jell.ie CVEs

Read at: 2025-05-09T08:00:27+00:00

CVE-2025-4466 - iSourcecode Gym Management System SQL Injection Vulnerability

CVE ID : CVE-2025-4466
Published : May 9, 2025, 6:15 a.m. | 52 minutes ago
Description : A vulnerability was found in itsourcecode Gym Management System 1.0. It has been classified as critical. This affects an unknown part of the file /ajax.php?action=save_payment. The manipulation of the argument registration_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 May 2025 | 6:15 am UTC

CVE-2025-4464 - iSourcecode Gym Management System SQL Injection Vulnerability

CVE ID : CVE-2025-4464
Published : May 9, 2025, 6:15 a.m. | 52 minutes ago
Description : A vulnerability has been found in itsourcecode Gym Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=save_plan. The manipulation of the argument plan leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 May 2025 | 6:15 am UTC

CVE-2025-4377 - Sparx Systems Pro Cloud Server Path Traversal

CVE ID : CVE-2025-4377
Published : May 9, 2025, 6:15 a.m. | 52 minutes ago
Description : Improper Limitation of a Pathname caused a Path Traversal vulnerability in Sparx Systems Pro Cloud Server. This vulnerability is present in logview.php and it allows reading arbitrary files on the filesystem.  Logview is accessible on Pro Cloud Server Configuration interface. This issue affects Pro Cloud Server: earlier than 6.0.165.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 May 2025 | 6:15 am UTC

CVE-2025-4465 - iSourcecode Gym Management System SQL Injection Vulnerability

CVE ID : CVE-2025-4465
Published : May 9, 2025, 6:15 a.m. | 52 minutes ago
Description : A vulnerability was found in itsourcecode Gym Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /ajax.php?action=save_schedule. The manipulation of the argument member_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 May 2025 | 6:15 am UTC

CVE-2025-4376 - Sparx Systems Pro Cloud Server Cross-Site Scripting (XSS)

CVE ID : CVE-2025-4376
Published : May 9, 2025, 6:15 a.m. | 52 minutes ago
Description : Improper Input Validation vulnerability in Sparx Systems Pro Cloud Server's WebEA model search field allows Cross-Site Scripting (XSS). This issue affects Pro Cloud Server: earlier than 6.0.165.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 May 2025 | 6:15 am UTC

CVE-2025-4375 - Sparx Systems Pro Cloud Server CSRF Session Hijacking

CVE ID : CVE-2025-4375
Published : May 9, 2025, 6:15 a.m. | 52 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Sparx Systems Pro Cloud Server allows Cross-Site Request Forgery to perform Session Hijacking. Cross-Site Request Forgery is present at the whole application but it can be used to change the Pro Cloud Server Configuration password. This issue affects Pro Cloud Server: earlier than 6.0.165.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 May 2025 | 6:15 am UTC

CVE-2025-3463 - "ASUS DriverHub HTTP Request Validation Vulnerability"

CVE ID : CVE-2025-3463
Published : May 9, 2025, 6:15 a.m. | 52 minutes ago
Description : "This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests. Refer to the 'Security Update for ASUS DriverHub' section on the ASUS Security Advisory for more information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 May 2025 | 6:15 am UTC

CVE-2025-3462 - ASUS DriverHub HTTP Request Validation Bypass

CVE ID : CVE-2025-3462
Published : May 9, 2025, 6:15 a.m. | 52 minutes ago
Description : "This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation in ASUS DriverHub may allow unauthorized sources to interact with the software's features via crafted HTTP requests. Refer to the 'Security Update for ASUS DriverHub' section on the ASUS Security Advisory for more information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 May 2025 | 6:15 am UTC

CVE-2025-4463 - iSourcecode Gym Management System SQL Injection Vulnerability

CVE ID : CVE-2025-4463
Published : May 9, 2025, 5:15 a.m. | 1 hour, 51 minutes ago
Description : A vulnerability, which was classified as critical, was found in itsourcecode Gym Management System 1.0. Affected is an unknown function of the file /ajax.php?action=save_package. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 May 2025 | 5:15 am UTC

CVE-2025-4462 - TOTOLINK N150RT Buffer Overflow Vulnerability

CVE ID : CVE-2025-4462
Published : May 9, 2025, 5:15 a.m. | 1 hour, 51 minutes ago
Description : A vulnerability, which was classified as critical, has been found in TOTOLINK N150RT 3.4.0-B20190525. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument localPin leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 May 2025 | 5:15 am UTC

CVE-2025-4461 - TOTOLINK N150RT Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-4461
Published : May 9, 2025, 5:15 a.m. | 1 hour, 51 minutes ago
Description : A vulnerability classified as problematic was found in TOTOLINK N150RT 3.4.0-B20190525. This vulnerability affects unknown code of the component Virtual Server Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 May 2025 | 5:15 am UTC

CVE-2025-47736 - SQLite3 Parser Invalid UTF-8 Input Crash

CVE ID : CVE-2025-47736
Published : May 9, 2025, 5:15 a.m. | 1 hour, 51 minutes ago
Description : dialect/mod.rs in the libsql-sqlite3-parser crate through 0.13.0 before 14f422a for Rust can crash if the input is not valid UTF-8.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 May 2025 | 5:15 am UTC

CVE-2025-47735 - Wgp Rust Lack of Drop Slow Thread Synchronization

CVE ID : CVE-2025-47735
Published : May 9, 2025, 5:15 a.m. | 1 hour, 51 minutes ago
Description : inner::drop in inner.rs in the wgp crate through 0.2.0 for Rust lacks drop_slow thread synchronization.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 May 2025 | 5:15 am UTC

CVE-2025-47737 - Trailer lib.rs Zero-Sized Allocation Mishandle

CVE ID : CVE-2025-47737
Published : May 9, 2025, 5:15 a.m. | 1 hour, 51 minutes ago
Description : lib.rs in the trailer crate through 0.1.2 for Rust mishandles allocating with a size of zero.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 May 2025 | 5:15 am UTC

CVE-2025-4460 - TOTOLINK N150RT Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-4460
Published : May 9, 2025, 4:16 a.m. | 2 hours, 51 minutes ago
Description : A vulnerability classified as problematic has been found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the component URL Filtering Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 May 2025 | 4:16 am UTC

CVE-2025-4458 - Code-projects Patient Record Management System SQL Injection Vulnerability

CVE ID : CVE-2025-4458
Published : May 9, 2025, 4:16 a.m. | 2 hours, 51 minutes ago
Description : A vulnerability was found in code-projects Patient Record Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /edit_upatient.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 May 2025 | 4:16 am UTC

CVE-2025-4459 - Code-projects Patient Record Management System SQL Injection Vulnerability

CVE ID : CVE-2025-4459
Published : May 9, 2025, 4:16 a.m. | 2 hours, 51 minutes ago
Description : A vulnerability was found in code-projects Patient Record Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file fecalysis_form.php. The manipulation of the argument itr_no leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 May 2025 | 4:16 am UTC

CVE-2025-4457 - "Project Worlds Car Rental Project SQL Injection Vulnerability"

CVE ID : CVE-2025-4457
Published : May 9, 2025, 4:16 a.m. | 2 hours, 51 minutes ago
Description : A vulnerability classified as critical was found in Project Worlds Car Rental Project 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/approve.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 May 2025 | 4:16 am UTC

CVE-2025-4456 - Project Worlds Car Rental Project SQL Injection Vulnerability

CVE ID : CVE-2025-4456
Published : May 9, 2025, 4:16 a.m. | 2 hours, 51 minutes ago
Description : A vulnerability classified as critical has been found in Project Worlds Car Rental Project 1.0. Affected is an unknown function of the file /signup.php. The manipulation of the argument fname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 May 2025 | 4:16 am UTC

CVE-2025-3714 - "LCD KVM over IP Switch CL5708IM Stack-based Buffer Overflow Vulnerability"

CVE ID : CVE-2025-3714
Published : May 9, 2025, 4:16 a.m. | 2 hours, 51 minutes ago
Description : The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 May 2025 | 4:16 am UTC

CVE-2025-3713 - "LCD KVM over IP Switch CL5708IM Heap-based Buffer Overflow Denial-of-Service Vulnerability"

CVE ID : CVE-2025-3713
Published : May 9, 2025, 4:16 a.m. | 2 hours, 51 minutes ago
Description : The LCD KVM over IP Switch CL5708IM has a Heap-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to perform a denial-of-service attack.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 May 2025 | 4:16 am UTC

CVE-2025-3712 - "LCD KVM over IP Switch CL5708IM Heap-based Buffer Overflow Denial-of-Service Vulnerability"

CVE ID : CVE-2025-3712
Published : May 9, 2025, 4:16 a.m. | 2 hours, 51 minutes ago
Description : The LCD KVM over IP Switch CL5708IM has a Heap-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to perform a denial-of-service attack.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 May 2025 | 4:16 am UTC

CVE-2025-3711 - "LCD KVM over IP Switch CL5708IM Stack-based Buffer Overflow Vulnerability"

CVE ID : CVE-2025-3711
Published : May 9, 2025, 4:16 a.m. | 2 hours, 51 minutes ago
Description : The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 May 2025 | 4:16 am UTC

CVE-2025-3710 - "KVM Over IP Switch CL5708IM Stack-based Buffer Overflow Vulnerability"

CVE ID : CVE-2025-3710
Published : May 9, 2025, 4:16 a.m. | 2 hours, 51 minutes ago
Description : The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 May 2025 | 4:16 am UTC

CVE-2025-4455 - Patch My PC Home Updater DLL Search Path Manipulation Vulnerability

CVE ID : CVE-2025-4455
Published : May 9, 2025, 3:15 a.m. | 3 hours, 52 minutes ago
Description : A vulnerability was found in Patch My PC Home Updater up to 5.1.3.0. It has been rated as critical. This issue affects some unknown processing in the library advapi32.dll/BCrypt.dll/comctl32.dll/crypt32.dll/dwmapi.dll/gdi32.dll/gdiplus.dll/imm32.dll/iphlpapi.dll/kernel32.dll/mscms.dll/msctf.dll/ntdll.dll/ole32.dll/oleaut32.dll/PresentationNative_cor3.dll/secur32.dll/shcore.dll/shell32.dll/sspicli.dll/System.IO. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 May 2025 | 3:15 am UTC

ZDI-CAN-27117: Dassault Systèmes

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-05-08, 1 days ago. The vendor is given until 2025-09-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 8 May 2025 | 5:00 am UTC

ZDI-CAN-27123: VMware

A CVSS score 6.5 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N severity vulnerability discovered by 'Gwangun Jung at THEORI' was reported to the affected vendor on: 2025-05-08, 1 days ago. The vendor is given until 2025-09-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 8 May 2025 | 5:00 am UTC

ZDI-CAN-27152: Autodesk

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mat Powell of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-05-08, 1 days ago. The vendor is given until 2025-09-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 8 May 2025 | 5:00 am UTC

ZDI-CAN-26827: Delta Electronics

A CVSS score 10.0 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-05-08, 1 days ago. The vendor is given until 2025-09-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 8 May 2025 | 5:00 am UTC

ZDI-CAN-27083: Autodesk

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-05-08, 1 days ago. The vendor is given until 2025-09-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 8 May 2025 | 5:00 am UTC

ZDI-CAN-27084: Autodesk

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-05-08, 1 days ago. The vendor is given until 2025-09-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 8 May 2025 | 5:00 am UTC

ZDI-CAN-27085: Autodesk

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-05-08, 1 days ago. The vendor is given until 2025-09-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 8 May 2025 | 5:00 am UTC

ZDI-CAN-26798: XWiki.org

A CVSS score 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'NgockhanhC311' was reported to the affected vendor on: 2025-05-08, 1 days ago. The vendor is given until 2025-09-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 8 May 2025 | 5:00 am UTC

ZDI-CAN-26480: Cisco

A CVSS score 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Kentaro Kawane of GMO Cybersecurity by Ierae' was reported to the affected vendor on: 2025-05-06, 3 days ago. The vendor is given until 2025-09-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 6 May 2025 | 5:00 am UTC

ZDI-CAN-26479: Cisco

A CVSS score 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Kentaro Kawane of GMO Cybersecurity by Ierae' was reported to the affected vendor on: 2025-05-06, 3 days ago. The vendor is given until 2025-09-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 6 May 2025 | 5:00 am UTC

ZDI-CAN-26851: Lorex

A CVSS score 7.5 AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'PHP Hooligans / Midnight Blue' was reported to the affected vendor on: 2025-05-06, 3 days ago. The vendor is given until 2025-09-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 6 May 2025 | 5:00 am UTC

ZDI-CAN-26482: Cisco

A CVSS score 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Kentaro Kawane of GMO Cybersecurity by Ierae' was reported to the affected vendor on: 2025-05-06, 3 days ago. The vendor is given until 2025-09-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 6 May 2025 | 5:00 am UTC

ZDI-CAN-26481: Cisco

A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Kentaro Kawane of GMO Cybersecurity by Ierae' was reported to the affected vendor on: 2025-05-06, 3 days ago. The vendor is given until 2025-09-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 6 May 2025 | 5:00 am UTC

ZDI-CAN-26483: Cisco

A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Kentaro Kawane of GMO Cybersecurity by Ierae' was reported to the affected vendor on: 2025-05-06, 3 days ago. The vendor is given until 2025-09-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 6 May 2025 | 5:00 am UTC

ZDI-CAN-27055: Rockwell Automation

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Rocco Calvi (@TecR0c) with TecSecurity' was reported to the affected vendor on: 2025-05-02, 7 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 2 May 2025 | 5:00 am UTC

ZDI-25-284: MATE Desktop Atril Document Viewer EPUB File Parsing Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of MATE Desktop Atril Document Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8.

Source: ZDI: Published Advisories | 2 May 2025 | 5:00 am UTC

ZDI-CAN-27098: Autodesk

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mat Powell of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-05-02, 7 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 2 May 2025 | 5:00 am UTC

ZDI-CAN-26771: Trend Micro

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Lays (@_L4ys) of TRAPA Security' was reported to the affected vendor on: 2025-05-02, 7 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 2 May 2025 | 5:00 am UTC

ZDI-25-283: MATE Desktop Atril Document Viewer CBT File Parsing Argument Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of MATE Desktop Atril Document Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8.

Source: ZDI: Published Advisories | 2 May 2025 | 5:00 am UTC

ZDI-CAN-27106: Apple

A CVSS score 3.3 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by 'Michael DePlante (@izobashi) of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-05-02, 7 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 2 May 2025 | 5:00 am UTC

ZDI-CAN-27105: Apple

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Michael DePlante (@izobashi) of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-05-02, 7 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 2 May 2025 | 5:00 am UTC

ZDI-CAN-27121: Cisco

A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Bobby Gould (@bobbygould5) of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-05-02, 7 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 2 May 2025 | 5:00 am UTC

ZDI-CAN-26280: SolarWinds

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'ccc' was reported to the affected vendor on: 2025-05-02, 7 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 2 May 2025 | 5:00 am UTC

ZDI-CAN-27107: Apple

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Michael DePlante (@izobashi) of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-05-02, 7 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 2 May 2025 | 5:00 am UTC

ZDI-CAN-26743: 7-Zip

A CVSS score 7.0 AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Ryota Shiga (GMO Flatt Security Inc.) with takumi-san.ai' was reported to the affected vendor on: 2025-05-02, 7 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 2 May 2025 | 5:00 am UTC

ZDI-CAN-26753: 7-Zip

A CVSS score 7.0 AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Ryota Shiga (GMO Flatt Security Inc.) with takumi-san.ai' was reported to the affected vendor on: 2025-05-02, 7 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 2 May 2025 | 5:00 am UTC

ZDI-CAN-26776: Microsoft

A CVSS score 8.6 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-05-02, 7 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 2 May 2025 | 5:00 am UTC

ZDI-25-271: Cisco IOS XE SNMP OID Handling Out-Of-Bounds Read Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2025-20172.

Source: ZDI: Published Advisories | 1 May 2025 | 5:00 am UTC

ZDI-25-274: Cisco IOS XE SNMP OID Handling Out-Of-Bounds Read Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2025-20172.

Source: ZDI: Published Advisories | 1 May 2025 | 5:00 am UTC

ZDI-25-280: Cisco IOS XE SNMP GET-NEXT ciscoFlashChipCode Unexpected Sign Extension Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2025-20170.

Source: ZDI: Published Advisories | 1 May 2025 | 5:00 am UTC

ZDI-25-279: Cisco IOS XE SNMP GET-NEXT cContextMappingBridgeDomainIdentifier Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-20173.

Source: ZDI: Published Advisories | 1 May 2025 | 5:00 am UTC

ZDI-25-278: Cisco IOS XE SNMP GET-NEXT ctspIpSgtValue Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-20176.

Source: ZDI: Published Advisories | 1 May 2025 | 5:00 am UTC

ZDI-25-277: Cisco IOS XE SNMP SET cewEventTime Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-20175.

Source: ZDI: Published Advisories | 1 May 2025 | 5:00 am UTC

ZDI-25-276: Cisco IOS XE SNMP GET-NEXT cilmCurrentImageLevel Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2025-20174.

Source: ZDI: Published Advisories | 1 May 2025 | 5:00 am UTC

ZDI-25-275: Cisco IOS XE SNMP GET-NEXT callHomeUserDefCmdName Unexpected Sign Extension Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2025-20171.

Source: ZDI: Published Advisories | 1 May 2025 | 5:00 am UTC

ZDI-25-272: Cisco IOS XE SNMP OID Handling Out-Of-Bounds Read Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2025-20172.

Source: ZDI: Published Advisories | 1 May 2025 | 5:00 am UTC

ZDI-25-269: (Pwn2Own) Synology BeeStation BST150-4T Unnecessary Privileges Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology BeeStation BST150-4T devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.3. The following CVEs are assigned: CVE-2024-10445.

Source: ZDI: Published Advisories | 1 May 2025 | 5:00 am UTC

ZDI-25-273: Cisco IOS XE SNMP OID Handling Out-Of-Bounds Read Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2025-20172.

Source: ZDI: Published Advisories | 1 May 2025 | 5:00 am UTC

ZDI-25-282: Webmin CRLF Injection Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Webmin. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-2774.

Source: ZDI: Published Advisories | 1 May 2025 | 5:00 am UTC

ZDI-25-270: Cisco IOS XE SNMP GET-NEXT ciscoFlashFileSize Unexpected Sign Extension Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2025-20169.

Source: ZDI: Published Advisories | 1 May 2025 | 5:00 am UTC

ZDI-25-281: Cisco IOS XE SNMP SET cewProxyClass Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-20175.

Source: ZDI: Published Advisories | 1 May 2025 | 5:00 am UTC

ZDI-25-263: (Pwn2Own) Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerability

This vulnerability allows local attackers to escape the sandbox on affected Tesla Model S vehicles. An attacker must first obtain the ability to execute code within the sandbox on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.0. The following CVEs are assigned: CVE-2024-6030.

Source: ZDI: Published Advisories | 30 Apr 2025 | 5:00 am UTC

ZDI-25-260: (Pwn2Own) Tesla Model S Iris Modem Race Condition Firewall Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass the firewall on the Iris modem in affected Tesla Model S vehicles. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.0. The following CVEs are assigned: CVE-2024-6029.

Source: ZDI: Published Advisories | 30 Apr 2025 | 5:00 am UTC

ZDI-25-264: (Pwn2Own) Tesla Model S Iris Modem ql_atfwd Command Injection Code Execution Vulnerability

This vulnerability allows local attackers to execute arbitrary code on affected Tesla Model S vehicles. An attacker must first obtain the ability to execute code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-6032.

Source: ZDI: Published Advisories | 30 Apr 2025 | 5:00 am UTC

ZDI-25-262: (Pwn2Own) Tesla Model S Iris Modem QCMAP_ConnectionManager Improper Input Validation Sandbox Escape Vulnerability

This vulnerability allows local attackers to escape the sandbox on affected affected Tesla Model S vehicles. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-13943.

Source: ZDI: Published Advisories | 30 Apr 2025 | 5:00 am UTC

ZDI-25-257: (Pwn2Own) Oracle VirtualBox OHCI USB Controller Race Condition Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.2. The following CVEs are assigned: CVE-2024-21113.

Source: ZDI: Published Advisories | 30 Apr 2025 | 5:00 am UTC

ZDI-25-265: (Pwn2Own) Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2025-2082.

Source: ZDI: Published Advisories | 30 Apr 2025 | 5:00 am UTC

ZDI-25-268: GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of GStreamer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.0. The following CVEs are assigned: CVE-2025-2759.

Source: ZDI: Published Advisories | 30 Apr 2025 | 5:00 am UTC

ZDI-25-267: GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-3887.

Source: ZDI: Published Advisories | 30 Apr 2025 | 5:00 am UTC

ZDI-25-258: (Pwn2Own) Adobe Acrobat Reader DC distributionURL JavaScript API Restrictions Bypass Vulnerability

This vulnerability allows remote attackers to bypass JavaScript API restrictions on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-34099.

Source: ZDI: Published Advisories | 30 Apr 2025 | 5:00 am UTC

ZDI-25-266: Apache ActiveMQ NMS Body Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apache ActiveMQ NMS. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 8.1. The following CVEs are assigned: CVE-2025-29953.

Source: ZDI: Published Advisories | 30 Apr 2025 | 5:00 am UTC

ZDI-25-259: (Pwn2Own) Adobe Acrobat Reader DC Collab Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-34098.

Source: ZDI: Published Advisories | 30 Apr 2025 | 5:00 am UTC

ZDI-CAN-26902: Wondershare

A CVSS score 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N severity vulnerability discovered by 'Alfredo Oliveira and David Fiser of Trend Research' was reported to the affected vendor on: 2025-04-30, 9 days ago. The vendor is given until 2025-08-28 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 30 Apr 2025 | 5:00 am UTC

ZDI-CAN-26711: Linux

A CVSS score 6.7 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L severity vulnerability discovered by 'Slavin Liu' was reported to the affected vendor on: 2025-04-30, 9 days ago. The vendor is given until 2025-08-28 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 30 Apr 2025 | 5:00 am UTC

ZDI-CAN-26777: Adobe

A CVSS score 3.3 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-04-30, 9 days ago. The vendor is given until 2025-08-28 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 30 Apr 2025 | 5:00 am UTC

ZDI-25-261: (Pwn2Own) Tesla Model S oFono AT Command Heap-based Buffer Overflow Code Execution Vulnerability

This vulnerability allows local attackers to execute arbitrary code on affected Tesla Model S vehicles. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-6031.

Source: ZDI: Published Advisories | 30 Apr 2025 | 5:00 am UTC

ZDI-CAN-23861: Viessmann

A CVSS score 6.8 AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'adhkr - LuwakLab' was reported to the affected vendor on: 2025-04-29, 10 days ago. The vendor is given until 2025-08-27 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 29 Apr 2025 | 5:00 am UTC

ZDI-CAN-26767: Action1

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Xavier DANEST' was reported to the affected vendor on: 2025-04-28, 11 days ago. The vendor is given until 2025-08-26 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 28 Apr 2025 | 5:00 am UTC

ZDI-CAN-26747: Siemens

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Rocco Calvi (@TecR0c) with TecSecurity' was reported to the affected vendor on: 2025-04-25, 14 days ago. The vendor is given until 2025-08-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 25 Apr 2025 | 5:00 am UTC

ZDI-CAN-26748: Siemens

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Rocco Calvi (@TecR0c) with TecSecurity' was reported to the affected vendor on: 2025-04-25, 14 days ago. The vendor is given until 2025-08-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 25 Apr 2025 | 5:00 am UTC

ZDI-CAN-26581: Digilent

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'kimiya' was reported to the affected vendor on: 2025-04-25, 14 days ago. The vendor is given until 2025-08-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 25 Apr 2025 | 5:00 am UTC

ZDI-CAN-26692: Siemens

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Rocco Calvi (@TecR0c) with TecSecurity' was reported to the affected vendor on: 2025-04-25, 14 days ago. The vendor is given until 2025-08-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 25 Apr 2025 | 5:00 am UTC

ZDI-CAN-26582: Digilent

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'kimiya' was reported to the affected vendor on: 2025-04-25, 14 days ago. The vendor is given until 2025-08-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 25 Apr 2025 | 5:00 am UTC

ZDI-CAN-26766: NoMachine

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Xavier DANEST' was reported to the affected vendor on: 2025-04-25, 14 days ago. The vendor is given until 2025-08-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 25 Apr 2025 | 5:00 am UTC

ZDI-CAN-26744: Siemens

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Rocco Calvi (@TecR0c) with TecSecurity' was reported to the affected vendor on: 2025-04-25, 14 days ago. The vendor is given until 2025-08-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 25 Apr 2025 | 5:00 am UTC

ZDI-CAN-26755: Siemens

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Rocco Calvi (@TecR0c) with TecSecurity' was reported to the affected vendor on: 2025-04-25, 14 days ago. The vendor is given until 2025-08-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 25 Apr 2025 | 5:00 am UTC

ZDI-CAN-27041: Apple

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Nikolai Skliarenko of Trend Micro Security Research' was reported to the affected vendor on: 2025-04-25, 14 days ago. The vendor is given until 2025-08-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 25 Apr 2025 | 5:00 am UTC

ZDI-CAN-26947: NI

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Rocco Calvi (@TecR0c) with TecSecurity' was reported to the affected vendor on: 2025-04-25, 14 days ago. The vendor is given until 2025-08-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 25 Apr 2025 | 5:00 am UTC

ZDI-CAN-25793: Soda PDF

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Xavier DANEST' was reported to the affected vendor on: 2025-04-25, 14 days ago. The vendor is given until 2025-08-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 25 Apr 2025 | 5:00 am UTC

ZDI-CAN-27036: Apple

A CVSS score 3.3 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by 'Michael DePlante (@izobashi) of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-04-25, 14 days ago. The vendor is given until 2025-08-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 25 Apr 2025 | 5:00 am UTC

ZDI-CAN-26944: NI

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Rocco Calvi (@TecR0c) with TecSecurity' was reported to the affected vendor on: 2025-04-25, 14 days ago. The vendor is given until 2025-08-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 25 Apr 2025 | 5:00 am UTC

ZDI-CAN-26824: Delta Electronics

A CVSS score 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N severity vulnerability discovered by 'kimiya' was reported to the affected vendor on: 2025-04-25, 14 days ago. The vendor is given until 2025-08-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 25 Apr 2025 | 5:00 am UTC

ZDI-CAN-26752: GIMP

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ' MICHAEL RANDRIANANTENAINA [https://elkamika.blogspot.com/] ' was reported to the affected vendor on: 2025-04-25, 14 days ago. The vendor is given until 2025-08-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 25 Apr 2025 | 5:00 am UTC

ZDI-CAN-27058: Apple

A CVSS score 3.3 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by 'Michael DePlante (@izobashi) of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-04-25, 14 days ago. The vendor is given until 2025-08-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 25 Apr 2025 | 5:00 am UTC

ZDI-CAN-26950: NI

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Rocco Calvi (@TecR0c) with TecSecurity' was reported to the affected vendor on: 2025-04-25, 14 days ago. The vendor is given until 2025-08-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 25 Apr 2025 | 5:00 am UTC

count: 100