE-2024-49418 |
5.4 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Samsung Galaxy S24 Gaming Hub Improper Input Validation Privilege Escalation Vulnerability |
| ZDI-25-225 |
ZDI-CAN-25606 |
Sonos |
CVE-2025-1050 |
8.8 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-224 |
ZDI-CAN-25601 |
Sonos |
CVE-2025-1049 |
8.8 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-223 |
ZDI-CAN-25535 |
Sonos |
CVE-2025-1048 |
8.8 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Sonos Era 300 Speaker libsmb2 Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-222 |
ZDI-CAN-25674 |
Lexmark |
CVE-2024-11346 |
4.3 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Lexmark CX331adwe concatstrings Type Confusion Information Disclosure Vulnerability |
| ZDI-25-221 |
ZDI-CAN-25849 |
Lexmark |
|
7.0 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Lexmark CX331adwe httpd extract-trace Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-220 |
ZDI-CAN-25848 |
Lexmark |
|
6.3 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Lexmark CX331adwe basic_auth.cgi PATH_TRANSLATED Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-219 |
ZDI-CAN-25676 |
Lexmark |
CVE-2024-11347 |
8.8 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Lexmark CX331adwe JBIG2 File Parsing new_image Integer Overflow Remote Code Execution Vulnerability |
| ZDI-25-218 |
ZDI-CAN-25621 |
Lexmark |
CVE-2024-11345 |
8.8 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Lexmark CX331adwe JPEG2000 Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-217 |
ZDI-CAN-25539 |
Lexmark |
CVE-2024-11344 |
8.8 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Lexmark CX331adwe loadCFFdata Type Confusion Remote Code Execution Vulnerability |
| ZDI-25-216 |
ZDI-CAN-25538 |
Synology |
CVE-2024-11131 |
8.8 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Synology TC500 ONVIF Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-215 |
ZDI-CAN-25487 |
Synology |
CVE-2024-10444 |
7.5 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Synology DiskStation DS1823xs+ LDAP Client Improper Certificate Validation Authentication Bypass Vulnerability |
| ZDI-25-214 |
ZDI-CAN-25403 |
Synology |
CVE-2024-10441 |
8.8 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Synology DiskStation DS1823xs+ Vue.JS Improper Neutralization of Argument Delimiters Remote Code Execution Vulnerability |
| ZDI-25-213 |
ZDI-CAN-25659 |
Synology |
CVE-2024-50631 |
6.4 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Synology BeeStation BST150-4T SQL Injection Remote Code Execution Vulnerability |
| ZDI-25-212 |
ZDI-CAN-25658 |
Synology |
CVE-2024-50630 |
7.5 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Synology BeeStation BST150-4T Improper Authentication Vulnerability |
| ZDI-25-211 |
ZDI-CAN-25613 |
Synology |
CVE-2024-50629 |
6.5 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Synology BeeStation BST150-4T CRLF Injection Information Disclosure Vulnerability |
| ZDI-25-210 |
ZDI-CAN-25662 |
Synology |
CVE-2024-10445 |
7.5 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Synology BeeStation BST150-4T Improper Input Validation Remote Code Execution Vulnerability |
| ZDI-25-209 |
ZDI-CAN-25617 |
Synology |
CVE-2024-10445 |
4.3 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Synology BeeStation BST150-4T Cleartext Transmission of Sensitive Information Vulnerability |
| ZDI-25-208 |
ZDI-CAN-25607 |
Synology |
CVE-2024-10442 |
7.5 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Synology DiskStation DS1823xs+ Replication Service Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-207 |
ZDI-CAN-25623 |
Synology |
CVE-2024-10443 |
8.8 |
2025-04-09 |
2025-04-09 |
(Pwn2Own) Synology BeeStation BST150-4T Command Injection Remote Code Execution Vulnerability |
| ZDI-25-206 |
ZDI-CAN-25427 |
Amazon |
|
9.8 |
2025-04-07 |
2025-04-07 |
Amazon AWS CloudFormation Templates Uncontrolled Search Path Element Remote Code Execution Vulnerability |
| ZDI-25-205 |
ZDI-CAN-25426 |
Amazon |
|
9.8 |
2025-04-07 |
2025-04-07 |
Amazon AWS CloudFormation Templates Uncontrolled Search Path Element Remote Code Execution Vulnerability |
| ZDI-25-204 |
ZDI-CAN-25100 |
GIMP |
CVE-2025-2761 |
7.8 |
2025-04-07 |
2025-04-07 |
GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-203 |
ZDI-CAN-25082 |
GIMP |
CVE-2025-2760 |
7.8 |
2025-04-07 |
2025-04-07 |
GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability |
| ZDI-25-202 |
ZDI-CAN-25559 |
Fortinet |
CVE-2024-55597 |
5.5 |
2025-04-07 |
2025-04-07 |
Fortinet FortiWeb cgi_xmlprotection_xmlschemafile_post Directory Traversal Arbitrary File Write Vulnerability |
| ZDI-25-201 |
ZDI-CAN-25572 |
Trend Micro |
CVE-2025-27529 |
4.4 |
2025-04-07 |
2025-04-07 |
Trend Micro Cleaner One Pro Link Following Denial-of-Service Vulnerability |
| ZDI-25-200 |
ZDI-CAN-26250 |
Exim |
CVE-2025-30232 |
7.8 |
2025-04-07 |
2025-04-07 |
Exim Use-After-Free Local Privilege Escalation Vulnerability |
| ZDI-25-199 |
ZDI-CAN-25970 |
Autodesk |
CVE-2025-1660 |
7.8 |
2025-04-03 |
2025-04-03 |
Autodesk Navisworks Freedom DWFX File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-198 |
ZDI-CAN-25968 |
Autodesk |
CVE-2025-1659 |
7.8 |
2025-04-03 |
2025-04-03 |
Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-197 |
ZDI-CAN-25971 |
Autodesk |
CVE-2025-1658 |
7.8 |
2025-04-03 |
2025-04-03 |
Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-196 |
ZDI-CAN-25736 |
Apple |
CVE-2025-24185 |
7.8 |
2025-04-01 |
2025-04-01 |
Apple macOS ICC Profile Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-195 |
ZDI-CAN-25812 |
Apple |
CVE-2025-24210 |
4.3 |
2025-04-01 |
2025-04-01 |
Apple macOS CoreGraphics Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-194 |
ZDI-CAN-26063 |
Apple |
CVE-2025-24256 |
6.4 |
2025-04-01 |
2025-04-01 |
Apple macOS AppleIntelKBLGraphics Time-Of-Check Time-Of-Use Information Disclosure Vulnerability |
| ZDI-25-193 |
ZDI-CAN-26154 |
Apple |
CVE-2025-24182 |
3.3 |
2025-04-01 |
2025-04-01 |
Apple macOS CoreText Font Glyphs Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-192 |
ZDI-CAN-26494 |
Apple |
CVE-2025-24190 |
8.8 |
2025-04-01 |
2025-04-01 |
Apple macOS MP4 File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-191 |
ZDI-CAN-26497 |
Apple |
CVE-2025-24211 |
8.8 |
2025-04-01 |
2025-04-01 |
Apple macOS MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-190 |
ZDI-CAN-26495 |
Apple |
CVE-2025-24230 |
4.3 |
2025-04-01 |
2025-04-01 |
Apple macOS MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-189 |
ZDI-CAN-26248 |
Apple |
CVE-2025-24243 |
7.8 |
2025-04-01 |
2025-04-01 |
Apple macOS AudioToolbox AMR File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-188 |
ZDI-CAN-26247 |
Apple |
CVE-2025-24244 |
3.3 |
2025-04-01 |
2025-04-01 |
Apple macOS AudioToolboxCore WAV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-187 |
ZDI-CAN-25903 |
BEC Technologies |
CVE-2025-2773 |
7.2 |
2025-03-25 |
2025-03-25 |
(0Day) BEC Technologies Multiple Routers sys ping Command Injection Remote Code Execution Vulnerability |
| ZDI-25-186 |
ZDI-CAN-25986 |
BEC Technologies |
CVE-2025-2770 |
4.9 |
2025-03-25 |
2025-03-25 |
(0Day) BEC Technologies Multiple Routers Cleartext Password Storage Information Disclosure Vulnerability |
| ZDI-25-185 |
ZDI-CAN-25895 |
BEC Technologies |
CVE-2025-2772 |
5.3 |
2025-03-25 |
2025-03-25 |
(0Day) BEC Technologies Multiple Routers Insufficiently Protected Credentials Information Disclosure Vulnerability |
| ZDI-25-184 |
ZDI-CAN-25894 |
BEC Technologies |
CVE-2025-2771 |
5.3 |
2025-03-25 |
2025-03-25 |
(0Day) BEC Technologies Multiple Routers Authentication Bypass Vulnerability |
| ZDI-25-183 |
ZDI-CAN-25295 |
Bdrive |
CVE-2025-2769 |
7.8 |
2025-03-25 |
2025-03-25 |
(0Day) Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
| ZDI-25-182 |
ZDI-CAN-25041 |
Bdrive |
CVE-2025-2768 |
7.8 |
2025-03-25 |
2025-03-25 |
(0Day) Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
| ZDI-25-181 |
ZDI-CAN-24407 |
Arista |
CVE-2025-2767 |
8.8 |
2025-03-25 |
2025-03-25 |
(0Day) Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability |
| ZDI-25-180 |
ZDI-CAN-24996 |
70mai |
CVE-2025-2766 |
8.8 |
2025-03-25 |
2025-03-25 |
(0Day) 70mai A510 Use of Default Password Authentication Bypass Vulnerability |
| ZDI-25-179 |
ZDI-CAN-24356 |
CarlinKit |
CVE-2025-2763 |
6.8 |
2025-03-25 |
2025-03-25 |
(0Day) CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability |
| ZDI-25-178 |
ZDI-CAN-24355 |
CarlinKit |
CVE-2025-2764 |
8.0 |
2025-03-25 |
2025-03-25 |
(0Day) CarlinKit CPC200-CCPA update.cgi Improper Verification of Cryptographic Signature Code Execution Vulnerability |
| ZDI-25-177 |
ZDI-CAN-24349 |
CarlinKit |
CVE-2025-2765 |
7.6 |
2025-03-25 |
2025-03-25 |
(0Day) CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authentication Bypass Vulnerability |
| ZDI-25-176 |
ZDI-CAN-25948 |
CarlinKit |
CVE-2025-2762 |
7.8 |
2025-03-25 |
2025-03-25 |
(0Day) CarlinKit CPC200-CCPA Missing Root of Trust Local Privilege Escalation Vulnerability |
| ZDI-25-175 |
ZDI-CAN-23709 |
Luxion |
CVE-2025-2532 |
7.8 |
2025-03-20 |
2025-03-20 |
(0Day) Luxion KeyShot USDC File Parsing Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-174 |
ZDI-CAN-23704 |
Luxion |
CVE-2025-2531 |
7.8 |
2025-03-20 |
2025-03-20 |
(0Day) Luxion KeyShot DAE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-173 |
ZDI-CAN-23698 |
Luxion |
CVE-2025-2530 |
7.8 |
2025-03-20 |
2025-03-20 |
(0Day) Luxion KeyShot DAE File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability |
| ZDI-25-172 |
ZDI-CAN-25319 |
Apple |
CVE-2025-24124 |
8.8 |
2025-03-18 |
2025-03-18 |
Apple macOS MOV File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-171 |
ZDI-CAN-25242 |
Apple |
CVE-2024-54500 |
3.3 |
2025-03-18 |
2025-03-18 |
Apple macOS ImageIO Pixel Conversion Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-170 |
ZDI-CAN-25546 |
Apple |
CVE-2024-54501 |
3.3 |
2025-03-18 |
2025-03-18 |
Apple macOS WindowServer Denial-of-Service Vulnerability |
| ZDI-25-169 |
ZDI-CAN-25201 |
Apple |
CVE-2024-54497 |
4.3 |
2025-03-18 |
2025-03-18 |
Apple macOS WindowServer Unchecked Input for Loop Condition Denial-of-Service Vulnerability |
| ZDI-25-168 |
ZDI-CAN-25370 |
Apple |
CVE-2025-24123 |
8.8 |
2025-03-18 |
2025-03-18 |
Apple macOS MOV File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-167 |
ZDI-CAN-25735 |
Apple |
CVE-2025-24139 |
3.3 |
2025-03-18 |
2025-03-18 |
Apple macOS ICC Profile Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-166 |
ZDI-CAN-25338 |
Apple |
CVE-2024-54486 |
3.3 |
2025-03-18 |
2025-03-18 |
Apple macOS libFontParser Glyph Mapping Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-165 |
ZDI-CAN-25661 |
Apple |
CVE-2024-54499 |
3.3 |
2025-03-18 |
2025-03-18 |
Apple macOS ImageIO JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-164 |
ZDI-CAN-25808 |
Apple |
CVE-2025-24149 |
3.3 |
2025-03-18 |
2025-03-18 |
Apple SceneKit Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-163 |
ZDI-CAN-26554 |
Autodesk |
CVE-2025-1652 |
7.8 |
2025-03-18 |
2025-03-18 |
Autodesk AutoCAD MODEL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-162 |
ZDI-CAN-25695 |
Autodesk |
CVE-2025-1427 |
7.8 |
2025-03-18 |
2025-03-18 |
Autodesk AutoCAD CATProduct File Parsing Uninitialized Variable Remote Code Execution Vulnerability |
| ZDI-25-161 |
ZDI-CAN-25767 |
Autodesk |
CVE-2025-1428 |
7.8 |
2025-03-18 |
2025-03-18 |
Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-160 |
ZDI-CAN-25784 |
Autodesk |
CVE-2025-1429 |
7.8 |
2025-03-18 |
2025-03-18 |
Autodesk AutoCAD MODEL File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-159 |
ZDI-CAN-25811 |
Autodesk |
CVE-2025-1649 |
7.8 |
2025-03-18 |
2025-03-18 |
Autodesk AutoCAD CATPRODUCT File Parsing Uninitialized Variable Remote Code Execution Vulnerability |
| ZDI-25-158 |
ZDI-CAN-25951 |
Autodesk |
CVE-2025-1650 |
7.8 |
2025-03-18 |
2025-03-18 |
Autodesk AutoCAD CATProduct File Parsing Uninitialized Variable Remote Code Execution Vulnerability |
| ZDI-25-157 |
ZDI-CAN-25952 |
Autodesk |
CVE-2025-1651 |
7.8 |
2025-03-18 |
2025-03-18 |
Autodesk AutoCAD MODEL File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-156 |
ZDI-CAN-25989 |
Autodesk |
CVE-2025-1430 |
7.8 |
2025-03-18 |
2025-03-18 |
Autodesk AutoCAD SLDPRT File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-155 |
ZDI-CAN-26521 |
Autodesk |
CVE-2025-1433 |
7.8 |
2025-03-18 |
2025-03-18 |
Autodesk AutoCAD MODEL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-154 |
ZDI-CAN-26135 |
Autodesk |
CVE-2025-1432 |
7.8 |
2025-03-18 |
2025-03-18 |
Autodesk AutoCAD 3DM File Parsing Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-153 |
ZDI-CAN-25997 |
Autodesk |
CVE-2025-1431 |
7.8 |
2025-03-18 |
2025-03-18 |
Autodesk AutoCAD SLDPRT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-152 |
ZDI-CAN-25481 |
Rockwell Automation |
CVE-2024-12130 |
7.8 |
2025-03-18 |
2025-03-18 |
Rockwell Automation Arena Simulation DOE File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-151 |
ZDI-CAN-25708 |
Progress Software |
CVE-2025-1758 |
9.8 |
2025-03-18 |
2025-03-18 |
Progress Software Kemp LoadMaster mangle Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-150 |
ZDI-CAN-26371 |
Microsoft |
CVE-2025-26633 |
7.0 |
2025-03-18 |
2025-03-18 |
Microsoft Windows MSC File Insufficient UI Warning Remote Code Execution Vulnerability |
| ZDI-25-149 |
ZDI-CAN-26251 |
Adobe |
CVE-2025-271561 |
7.8 |
2025-03-18 |
2025-03-18 |
Adobe Acrobat Reader DC AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-148 |
ZDI-CAN-25373 |
Microsoft |
|
7.0 |
2025-03-18 |
2025-03-18 |
(0Day) Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability |
| ZDI-25-147 |
ZDI-CAN-22833 |
NI |
CVE-2025-2450 |
7.8 |
2025-03-17 |
2025-03-17 |
(0Day) NI Vision Builder AI VBAI File Processing Missing Warning Remote Code Execution Vulnerability |
| ZDI-25-146 |
ZDI-CAN-21805 |
NI |
CVE-2025-2449 |
7.8 |
2025-03-17 |
2025-03-17 |
(0Day) NI FlexLogger usiReg URI File Parsing Directory Traversal Remote Code Execution Vulnerability |
| ZDI-25-145 |
ZDI-CAN-25794 |
NVIDIA |
CVE-2025-23242 |
7.3 |
2025-03-13 |
2025-03-13 |
NVIDIA Riva Triton Inference Server Missing Authentication Vulnerability |
| ZDI-25-144 |
ZDI-CAN-25682 |
NVIDIA |
CVE-2025-23243 |
6.5 |
2025-03-13 |
2025-03-13 |
NVIDIA Riva gRPC API Missing Authentication for Critical Function Authentication Bypass Vulnerability |
| ZDI-25-143 |
ZDI-CAN-25544 |
X.Org |
CVE-2025-26594 |
7.8 |
2025-03-13 |
2025-03-13 |
X.Org Server ChangeWindowAttributes Use-After-Free Privilege Escalation Vulnerability |
| ZDI-25-142 |
ZDI-CAN-25545 |
X.Org |
CVE-2025-26595 |
7.8 |
2025-03-13 |
2025-03-13 |
X.Org Server XkbVModMaskText Stack-based Buffer Overflow Privilege Escalation Vulnerability |
| ZDI-25-141 |
ZDI-CAN-25543 |
X.Org |
CVE-2025-26596 |
7.8 |
2025-03-13 |
2025-03-13 |
X.Org Server XkbSizeKeySyms Heap-based Buffer Overflow Privilege Escalation Vulnerability |
| ZDI-25-140 |
ZDI-CAN-25683 |
X.Org |
CVE-2025-26597 |
7.8 |
2025-03-13 |
2025-03-13 |
X.Org Server XkbChangeTypesOfKey Heap-based Buffer Overflow Privilege Escalation Vulnerability |
| ZDI-25-139 |
ZDI-CAN-25740 |
X.Org |
CVE-2025-26598 |
7.8 |
2025-03-13 |
2025-03-13 |
X.Org Server CreatePointerBarrierClient Out-Of-Bounds Write Local Privilege Escalation Vulnerability |
| ZDI-25-138 |
ZDI-CAN-25851 |
X.Org |
CVE-2025-26599 |
7.8 |
2025-03-13 |
2025-03-13 |
X.Org Server compRedirectWindow Type Confusion Local Privilege Escalation Vulnerability |
| ZDI-25-137 |
ZDI-CAN-25871 |
X.Org |
CVE-2025-26600 |
7.8 |
2025-03-13 |
2025-03-13 |
X.Org Server PlayReleasedEvents Use-After-Free Local Privilege Escalation Vulnerability |
| ZDI-25-136 |
ZDI-CAN-25870 |
X.Org |
CVE-2025-26601 |
7.8 |
2025-03-13 |
2025-03-13 |
X.Org Server SyncInitTrigger Use-After-Free Local Privilege Escalation Vulnerability |
| ZDI-25-135 |
ZDI-CAN-26232 |
Adobe |
CVE-2025-27162 |
7.8 |
2025-03-13 |
2025-03-13 |
Adobe Acrobat Reader DC AcroForm Use of Uninitialized Variable Remote Code Execution Vulnerability |
| ZDI-25-134 |
ZDI-CAN-25734 |
Adobe |
CVE-2025-24431 |
7.8 |
2025-03-13 |
2025-03-13 |
Adobe Acrobat Reader DC Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-133 |
ZDI-CAN-26231 |
Adobe |
CVE-2025-27174 |
7.8 |
2025-03-13 |
2025-03-13 |
Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-132 |
ZDI-CAN-26147 |
Adobe |
CVE-2025-27159 |
7.8 |
2025-03-13 |
2025-03-13 |
Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-131 |
ZDI-CAN-26169 |
Adobe |
CVE-2025-27160 |
7.8 |
2025-03-13 |
2025-03-13 |
Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-130 |
ZDI-CAN-25443 |
Siemens |
CVE-2025-25175 |
7.8 |
2025-03-13 |
2025-03-13 |
Siemens Simcenter Femap NEU File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-129 |
ZDI-CAN-25473 |
PDF-XChange |
CVE-2025-2231 |
7.8 |
2025-03-12 |
2025-03-12 |
PDF-XChange Editor RTF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-128 |
ZDI-CAN-21907 |
NI |
CVE-2024-12742 |
7.8 |
2025-03-11 |
2025-03-11 |
NI G Web Development GWEBPROJECT File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-127 |
ZDI-CAN-25615 |
Samsung |
CVE-2025-2233 |
8.8 |
2025-03-11 |
2025-04-16 |
(0Day) (Pwn2Own) Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability |
| ZDI-25-126 |
ZDI-CAN-25276 |
Ashlar-Vellum |
CVE-2025-2022 |
7.8 |
2025-03-10 |
2025-03-10 |
(0Day) Ashlar-Vellum Cobalt VS File Parsing Type Confusion Remote Code Execution Vulnerability |
| ZDI-25-125 |
ZDI-CAN-25264 |
Ashlar-Vellum |
CVE-2025-2021 |
7.8 |
2025-03-10 |
2025-03-10 |
(0Day) Ashlar-Vellum Cobalt XE File Parsing Integer Overflow Remote Code Execution Vulnerability |
| ZDI-25-124 |
ZDI-CAN-25254 |
Ashlar-Vellum |
CVE-2025-2020 |
7.8 |
2025-03-10 |
2025-03-10 |
(0Day) Ashlar-Vellum Cobalt VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-123 |
ZDI-CAN-25252 |
Ashlar-Vellum |
CVE-2025-2019 |
7.8 |
2025-03-10 |
2025-03-10 |
(0Day) Ashlar-Vellum Cobalt VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-122 |
ZDI-CAN-25348 |
Ashlar-Vellum |
CVE-2025-2023 |
7.8 |
2025-03-10 |
2025-03-10 |
(0Day) Ashlar-Vellum Cobalt LI File Parsing Integer Overflow Remote Code Execution Vulnerability |
| ZDI-25-121 |
ZDI-CAN-25240 |
Ashlar-Vellum |
CVE-2025-2017 |
7.8 |
2025-03-10 |
2025-03-10 |
(0Day) Ashlar-Vellum Cobalt CO File Parsing Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-120 |
ZDI-CAN-25186 |
Ashlar-Vellum |
CVE-2025-2013 |
7.8 |
2025-03-10 |
2025-03-10 |
(0Day) Ashlar-Vellum Cobalt CO File Parsing Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-119 |
ZDI-CAN-25185 |
Ashlar-Vellum |
CVE-2025-2012 |
7.8 |
2025-03-10 |
2025-03-10 |
(0Day) Ashlar-Vellum Cobalt VS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-118 |
ZDI-CAN-25245 |
Ashlar-Vellum |
CVE-2025-2018 |
7.8 |
2025-03-10 |
2025-03-10 |
(0Day) Ashlar-Vellum Cobalt VS File Parsing Type Confusion Remote Code Execution Vulnerability |
| ZDI-25-117 |
ZDI-CAN-25238 |
Ashlar-Vellum |
CVE-2025-2016 |
7.8 |
2025-03-10 |
2025-03-10 |
(0Day) Ashlar-Vellum Cobalt VC6 File Parsing Type Confusion Remote Code Execution Vulnerability |
| ZDI-25-116 |
ZDI-CAN-25236 |
Ashlar-Vellum |
CVE-2025-2015 |
7.8 |
2025-03-10 |
2025-03-10 |
(0Day) Ashlar-Vellum Cobalt VS File Parsing Type Confusion Remote Code Execution Vulnerability |
| ZDI-25-115 |
ZDI-CAN-25235 |
Ashlar-Vellum |
CVE-2025-2014 |
7.8 |
2025-03-10 |
2025-03-10 |
(0Day) Ashlar-Vellum Cobalt VS File Parsing Use of Uninitialized Variable Remote Code Execution Vulnerability |
| ZDI-25-114 |
ZDI-CAN-25312 |
Ivanti |
CVE-2024-13171 |
7.8 |
2025-03-10 |
2025-03-10 |
Ivanti Endpoint Manager Patch Unrestricted File Upload Remote Code Execution Vulnerability |
| ZDI-25-113 |
ZDI-CAN-25882 |
Autodesk |
CVE-2024-12198 |
7.8 |
2025-03-10 |
2025-03-10 |
Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-112 |
ZDI-CAN-25869 |
Autodesk |
CVE-2024-12193 |
7.8 |
2025-03-10 |
2025-03-10 |
Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-111 |
ZDI-CAN-25210 |
Trimble |
CVE-2025-2024 |
7.8 |
2025-03-06 |
2025-03-06 |
Trimble SketchUp SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability |
| ZDI-25-110 |
ZDI-CAN-25013 |
SEW-EURODRIVE |
|
7.8 |
2025-03-05 |
2025-03-05 |
SEW-EURODRIVE MOVITOOLS MotionStudio mticomp0 ICP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-109 |
ZDI-CAN-24001 |
Apache |
CVE-2024-56325 |
9.8 |
2025-03-03 |
2025-03-03 |
Apache Pinot Improper Neutralization of Special Elements Authentication Bypass Vulnerability |
| ZDI-25-108 |
ZDI-CAN-26611 |
HP |
CVE-2025-26507 |
7.8 |
2025-03-03 |
2025-03-03 |
(Pwn2Own) HP LaserJet Pro MFP 3301fdw suidexec Command Injection Local Privilege Escalation Vulnerability |
| ZDI-25-107 |
ZDI-CAN-25594 |
HP |
CVE-2025-26506 |
8.8 |
2025-03-03 |
2025-03-03 |
(Pwn2Own) HP LaserJet Pro MFP 3301fdw PostScript File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-106 |
ZDI-CAN-25533 |
HP |
CVE-2025-26508 |
8.8 |
2025-03-03 |
2025-03-03 |
(Pwn2Own) HP LaserJet Pro MFP 3301fdw PostScript File Parsing Type Confusion Remote Code Execution Vulnerability |
| ZDI-25-105 |
ZDI-CAN-21908 |
NI |
CVE-2024-12741 |
7.8 |
2025-03-03 |
2025-03-03 |
NI DAQExpress LVPROJECT File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-104 |
ZDI-CAN-25334 |
SolarWinds |
CVE-2024-52606 |
7.1 |
2025-03-03 |
2025-03-03 |
SolarWinds Platform TestWebsiteUrl Server-Side Request Forgery Information Disclosure Vulnerability |
| ZDI-25-103 |
ZDI-CAN-25031 |
Delta Electronics |
|
7.8 |
2025-03-03 |
2025-03-03 |
(0Day) Delta Electronics ISPSoft CBDGL File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-102 |
ZDI-CAN-25225 |
Delta Electronics |
|
7.8 |
2025-03-03 |
2025-03-03 |
(0Day) Delta Electronics ISPSoft DVP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-101 |
ZDI-CAN-25284 |
Delta Electronics |
|
7.8 |
2025-03-03 |
2025-03-03 |
(0Day) Delta Electronics ISPSoft DVP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-100 |
ZDI-CAN-25737 |
Linux |
|
9.0 |
2025-02-27 |
2025-02-27 |
Linux Kernel ksmbd Session Setup Race Condition Remote Code Execution Vulnerability |
| ZDI-25-099 |
ZDI-CAN-25350 |
PostHog |
CVE-2025-1520 |
7.1 |
2025-02-25 |
2025-02-25 |
PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability |
| ZDI-25-098 |
ZDI-CAN-25300 |
Delta Electronics |
CVE-2025-22880 |
7.8 |
2025-02-25 |
2025-02-25 |
Delta Electronics CNCSoft-G2 DPAX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-097 |
ZDI-CAN-25358 |
PostHog |
CVE-2025-1522 |
7.1 |
2025-02-25 |
2025-02-25 |
PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability |
| ZDI-25-096 |
ZDI-CAN-25352 |
PostHog |
CVE-2025-1521 |
7.1 |
2025-02-25 |
2025-02-25 |
PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability |
| ZDI-25-095 |
ZDI-CAN-25180 |
Fortinet |
CVE-2024-50569 |
6.6 |
2025-02-24 |
2025-02-24 |
Fortinet FortiWeb gui_upload_compress_act Command Injection Remote Code Execution Vulnerability |
| ZDI-25-094 |
ZDI-CAN-25182 |
Fortinet |
CVE-2024-50567 |
7.2 |
2025-02-24 |
2025-02-24 |
Fortinet FortiWeb cgi_grpc_idl_file_post Command Injection Remote Code Execution Vulnerability |
| ZDI-25-093 |
ZDI-CAN-26551 |
Apple |
CVE-2024-27834 |
5.0 |
2025-02-24 |
2025-02-24 |
(Pwn2Own) Apple Safari Pointer Authentication Code Bypass Vulnerability |
| ZDI-25-092 |
ZDI-CAN-23795 |
Apple |
CVE-2024-27833 |
5.4 |
2025-02-24 |
2025-02-24 |
(Pwn2Own) Apple Safari B3 JIT Compiler Integer Underflow Remote Code Execution Vulnerability |
| ZDI-25-091 |
ZDI-CAN-25761 |
Microsoft |
CVE-2025-21373 |
7.8 |
2025-02-24 |
2025-02-24 |
Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-090 |
ZDI-CAN-25393 |
Microsoft |
CVE-2025-21404 |
7.5 |
2025-02-24 |
2025-02-24 |
Microsoft Edge UI Misrepresentation Remote Code Execution Vulnerability |
| ZDI-25-089 |
ZDI-CAN-24785 |
mySCADA |
CVE-2025-20014 |
9.8 |
2025-02-19 |
2025-02-19 |
mySCADA myPRO Command Injection Remote Code Execution Vulnerability |
| ZDI-25-088 |
ZDI-CAN-24784 |
mySCADA |
CVE-2025-20061 |
9.8 |
2025-02-19 |
2025-02-19 |
mySCADA myPRO Command Injection Remote Code Execution Vulnerability |
| ZDI-25-087 |
ZDI-CAN-26525 |
NVIDIA |
CVE-2025-23359 |
9.0 |
2025-02-19 |
2025-02-19 |
NVIDIA Container Toolkit mount_files Time-Of-Check Time-Of-Use Race Condition Privilege Escalation Vulnerability |
| ZDI-25-086 |
ZDI-CAN-25368 |
PDF-XChange |
CVE-2025-0900 |
3.3 |
2025-02-11 |
2025-02-11 |
PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-085 |
ZDI-CAN-25336 |
Logsign |
CVE-2025-1044 |
9.8 |
2025-02-05 |
2025-02-05 |
Logsign Unified SecOps Platform Authentication Bypass Vulnerability |
| ZDI-25-084 |
ZDI-CAN-23382 |
Mintty |
CVE-2025-1052 |
8.8 |
2025-02-05 |
2025-02-05 |
Mintty Sixel Image Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-083 |
ZDI-CAN-24690 |
Microsoft |
|
7.5 |
2025-02-04 |
2025-02-04 |
Microsoft Edge ms-its: Scheme Remote Code Execution Vulnerability |
| ZDI-25-082 |
ZDI-CAN-25014 |
Parallels |
CVE-2025-0413 |
7.8 |
2025-02-04 |
2025-02-04 |
Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-081 |
ZDI-CAN-25816 |
TeamViewer |
CVE-2025-0065 |
7.8 |
2025-02-03 |
2025-02-03 |
TeamViewer Improper Neutralization of Argument Delimiters Local Privilege Escalation Vulnerability |
| ZDI-25-080 |
ZDI-CAN-22834 |
NI |
CVE-2024-12740 |
7.8 |
2025-02-03 |
2025-02-03 |
NI Vision Builder AI JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-079 |
ZDI-CAN-22611 |
NI |
CVE-2024-12740 |
7.8 |
2025-02-03 |
2025-02-03 |
NI Vision Development Module Vision Assistant JPG File Parsing Out-of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-078 |
ZDI-CAN-22884 |
NI |
CVE-2024-12740 |
7.8 |
2025-02-03 |
2025-02-03 |
NI Vision Builder AI JPG File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-077 |
ZDI-CAN-22663 |
NI |
CVE-2024-12740 |
7.8 |
2025-02-03 |
2025-02-03 |
NI Vision Development Module Vision Assistant JPG File Parsing Out-of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-076 |
ZDI-CAN-25094 |
NoMachine |
CVE-2024-9632 |
6.7 |
2025-02-03 |
2025-02-03 |
NoMachine Incorrect Permission Assignment Local Privilege Escalation Vulnerability |
| ZDI-25-075 |
ZDI-CAN-25622 |
Canon |
CVE-2024-12649 |
8.8 |
2025-01-31 |
2025-01-31 |
(Pwn2Own) Canon imageCLASS MF656Cdw TTF Parsing Write-What-Where Condition Remote Code Execution Vulnerability |
| ZDI-25-074 |
ZDI-CAN-25592 |
Canon |
CVE-2024-12648 |
8.8 |
2025-01-31 |
2025-01-31 |
(Pwn2Own) Canon imageCLASS MF656Cdw TIF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-073 |
ZDI-CAN-25490 |
Canon |
CVE-2024-12647 |
8.8 |
2025-01-31 |
2025-01-31 |
(Pwn2Own) Canon imageCLASS MF656Cdw listObjects2 Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-072 |
ZDI-CAN-25405 |
PDF-XChange |
CVE-2025-0902 |
3.3 |
2025-01-31 |
2025-01-31 |
PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-071 |
ZDI-CAN-25422 |
PDF-XChange |
CVE-2025-0904 |
3.3 |
2025-01-31 |
2025-01-31 |
PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-070 |
ZDI-CAN-25421 |
PDF-XChange |
CVE-2025-0903 |
7.8 |
2025-01-31 |
2025-01-31 |
PDF-XChange Editor RTF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-069 |
ZDI-CAN-25435 |
PDF-XChange |
CVE-2025-0907 |
3.3 |
2025-01-31 |
2025-01-31 |
PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-068 |
ZDI-CAN-25434 |
PDF-XChange |
CVE-2025-0906 |
3.3 |
2025-01-31 |
2025-01-31 |
PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-067 |
ZDI-CAN-25433 |
PDF-XChange |
CVE-2025-0905 |
3.3 |
2025-01-31 |
2025-01-31 |
PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-066 |
ZDI-CAN-25957 |
PDF-XChange |
CVE-2025-0911 |
3.3 |
2025-01-31 |
2025-01-31 |
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-065 |
ZDI-CAN-25748 |
PDF-XChange |
CVE-2025-0910 |
7.8 |
2025-01-31 |
2025-01-31 |
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-064 |
ZDI-CAN-25678 |
PDF-XChange |
CVE-2025-0909 |
3.3 |
2025-01-31 |
2025-01-31 |
PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-063 |
ZDI-CAN-25557 |
PDF-XChange |
CVE-2025-0908 |
3.3 |
2025-01-31 |
2025-02-05 |
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-062 |
ZDI-CAN-25372 |
PDF-XChange |
CVE-2025-0901 |
7.8 |
2025-01-31 |
2025-01-31 |
PDF-XChange Editor Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-061 |
ZDI-CAN-25349 |
PDF-XChange |
CVE-2025-0899 |
7.8 |
2025-01-31 |
2025-01-31 |
PDF-XChange Editor AcroForm Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-060 |
ZDI-CAN-25396 |
Google |
CVE-2024-9954 |
7.5 |
2025-01-30 |
2025-01-30 |
Google Chrome AI Manager Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-059 |
ZDI-CAN-25000 |
Siemens |
CVE-2024-53041 |
7.8 |
2025-01-22 |
2025-01-22 |
Siemens Tecnomatix Plant Simulation WRL File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-25-058 |
ZDI-CAN-25206 |
Siemens |
CVE-2024-53242 |
7.8 |
2025-01-22 |
2025-01-22 |
Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-25-057 |
ZDI-CAN-25205 |
Siemens |
CVE-2024-45471 |
7.8 |
2025-01-22 |
2025-01-22 |
Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-056 |
ZDI-CAN-25202 |
Siemens |
CVE-2024-45469 |
7.8 |
2025-01-22 |
2025-01-22 |
Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-055 |
ZDI-CAN-25318 |
Sante |
CVE-2025-0574 |
8.2 |
2025-01-20 |
2025-01-20 |
Sante PACS Server URL path Memory Corruption Denial-of-Service Vulnerability |
| ZDI-25-054 |
ZDI-CAN-25308 |
Sante |
CVE-2025-0572 |
4.3 |
2025-01-20 |
2025-01-20 |
Sante PACS Server Web Portal DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability |
| ZDI-25-053 |
ZDI-CAN-25309 |
Sante |
CVE-2025-0573 |
5.3 |
2025-01-20 |
2025-01-20 |
Sante PACS Server DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability |
| ZDI-25-052 |
ZDI-CAN-25303 |
Sante |
CVE-2025-0569 |
7.5 |
2025-01-20 |
2025-01-20 |
Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability |
| ZDI-25-051 |
ZDI-CAN-25305 |
Sante |
CVE-2025-0571 |
6.5 |
2025-01-20 |
2025-01-20 |
Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability |
| ZDI-25-050 |
ZDI-CAN-25304 |
Sante |
CVE-2025-0570 |
6.5 |
2025-01-20 |
2025-01-20 |
Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability |
| ZDI-25-049 |
ZDI-CAN-25302 |
Sante |
CVE-2025-0568 |
7.5 |
2025-01-20 |
2025-01-20 |
Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability |
| ZDI-25-048 |
ZDI-CAN-24012 |
Apple |
CVE-2024-27856 |
8.8 |
2025-01-20 |
2025-03-06 |
Apple WebKit WebCore ContainerNode Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-047 |
ZDI-CAN-24986 |
WinZip Computing |
CVE-2025-1240 |
7.8 |
2025-02-11 |
2025-05-02 |
WinZip 7Z File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-25-046 |
ZDI-CAN-25333 |
Adobe |
CVE-2025-21127 |
7.3 |
2025-01-20 |
2025-01-20 |
Adobe Photoshop node_modules Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
| ZDI-25-045 |
ZDI-CAN-25456 |
7-Zip |
CVE-2025-0411 |
7.0 |
2025-01-19 |
2025-01-19 |
7-Zip Mark-of-the-Web Bypass Vulnerability |
| ZDI-25-044 |
ZDI-CAN-25713 |
Ivanti |
CVE-2024-13179 |
7.3 |
2025-01-19 |
2025-01-19 |
Ivanti Avalanche SecureFilter Authentication Bypass Vulnerability |
| ZDI-25-043 |
ZDI-CAN-25712 |
Ivanti |
CVE-2024-13180 |
7.5 |
2025-01-19 |
2025-01-19 |
Ivanti Avalanche Faces ResourceManager Information Disclosure Vulnerability |
| ZDI-25-042 |
ZDI-CAN-25711 |
Ivanti |
CVE-2024-13181 |
7.3 |
2025-01-19 |
2025-01-19 |
Ivanti Avalanche SecureFilter allowPassThrough Authentication Bypass Vulnerability |
| ZDI-25-041 |
ZDI-CAN-25929 |
Ivanti |
CVE-2024-13162 |
7.2 |
2025-01-19 |
2025-01-19 |
Ivanti Endpoint Manager updateAssetInfo SQL Injection Remote Code Execution Vulnerability |
| ZDI-25-040 |
ZDI-CAN-25432 |
Ivanti |
CVE-2024-13163 |
7.8 |
2025-01-19 |
2025-01-19 |
Ivanti Endpoint Manager DecodeBase64Object Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-25-039 |
ZDI-CAN-25431 |
Ivanti |
CVE-2024-13164 |
6.2 |
2025-01-19 |
2025-01-19 |
Ivanti Endpoint Manager AlertService Uninitialized Memory Information Disclosure Vulnerability |
| ZDI-25-038 |
ZDI-CAN-25420 |
Ivanti |
CVE-2024-13165 |
7.5 |
2025-01-19 |
2025-01-19 |
Ivanti Endpoint Manager Improper Input Validation AlertService Denial-of-Service Vulnerability |
| ZDI-25-037 |
ZDI-CAN-25419 |
Ivanti |
CVE-2024-13166 |
7.5 |
2025-01-19 |
2025-01-19 |
Ivanti Endpoint Manager AlertService Improper Input Validation Denial-of-Service Vulnerability |
| ZDI-25-036 |
ZDI-CAN-25418 |
Ivanti |
CVE-2024-13167 |
7.5 |
2025-01-19 |
2025-01-19 |
Ivanti Endpoint Manager AlertService Improper Input Validation Denial-of-Service Vulnerability |
| ZDI-25-035 |
ZDI-CAN-25417 |
Ivanti |
CVE-2024-13168 |
7.5 |
2025-01-19 |
2025-01-19 |
Ivanti Endpoint Manager AlertService Improper Input Validation Denial-of-Service Vulnerability |
| ZDI-25-034 |
ZDI-CAN-25416 |
Ivanti |
CVE-2024-13169 |
5.5 |
2025-01-19 |
2025-01-19 |
Ivanti Endpoint Manager AlertService Type Confusion Information Disclosure Vulnerability |
| ZDI-25-033 |
ZDI-CAN-25415 |
Ivanti |
CVE-2024-13170 |
7.5 |
2025-01-19 |
2025-01-19 |
Ivanti Endpoint Manager AlertService Improper Input Validation Denial-of-Service Vulnerability |
| ZDI-25-032 |
ZDI-CAN-25249 |
Ivanti |
CVE-2024-13172 |
7.8 |
2025-01-19 |
2025-01-19 |
Ivanti Endpoint Manager HIIDriver Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability |
| ZDI-25-031 |
ZDI-CAN-25209 |
Ivanti |
CVE-2024-13158 |
7.2 |
2025-01-19 |
2025-01-19 |
Ivanti Endpoint Manager MyResolveEventHandler Untrusted Search Path Remote Code Execution Vulnerability |
| ZDI-25-030 |
ZDI-CAN-25187 |
Microsoft |
CVE-2025-21363 |
7.8 |
2025-01-15 |
2025-01-15 |
Microsoft Office Word DOCX File Parsing Uninitialized Pointer Remote Code Execution Vulnerability |
| ZDI-25-029 |
ZDI-CAN-25332 |
Microsoft |
CVE-2025-21331 |
7.8 |
2025-01-15 |
2025-01-15 |
Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-028 |
ZDI-CAN-25188 |
Microsoft |
CVE-2025-21298 |
7.8 |
2025-01-15 |
2025-01-15 |
Microsoft Office Word RTF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-25-027 |
ZDI-CAN-23793 |
Google |
CVE-2024-2886 |
5.4 |
2025-01-12 |
2025-01-12 |
(Pwn2Own) Google Chrome VideoFrame Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-026 |
ZDI-CAN-24744 |
Mintty |
CVE-2024-45301 |
5.3 |
2025-01-10 |
2025-01-10 |
Mintty Path Conversion Improper Input Validation Information Disclosure Vulnerability |
| ZDI-25-025 |
ZDI-CAN-22247 |
Avira |
CVE-2024-9525 |
7.8 |
2025-01-09 |
2025-01-09 |
Avira Prime System Speedup Service Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-024 |
ZDI-CAN-22246 |
Avira |
CVE-2024-9524 |
7.8 |
2025-01-09 |
2025-01-09 |
Avira Prime System Speedup Service Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-023 |
ZDI-CAN-22245 |
Avira |
CVE-2024-9523 |
7.8 |
2025-01-09 |
2025-01-09 |
Avira Prime System Speedup Service Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-022 |
ZDI-CAN-25404 |
Apple |
|
3.3 |
2025-01-09 |
2025-01-09 |
Apple macOS libFontValidation Font Glyph YCoordinate Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-021 |
ZDI-CAN-25364 |
Apple |
|
3.3 |
2025-01-09 |
2025-01-09 |
Apple macOS libFontValidation Font Glyph Flags Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-020 |
ZDI-CAN-25366 |
Apple |
|
3.3 |
2025-01-09 |
2025-01-09 |
Apple macOS libFontValidation post Table Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-019 |
ZDI-CAN-25339 |
Apple |
|
3.3 |
2025-01-09 |
2025-01-09 |
Apple macOS libFontValidation loca Table Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-018 |
ZDI-CAN-25341 |
Apple |
|
3.3 |
2025-01-09 |
2025-01-09 |
Apple macOS libFontValidation Font Header Name Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-017 |
ZDI-CAN-25340 |
Apple |
|
3.3 |
2025-01-09 |
2025-01-09 |
Apple macOS libFontValidation kern Table Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-016 |
ZDI-CAN-25263 |
Apple |
CVE-2024-44240, CVE-2024-44302 |
3.3 |
2025-01-09 |
2025-01-09 |
Apple macOS CoreText Font Ligature Caret List Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-015 |
ZDI-CAN-25213 |
Apple |
CVE-2024-44240, CVE-2024-44302 |
3.3 |
2025-01-09 |
2025-01-09 |
Apple macOS CoreText Font Ligature Caret List Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-25-014 |
ZDI-CAN-24821 |
SonicWALL |
CVE-2024-53706 |
7.8 |
2025-01-09 |
2025-01-09 |
SonicWALL NSv setSshdConfig Exposed Dangerous Function Local Privilege Escalation Vulnerability |
| ZDI-25-013 |
ZDI-CAN-24820 |
SonicWALL |
CVE-2024-53705 |
8.1 |
2025-01-09 |
2025-01-09 |
SonicWALL NSv SSH Management Server-Side Request Forgery Vulnerability |
| ZDI-25-012 |
ZDI-CAN-24819 |
SonicWALL |
CVE-2024-53704 |
9.8 |
2025-01-09 |
2025-01-09 |
SonicWALL NSv Authentication Bypass Vulnerability |
| ZDI-25-011 |
ZDI-CAN-24818 |
SonicWALL |
CVE-2024-40762 |
8.8 |
2025-01-09 |
2025-01-09 |
SonicWALL NSv Cryptographically Weak PRNG Authentication Bypass Vulnerability |
| ZDI-25-010 |
ZDI-CAN-24487 |
Redis |
CVE-2024-46981 |
7.2 |
2025-01-09 |
2025-01-09 |
Redis Stack Lua Use-After-Free Remote Code Execution Vulnerability |
| ZDI-25-009 |
ZDI-CAN-24143 |
Redis |
CVE-2024-55656 |
8.8 |
2025-01-09 |
2025-01-09 |
Redis Stack RedisBloom Integer Overflow Remote Code Execution Vulnerability |
| ZDI-25-008 |
ZDI-CAN-24932 |
Trend Micro |
CVE-2024-55955 |
6.7 |
2025-01-08 |
2025-01-08 |
Trend Micro Deep Security Agent Incorrect Permissions Local Privilege Escalation Vulnerability |
| ZDI-25-007 |
ZDI-CAN-23401 |
Trend Micro |
CVE-2024-52047 |
7.5 |
2025-01-08 |
2025-01-08 |
Trend Micro Apex One widget getWidgetPoolManager Local File Inclusion Remote Code Execution Vulnerability |
| ZDI-25-006 |
ZDI-CAN-24674 |
Trend Micro |
CVE-2024-52049 |
7.8 |
2025-01-08 |
2025-01-08 |
Trend Micro Apex One LogServer Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-005 |
ZDI-CAN-24675 |
Trend Micro |
CVE-2024-52048 |
7.8 |
2025-01-08 |
2025-01-08 |
Trend Micro Apex One LogServer Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-004 |
ZDI-CAN-24566 |
Trend Micro |
CVE-2024-55917 |
7.8 |
2025-01-08 |
2025-01-08 |
Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability |
| ZDI-25-003 |
ZDI-CAN-24557 |
Trend Micro |
CVE-2024-55632 |
7.8 |
2025-01-08 |
2025-01-08 |
Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-002 |
ZDI-CAN-24609 |
Trend Micro |
CVE-2024-52050 |
7.8 |
2025-01-08 |
2025-01-08 |
Trend Micro Apex One LogServer Link Following Local Privilege Escalation Vulnerability |
| ZDI-25-001 |
ZDI-CAN-23995 |
Trend Micro |
CVE-2024-55631 |
7.8 |
2025-01-08 |
2025-01-08 |
Trend Micro Apex One Damage Cleanup Engine Link Following Local Privilege Escalation Vulnerability |
