jell.ie CVEs

Read at: 2025-07-18T23:07:53+00:00

CVE-2025-7807 - Tenda FH451 Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-7807
Published : July 18, 2025, 9:15 p.m. | 34 minutes ago
Description : A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. This issue affects the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. The manipulation of the argument Go/page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 18 Jul 2025 | 9:15 pm UTC

CVE-2025-50583 - StudentManage Cross-Site Scripting (XSS) Vulnerability

CVE ID : CVE-2025-50583
Published : July 18, 2025, 9:15 p.m. | 34 minutes ago
Description : StudentManage v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Add A New Student module.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 18 Jul 2025 | 9:15 pm UTC

CVE-2025-7806 - Tenda FH451 Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-7806
Published : July 18, 2025, 9:15 p.m. | 34 minutes ago
Description : A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. This vulnerability affects the function fromSafeClientFilter of the file /goform/SafeClientFilter. The manipulation of the argument Go/page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 18 Jul 2025 | 9:15 pm UTC

CVE-2025-50582 - StudentManage Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-50582
Published : July 18, 2025, 9:15 p.m. | 34 minutes ago
Description : StudentManage v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Add A New Course module.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 18 Jul 2025 | 9:15 pm UTC

CVE-2025-50581 - MRCMS Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-50581
Published : July 18, 2025, 9:15 p.m. | 34 minutes ago
Description : MRCMS v3.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/group/save.do.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 18 Jul 2025 | 9:15 pm UTC

CVE-2025-7805 - Tenda FH451 PPTP Stack Buffer Overflow

CVE ID : CVE-2025-7805
Published : July 18, 2025, 8:15 p.m. | 1 hour, 34 minutes ago
Description : A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. This affects the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 18 Jul 2025 | 8:15 pm UTC

CVE-2025-7803 - Descreekert wx-discuz Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-7803
Published : July 18, 2025, 8:15 p.m. | 1 hour, 34 minutes ago
Description : A vulnerability was found in descreekert wx-discuz up to 12bd4745c63ec203cb32119bf77ead4a923bf277. It has been classified as problematic. This affects the function validToken of the file /wx.php. The manipulation of the argument echostr leads to cross site scripting. It is possible to initiate the attack remotely. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 18 Jul 2025 | 8:15 pm UTC

CVE-2025-54310 - qBittorrent Local File Disclosure

CVE ID : CVE-2025-54310
Published : July 18, 2025, 8:15 p.m. | 1 hour, 34 minutes ago
Description : qBittorrent before 5.1.2 does not prevent access to a local file that is referenced in a link URL. This affects rsswidget.cpp and searchjobwidget.cpp.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 18 Jul 2025 | 8:15 pm UTC

CVE-2025-50708 - Perplexity AI GPT-4 Information Disclosure

CVE ID : CVE-2025-50708
Published : July 18, 2025, 8:15 p.m. | 1 hour, 34 minutes ago
Description : An issue in Perplexity AI GPT-4 v.2.51.0 allows a remote attacker to obtain sensitive information via the token component in the shared chat URL
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 18 Jul 2025 | 8:15 pm UTC

CVE-2025-50584 - StudentManage XSS Vulnerability in Add A New Teacher Module

CVE ID : CVE-2025-50584
Published : July 18, 2025, 8:15 p.m. | 1 hour, 34 minutes ago
Description : StudentManage v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Add A New Teacher module.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 18 Jul 2025 | 8:15 pm UTC

CVE-2025-7802 - PHPGurukul Complaint Management System Cross Site Scripting Vulnerability

CVE ID : CVE-2025-7802
Published : July 18, 2025, 7:15 p.m. | 2 hours, 34 minutes ago
Description : A vulnerability was found in PHPGurukul Complaint Management System 2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/complaint-search.php. The manipulation of the argument Search leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 18 Jul 2025 | 7:15 pm UTC

CVE-2025-7801 - BossSoft CRM SQL Injection Vulnerability

CVE ID : CVE-2025-7801
Published : July 18, 2025, 7:15 p.m. | 2 hours, 34 minutes ago
Description : A vulnerability has been found in BossSoft CRM 6.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /crm/module/HNDCBas_customPrmSearchDtl.jsp. The manipulation of the argument cstid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 18 Jul 2025 | 7:15 pm UTC

CVE-2025-7800 - "CGPandey Hotelmis HTTP GET Request Handler Cross-Site Scripting Vulnerability"

CVE ID : CVE-2025-7800
Published : July 18, 2025, 7:15 p.m. | 2 hours, 34 minutes ago
Description : A vulnerability classified as problematic was found in cgpandey hotelmis up to c572198e6c4780fccc63b1d3e8f3f72f825fc94e. This vulnerability affects unknown code of the file admin.php of the component HTTP GET Request Handler. The manipulation of the argument Search leads to cross site scripting. The attack can be initiated remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 18 Jul 2025 | 7:15 pm UTC

CVE-2025-54309 - CrushFTP Remote Admin Access Vulnerability

CVE ID : CVE-2025-54309
Published : July 18, 2025, 7:15 p.m. | 2 hours, 34 minutes ago
Description : CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025.
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 18 Jul 2025 | 7:15 pm UTC

CVE-2025-7798 - Beijing Shenzhou Shihan Technology Multimedia Integrated Business Display System SQL Injection Vulnerability

CVE ID : CVE-2025-7798
Published : July 18, 2025, 7:15 p.m. | 2 hours, 34 minutes ago
Description : A vulnerability classified as critical has been found in Beijing Shenzhou Shihan Technology Multimedia Integrated Business Display System up to 8.2. This affects an unknown part of the file /admin/system/structure/getdirectorydata/web/baseinfo/companyManage. The manipulation of the argument Struccture_ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 18 Jul 2025 | 7:15 pm UTC

CVE-2025-52169 - Agorum Core Reflected Cross-Site Scripting (XSS) Vulnerability

CVE ID : CVE-2025-52169
Published : July 18, 2025, 7:15 p.m. | 2 hours, 34 minutes ago
Description : agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 18 Jul 2025 | 7:15 pm UTC

CVE-2025-52163 - Agorum Core Agorum Software GmbH SSRF

CVE ID : CVE-2025-52163
Published : July 18, 2025, 7:15 p.m. | 2 hours, 34 minutes ago
Description : A Server-Side Request Forgery (SSRF) in the component TunnelServlet of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows attackers to forcefully initiate connections to arbitrary internal and external resources via a crafted request. This can lead to sensitive data exposure.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 18 Jul 2025 | 7:15 pm UTC

CVE-2025-50585 - StudentManage SQL Injection Vulnerability

CVE ID : CVE-2025-50585
Published : July 18, 2025, 7:15 p.m. | 2 hours, 34 minutes ago
Description : StudentManage v1.0 was discovered to contain a SQL injection vulnerability via the component /admin/adminStudentUrl.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 18 Jul 2025 | 7:15 pm UTC

CVE-2025-33014 - IBM Sterling B2B Integrator and IBM Sterling File Gateway Cross-Site Scripting (XSS) Vulnerability

CVE ID : CVE-2025-33014
Published : July 18, 2025, 7:15 p.m. | 2 hours, 34 minutes ago
Description : IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.4 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims’ web browser.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 18 Jul 2025 | 7:15 pm UTC

CVE-2025-7797 - GPAC Dash Client Null Pointer Dereference Remote Vulnerability

CVE ID : CVE-2025-7797
Published : July 18, 2025, 6:15 p.m. | 3 hours, 34 minutes ago
Description : A vulnerability was found in GPAC up to 2.4. It has been rated as problematic. Affected by this issue is the function gf_dash_download_init_segment of the file src/media_tools/dash_client.c. The manipulation of the argument base_init_url leads to null pointer dereference. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 153ea314b6b053db17164f8bc3c7e1e460938eaa. It is recommended to apply a patch to fix this issue.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 18 Jul 2025 | 6:15 pm UTC

CVE-2025-7796 - Tenda PPTPDClient Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-7796
Published : July 18, 2025, 6:15 p.m. | 3 hours, 34 minutes ago
Description : A vulnerability, which was classified as critical, was found in Tenda FH451 1.0.0.9. This affects the function fromPptpUserAdd of the file /goform/PPTPDClient. The manipulation of the argument Username leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 18 Jul 2025 | 6:15 pm UTC

CVE-2025-7795 - Tenda FH451 Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-7795
Published : July 18, 2025, 6:15 p.m. | 3 hours, 34 minutes ago
Description : A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. Affected by this issue is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 18 Jul 2025 | 6:15 pm UTC

CVE-2025-53901 - Wasmtime WASIp1 Denial-of-Service Vulnerability

CVE ID : CVE-2025-53901
Published : July 18, 2025, 6:15 p.m. | 3 hours, 34 minutes ago
Description : Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host (embedder). The specific bug is triggered by calling `path_open` after calling `fd_renumber` with either two equal argument values or a second argument being equal to a previously-closed file descriptor number value. The corrupt state introduced in `fd_renumber` will lead to the subsequent opening of a file descriptor to panic. This panic cannot introduce memory unsafety or allow WebAssembly to break outside of its sandbox, however. There is no possible heap corruption or memory unsafety from this panic. This bug is in the implementation of Wasmtime's `wasmtime-wasi` crate which provides an implementation of WASIp1. The bug requires a specially crafted call to `fd_renumber` in addition to the ability to open a subsequent file descriptor. Opening a second file descriptor is only possible when a preopened directory was provided to the guest, and this is common amongst embeddings. A panic in the host is considered a denial-of-service vector for WebAssembly embedders and is thus a security issue in Wasmtime. This bug does not affect WASIp2 and embedders using components. In accordance with Wasmtime's release process, patch releases are available as 24.0.4, 33.0.2, and 34.0.2. Users of other release of Wasmtime are recommended to move to a supported release of Wasmtime. Embedders who are using components or are not providing guest access to create more file descriptors (e.g. via a preopened filesystem directory) are not affected by this issue. Otherwise, there is no workaround at this time, and affected embeddings are recommended to update to a patched version which will not cause a panic in the host.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 18 Jul 2025 | 6:15 pm UTC

CVE-2025-52168 - Agorum Software GmbH Agorum Core File Access Vulnerability

CVE ID : CVE-2025-52168
Published : July 18, 2025, 6:15 p.m. | 3 hours, 34 minutes ago
Description : Incorrect access control in the dynawebservice component of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows unauthenticated attackers to access arbitrary files on the system.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 18 Jul 2025 | 6:15 pm UTC

CVE-2025-52166 - Agorum Core Privilege Escalation Vulnerability

CVE ID : CVE-2025-52166
Published : July 18, 2025, 6:15 p.m. | 3 hours, 34 minutes ago
Description : Incorrect access control in Software GmbH Agorum core open v11.9.2 & v11.10.1 allows authenticated attackers to escalate privileges to Administrator and access sensitive components and information.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 18 Jul 2025 | 6:15 pm UTC

ZDI-CAN-27654: Linux

A CVSS score 5.3 AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H severity vulnerability discovered by 'Nicholas Zubrisky (@NZubrisky) of Trend Research' was reported to the affected vendor on: 2025-07-18, 0 days ago. The vendor is given until 2025-11-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 18 Jul 2025 | 5:00 am UTC

ZDI-CAN-27261: QEMU

A CVSS score 5.3 AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N severity vulnerability discovered by 'Xiaobye(@xiaobye_tw) of DEVCORE Research Team' was reported to the affected vendor on: 2025-07-18, 0 days ago. The vendor is given until 2025-11-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 18 Jul 2025 | 5:00 am UTC

ZDI-CAN-26972: Langflow

A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Peter Girnus (@gothburz) of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-07-18, 0 days ago. The vendor is given until 2025-11-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 18 Jul 2025 | 5:00 am UTC

ZDI-CAN-27497: Langflow

A CVSS score 7.1 AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Peter Girnus (@gothburz), William Gamazo Sanchez, and Alfredo Oliveira of Trend Research' was reported to the affected vendor on: 2025-07-18, 0 days ago. The vendor is given until 2025-11-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 18 Jul 2025 | 5:00 am UTC

ZDI-CAN-27395: TradingView

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Xavier DANEST' was reported to the affected vendor on: 2025-07-18, 0 days ago. The vendor is given until 2025-11-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 18 Jul 2025 | 5:00 am UTC

ZDI-CAN-27322: Langflow

A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Peter Girnus (@gothburz), William Gamazo Sanchez, and Alfredo Oliveira of Trend Research' was reported to the affected vendor on: 2025-07-18, 0 days ago. The vendor is given until 2025-11-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 18 Jul 2025 | 5:00 am UTC

ZDI-CAN-27325: Langflow

A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Peter Girnus (@gothburz), William Gamazo Sanchez, and Alfredo Oliveira of Trend Research' was reported to the affected vendor on: 2025-07-18, 0 days ago. The vendor is given until 2025-11-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 18 Jul 2025 | 5:00 am UTC

ZDI-CAN-27635: Bytebase

A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Alfredo Oliveira and David Fiser of Trend Research' was reported to the affected vendor on: 2025-07-18, 0 days ago. The vendor is given until 2025-11-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 18 Jul 2025 | 5:00 am UTC

ZDI-CAN-27679: OceanBase

A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Peter Girnus (@gothburz) of Trend Research' was reported to the affected vendor on: 2025-07-18, 0 days ago. The vendor is given until 2025-11-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 18 Jul 2025 | 5:00 am UTC

ZDI-25-607: Cisco Identity Services Engine enableStrongSwanTunnel Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Identity Services Engine. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2025-20337.

Source: ZDI: Published Advisories | 17 Jul 2025 | 5:00 am UTC

ZDI-25-617: Dassault Systèmes eDrawings Viewer CATPRODUCT File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-6972.

Source: ZDI: Published Advisories | 17 Jul 2025 | 5:00 am UTC

ZDI-25-605: Cisco Identity Services Engine IpAccessFilter Direct Request Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass IP restrictions on affected installations of Cisco Identity Services Engine. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2025-20285.

Source: ZDI: Published Advisories | 17 Jul 2025 | 5:00 am UTC

ZDI-25-620: Dassault Systèmes eDrawings Viewer JT File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-6973.

Source: ZDI: Published Advisories | 17 Jul 2025 | 5:00 am UTC

ZDI-25-616: Dassault Systèmes eDrawings Viewer CATPRODUCT File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-6971.

Source: ZDI: Published Advisories | 17 Jul 2025 | 5:00 am UTC

ZDI-25-618: Dassault Systèmes eDrawings Viewer JT File Parsing Uninitialized Variable Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-6974.

Source: ZDI: Published Advisories | 17 Jul 2025 | 5:00 am UTC

ZDI-25-615: Dassault Systèmes eDrawings Viewer IPT File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-7042.

Source: ZDI: Published Advisories | 17 Jul 2025 | 5:00 am UTC

ZDI-25-614: Hewlett Packard Enterprise AutoPass License Server Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Hewlett Packard Enterprise AutoPass License Server. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.3. The following CVEs are assigned: CVE-2025-37107.

Source: ZDI: Published Advisories | 17 Jul 2025 | 5:00 am UTC

ZDI-25-613: Hewlett Packard Enterprise AutoPass License Server Hard-coded Credentials Authentication Bypass Vulnerability

This vulnerability allows remote attackers to disclose sensitive information or edit configuration on affected installations of Hewlett Packard Enterprise AutoPass License Server. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.3. The following CVEs are assigned: CVE-2025-37106.

Source: ZDI: Published Advisories | 17 Jul 2025 | 5:00 am UTC

ZDI-25-612: Hewlett Packard Enterprise AutoPass License Server Hard-coded Credentials Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise AutoPass License Server. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2025-37105.

Source: ZDI: Published Advisories | 17 Jul 2025 | 5:00 am UTC

ZDI-25-611: VMware ESXi VMCI Uninitialized Memory Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware ESXi. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2025-41239.

Source: ZDI: Published Advisories | 17 Jul 2025 | 5:00 am UTC

ZDI-25-610: Linux Kernel ksmbd destroy_previous_session Null Pointer Dereference Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of the Linux Kernel. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.9. The following CVEs are assigned: CVE-2025-38191.

Source: ZDI: Published Advisories | 17 Jul 2025 | 5:00 am UTC

ZDI-25-608: Cisco Identity Services Engine handleFilesUpload Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Identity Services Engine. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2025-20282.

Source: ZDI: Published Advisories | 17 Jul 2025 | 5:00 am UTC

ZDI-25-609: Cisco Identity Services Engine invokeStrongSwanShellScript Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Identity Services Engine. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2025-20281.

Source: ZDI: Published Advisories | 17 Jul 2025 | 5:00 am UTC

ZDI-25-606: Cisco Identity Services Engine handleStrongSwanTunnelStatus Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Identity Services Engine. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2025-20284.

Source: ZDI: Published Advisories | 17 Jul 2025 | 5:00 am UTC

ZDI-25-604: Cisco Identity Services Engine disableStrongSwanTunnel Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Identity Services Engine. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2025-20283.

Source: ZDI: Published Advisories | 17 Jul 2025 | 5:00 am UTC

ZDI-25-619: Dassault Systèmes eDrawings Viewer JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-0831.

Source: ZDI: Published Advisories | 17 Jul 2025 | 5:00 am UTC

ZDI-25-603: Autodesk Revit RTE File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Revit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-5037.

Source: ZDI: Published Advisories | 16 Jul 2025 | 5:00 am UTC

ZDI-CAN-27315: Anritsu

A CVSS score 7.5 AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'kimiya' was reported to the affected vendor on: 2025-07-15, 3 days ago. The vendor is given until 2025-11-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 15 Jul 2025 | 5:00 am UTC

ZDI-25-601: (Pwn2Own) Oracle VirtualBox VMSVGA Integer Overflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.2. The following CVEs are assigned: CVE-2025-53024.

Source: ZDI: Published Advisories | 15 Jul 2025 | 5:00 am UTC

ZDI-25-602: (Pwn2Own) Oracle VirtualBox OHCI USB Controller Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.2. The following CVEs are assigned: CVE-2025-53027.

Source: ZDI: Published Advisories | 15 Jul 2025 | 5:00 am UTC

ZDI-25-599: Oracle VirtualBox LSILogic Uninitialized Memory Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.0. The following CVEs are assigned: CVE-2025-53026.

Source: ZDI: Published Advisories | 15 Jul 2025 | 5:00 am UTC

ZDI-25-600: (Pwn2Own) Oracle VirtualBox VMSVGA Out-Of-Bounds Write Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.2. The following CVEs are assigned: CVE-2025-53028.

Source: ZDI: Published Advisories | 15 Jul 2025 | 5:00 am UTC

ZDI-25-597: Autodesk Revit RFA File Parsing Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Revit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-5037.

Source: ZDI: Published Advisories | 15 Jul 2025 | 5:00 am UTC

ZDI-25-598: Oracle VirtualBox BusLogic Uninitialized Memory Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.0. The following CVEs are assigned: CVE-2025-53025.

Source: ZDI: Published Advisories | 15 Jul 2025 | 5:00 am UTC

ZDI-25-595: Autodesk Revit RFA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Revit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-5037.

Source: ZDI: Published Advisories | 15 Jul 2025 | 5:00 am UTC

ZDI-25-596: Autodesk Revit RTE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Revit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-5040.

Source: ZDI: Published Advisories | 15 Jul 2025 | 5:00 am UTC

ZDI-25-594: Autodesk Revit RFA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Revit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-5037.

Source: ZDI: Published Advisories | 15 Jul 2025 | 5:00 am UTC

ZDI-25-593: Autodesk Revit RVT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Revit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-5037.

Source: ZDI: Published Advisories | 15 Jul 2025 | 5:00 am UTC

ZDI-CAN-27351: Fuji Electric

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Rocco Calvi (@TecR0c) with TecSecurity' was reported to the affected vendor on: 2025-07-15, 3 days ago. The vendor is given until 2025-11-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 15 Jul 2025 | 5:00 am UTC

ZDI-25-592: Autodesk Revit RVT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Revit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-5037.

Source: ZDI: Published Advisories | 15 Jul 2025 | 5:00 am UTC

ZDI-CAN-27527: Fuji Electric

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Rocco Calvi (@TecR0c) with TecSecurity' was reported to the affected vendor on: 2025-07-15, 3 days ago. The vendor is given until 2025-11-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 15 Jul 2025 | 5:00 am UTC

ZDI-25-588: Trend Micro Cleaner One Pro Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Cleaner One Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-53503.

Source: ZDI: Published Advisories | 11 Jul 2025 | 5:00 am UTC

ZDI-CAN-27431: Docker

A CVSS score 7.5 AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Nitesh Surana (niteshsurana.com) & Nelson William Gamazo Sanchez of Trend Research' was reported to the affected vendor on: 2025-07-11, 7 days ago. The vendor is given until 2025-11-08 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 11 Jul 2025 | 5:00 am UTC

ZDI-25-591: Delta Electronics DTM Soft BIN File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DTM Soft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-53415.

Source: ZDI: Published Advisories | 11 Jul 2025 | 5:00 am UTC

ZDI-25-590: G DATA Total Security GDTunerSvc Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-2790.

Source: ZDI: Published Advisories | 11 Jul 2025 | 5:00 am UTC

ZDI-25-589: Trend Micro Worry-Free Business Security Missing Authentication Vulnerability

This vulnerability allows remote attackers to hijack security agents on affected installations of Trend Micro Worry-Free Business Security. In most cases, user interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.6. The following CVEs are assigned: CVE-2025-53378.

Source: ZDI: Published Advisories | 11 Jul 2025 | 5:00 am UTC

ZDI-25-587: Luxion KeyShot 3DM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-7222.

Source: ZDI: Published Advisories | 11 Jul 2025 | 5:00 am UTC

ZDI-CAN-27503: pdfforge

A CVSS score 7.0 AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'kimiya' was reported to the affected vendor on: 2025-07-10, 8 days ago. The vendor is given until 2025-11-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 10 Jul 2025 | 5:00 am UTC

ZDI-CAN-27498: PDFsam

A CVSS score 7.0 AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'kimiya' was reported to the affected vendor on: 2025-07-10, 8 days ago. The vendor is given until 2025-11-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 10 Jul 2025 | 5:00 am UTC

ZDI-CAN-27501: pdfforge

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'kimiya' was reported to the affected vendor on: 2025-07-10, 8 days ago. The vendor is given until 2025-11-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 10 Jul 2025 | 5:00 am UTC

ZDI-CAN-27500: PDFsam

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'kimiya' was reported to the affected vendor on: 2025-07-10, 8 days ago. The vendor is given until 2025-11-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 10 Jul 2025 | 5:00 am UTC

ZDI-CAN-27571: Docker

A CVSS score 7.5 AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Nitesh Surana (niteshsurana.com) & Nelson William Gamazo Sanchez of Trend Research' was reported to the affected vendor on: 2025-07-10, 8 days ago. The vendor is given until 2025-11-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 10 Jul 2025 | 5:00 am UTC

ZDI-CAN-27502: pdfforge

A CVSS score 7.0 AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'kimiya' was reported to the affected vendor on: 2025-07-10, 8 days ago. The vendor is given until 2025-11-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 10 Jul 2025 | 5:00 am UTC

ZDI-CAN-27499: PDFsam

A CVSS score 7.0 AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'kimiya' was reported to the affected vendor on: 2025-07-10, 8 days ago. The vendor is given until 2025-11-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 10 Jul 2025 | 5:00 am UTC

ZDI-CAN-27430: Docker

A CVSS score 7.8 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Nitesh Surana (niteshsurana.com) & Nelson William Gamazo Sanchez of Trend Research' was reported to the affected vendor on: 2025-07-09, 9 days ago. The vendor is given until 2025-11-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 9 Jul 2025 | 5:00 am UTC

ZDI-CAN-27541: Microsoft

A CVSS score 4.7 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by 'William Gamazo Sanchez and Nitesh Surana of Trend Research' was reported to the affected vendor on: 2025-07-09, 9 days ago. The vendor is given until 2025-11-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 9 Jul 2025 | 5:00 am UTC

ZDI-CAN-27562: Docker

A CVSS score 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by 'David Fiser and Alfredo Oliveira of Trend Research' was reported to the affected vendor on: 2025-07-09, 9 days ago. The vendor is given until 2025-11-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 9 Jul 2025 | 5:00 am UTC

ZDI-25-483: IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-7251.

Source: ZDI: Published Advisories | 8 Jul 2025 | 5:00 am UTC

ZDI-25-550: IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-7303.

Source: ZDI: Published Advisories | 8 Jul 2025 | 5:00 am UTC

ZDI-25-548: IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-7301.

Source: ZDI: Published Advisories | 8 Jul 2025 | 5:00 am UTC

ZDI-25-546: IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-7296.

Source: ZDI: Published Advisories | 8 Jul 2025 | 5:00 am UTC

ZDI-CAN-27348: Apple

A CVSS score 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L severity vulnerability discovered by 'wac' was reported to the affected vendor on: 2025-07-08, 10 days ago. The vendor is given until 2025-11-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 8 Jul 2025 | 5:00 am UTC

ZDI-25-495: IrfanView CADImage Plugin CGM File Parsing Out-of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-7234.

Source: ZDI: Published Advisories | 8 Jul 2025 | 5:00 am UTC

ZDI-25-536: IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-7284.

Source: ZDI: Published Advisories | 8 Jul 2025 | 5:00 am UTC

ZDI-25-534: IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-7288.

Source: ZDI: Published Advisories | 8 Jul 2025 | 5:00 am UTC

ZDI-CAN-25884: Lorex

A CVSS score 7.5 AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'PHP Hooligans / Midnight Blue' was reported to the affected vendor on: 2025-07-08, 10 days ago. The vendor is given until 2025-11-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 8 Jul 2025 | 5:00 am UTC

ZDI-CAN-26504: Fuji Electric

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'kimiya' was reported to the affected vendor on: 2025-07-08, 10 days ago. The vendor is given until 2025-11-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 8 Jul 2025 | 5:00 am UTC

ZDI-CAN-26908: Senstar

A CVSS score 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by 'Gert Keldermans & Nabeel Ahmed of NTT Belgium' was reported to the affected vendor on: 2025-07-08, 10 days ago. The vendor is given until 2025-11-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 8 Jul 2025 | 5:00 am UTC

ZDI-CAN-27136: Allegra

A CVSS score 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by 'Swagat' was reported to the affected vendor on: 2025-07-08, 10 days ago. The vendor is given until 2025-11-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 8 Jul 2025 | 5:00 am UTC

ZDI-25-487: IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-7236.

Source: ZDI: Published Advisories | 8 Jul 2025 | 5:00 am UTC

ZDI-25-491: IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-7243.

Source: ZDI: Published Advisories | 8 Jul 2025 | 5:00 am UTC

ZDI-25-530: IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-7282.

Source: ZDI: Published Advisories | 8 Jul 2025 | 5:00 am UTC

ZDI-25-532: IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-7286.

Source: ZDI: Published Advisories | 8 Jul 2025 | 5:00 am UTC

ZDI-CAN-27057: Discord

A CVSS score 7.3 AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'T. Doğa Gelişli' was reported to the affected vendor on: 2025-07-08, 10 days ago. The vendor is given until 2025-11-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 8 Jul 2025 | 5:00 am UTC

ZDI-25-513: IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-7265.

Source: ZDI: Published Advisories | 8 Jul 2025 | 5:00 am UTC

count: 100