jell.ie CVEs

Read at: 2025-05-17T16:13:06+00:00

CVE-2025-48187 - RAGFlow Authentication Bypass

CVE ID : CVE-2025-48187
Published : May 17, 2025, 1:15 p.m. | 1 hour, 29 minutes ago
Description : RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute-force attacks against email verification codes to perform arbitrary account registration, login, and password reset. Codes are six digits and there is no rate limiting.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 17 May 2025 | 1:15 pm UTC

CVE-2025-4101 - MultiVendorX WooCommerce Multivendor Marketplace Solutions Unauthenticated Data Deletion Vulnerability

CVE ID : CVE-2025-4101
Published : May 17, 2025, 1:15 p.m. | 1 hour, 29 minutes ago
Description : The MultiVendorX – WooCommerce Multivendor Marketplace Solutions plugin for WordPress is vulnerable to unauthorized loss of data due to a misconfigured capability check on the 'delete_fpm_product' function in all versions up to, and including, 4.2.22. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary posts, pages, attachments, and products. The vulnerability was partially patched in version 4.2.22.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 17 May 2025 | 1:15 pm UTC

CVE-2025-4669 - WordPress Booking Calendar Stored Cross-Site Scripting (XSS) Vulnerability

CVE ID : CVE-2025-4669
Published : May 17, 2025, 12:15 p.m. | 2 hours, 29 minutes ago
Description : The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpbc shortcode in all versions up to, and including, 10.11.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 17 May 2025 | 12:15 pm UTC

CVE-2025-3888 - "Jupiter X Core Stored Cross-Site Scripting Vulnerability"

CVE ID : CVE-2025-3888
Published : May 17, 2025, 12:15 p.m. | 2 hours, 29 minutes ago
Description : The Jupiter X Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File inclusion in all versions up to, and including, 4.8.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the page with the included SVG file.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 17 May 2025 | 12:15 pm UTC

CVE-2025-3527 - WordPress EventON Pro Stored Cross-Site Scripting (XSS)

CVE ID : CVE-2025-3527
Published : May 17, 2025, 12:15 p.m. | 2 hours, 29 minutes ago
Description : The EventON Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'assets/lib/settings/settings.js' file in all versions up to, and including, 4.9.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 4.9.6.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 17 May 2025 | 12:15 pm UTC

CVE-2024-13613 - Wise Chat WordPress Sensitive Information Exposure

CVE ID : CVE-2024-13613
Published : May 17, 2025, 12:15 p.m. | 2 hours, 29 minutes ago
Description : The Wise Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.3 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads directory which can contain file attachments included in chat messages. The vulnerability was partially patched in version 3.3.3.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 17 May 2025 | 12:15 pm UTC

CVE-2025-4826 - TOTOLINK A702R/A3002R/A3002RU HTTP POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-4826
Published : May 17, 2025, 11:15 a.m. | 3 hours, 29 minutes ago
Description : A vulnerability, which was classified as critical, has been found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. This issue affects some unknown processing of the file /boafrm/formWirelessTbl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 17 May 2025 | 11:15 am UTC

CVE-2025-4825 - TOTOLINK A702R/A3002R/A3002RU HTTP POST Request Handler Buffer Overflow

CVE ID : CVE-2025-4825
Published : May 17, 2025, 10:15 a.m. | 4 hours, 29 minutes ago
Description : A vulnerability classified as critical was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. This vulnerability affects unknown code of the file /boafrm/formDMZ of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 17 May 2025 | 10:15 am UTC

CVE-2025-4824 - TOTOLINK A702R, A3002R, A3002RU HTTP POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-4824
Published : May 17, 2025, 10:15 a.m. | 4 hours, 29 minutes ago
Description : A vulnerability classified as critical has been found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. This affects an unknown part of the file /boafrm/formWsc of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 17 May 2025 | 10:15 am UTC

CVE-2025-4823 - TOTOLINK HTTP POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-4823
Published : May 17, 2025, 10:15 a.m. | 4 hours, 29 minutes ago
Description : A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. It has been rated as critical. Affected by this issue is the function submit-url of the file /boafrm/formReflashClientTbl of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 17 May 2025 | 10:15 am UTC

CVE-2025-4610 - WordPress WP-Members Membership Plugin Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-4610
Published : May 17, 2025, 10:15 a.m. | 4 hours, 29 minutes ago
Description : The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmem_user_memberships shortcode in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 17 May 2025 | 10:15 am UTC

CVE-2025-4819 - Y_Project RuoYi Remote Improper Authorization Vulnerability

CVE ID : CVE-2025-4819
Published : May 17, 2025, 6:15 a.m. | 8 hours, 29 minutes ago
Description : A vulnerability classified as problematic has been found in y_project RuoYi 4.8.0. Affected is an unknown function of the file /monitor/online/batchForceLogout of the component Offline Logout. The manipulation of the argument ids leads to improper authorization. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 17 May 2025 | 6:15 am UTC

CVE-2025-4391 - WordPress Echo RSS Feed Post Generator Arbitrary File Upload Vulnerability

CVE ID : CVE-2025-4391
Published : May 17, 2025, 6:15 a.m. | 8 hours, 29 minutes ago
Description : The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the echo_generate_featured_image() function in all versions up to, and including, 5.4.8.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 17 May 2025 | 6:15 am UTC

CVE-2025-3812 - WordPress WPBot Pro File Deletion Vulnerability

CVE ID : CVE-2025-3812
Published : May 17, 2025, 6:15 a.m. | 8 hours, 29 minutes ago
Description : The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the qcld_openai_delete_training_file() function in all versions up to, and including, 13.6.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 17 May 2025 | 6:15 am UTC

CVE-2025-4389 - "WordPress Crawlomatic Multipage Scraper Plugin Arbitrary File Upload Vulnerability"

CVE ID : CVE-2025-4389
Published : May 17, 2025, 6:15 a.m. | 8 hours, 29 minutes ago
Description : The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the crawlomatic_generate_featured_image() function in all versions up to, and including, 2.6.8.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 17 May 2025 | 6:15 am UTC

CVE-2025-4190 - WordPress CSV Mass Importer File Upload Privilege Escalation Vulnerability

CVE ID : CVE-2025-4190
Published : May 17, 2025, 6:15 a.m. | 8 hours, 29 minutes ago
Description : The CSV Mass Importer WordPress plugin through 1.2 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 17 May 2025 | 6:15 am UTC

CVE-2025-4818 - SourceCodester Doctor's Appointment System SQL Injection

CVE ID : CVE-2025-4818
Published : May 17, 2025, 5:15 a.m. | 9 hours, 29 minutes ago
Description : A vulnerability was found in SourceCodester Doctor's Appointment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/delete-doctor.php of the component GET Parameter Handler. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 17 May 2025 | 5:15 am UTC

CVE-2025-4817 - Sourcecodester Doctor's Appointment System SQL Injection Vulnerability

CVE ID : CVE-2025-4817
Published : May 17, 2025, 4:16 a.m. | 10 hours, 28 minutes ago
Description : A vulnerability was found in Sourcecodester Doctor's Appointment System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/delete-appointment.php of the component GET Parameter Handler. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 17 May 2025 | 4:16 am UTC

CVE-2025-4816 - SourceCodester Doctor's Appointment System SQL Injection Vulnerability

CVE ID : CVE-2025-4816
Published : May 17, 2025, 4:16 a.m. | 10 hours, 28 minutes ago
Description : A vulnerability was found in SourceCodester Doctor's Appointment System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/appointment.php of the component GET Parameter Handler. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 17 May 2025 | 4:16 am UTC

CVE-2025-4194 - WordPress AlT Monitoring CSRF

CVE ID : CVE-2025-4194
Published : May 17, 2025, 4:16 a.m. | 10 hours, 28 minutes ago
Description : The AlT Monitoring plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the 'ALT_Monitoring_edit' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 17 May 2025 | 4:16 am UTC

CVE-2025-4189 - WordPress Audio Comments Plugin CSRF

CVE ID : CVE-2025-4189
Published : May 17, 2025, 4:16 a.m. | 10 hours, 28 minutes ago
Description : The Audio Comments Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the 'audio-comments/audior-settings.php' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 17 May 2025 | 4:16 am UTC

CVE-2025-4815 - Campcodes Sales and Inventory System SQL Injection Vulnerability

CVE ID : CVE-2025-4815
Published : May 17, 2025, 3:17 a.m. | 11 hours, 28 minutes ago
Description : A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /pages/supplier_update.php. The manipulation of the argument Name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 17 May 2025 | 3:17 am UTC

CVE-2025-4814 - Campcodes Sales and Inventory System SQL Injection

CVE ID : CVE-2025-4814
Published : May 17, 2025, 3:17 a.m. | 11 hours, 28 minutes ago
Description : A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pages/supplier_add.php. The manipulation of the argument Name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 17 May 2025 | 3:17 am UTC

CVE-2025-1706 - Adobe Flash Use-After-Free Vulnerability

CVE ID : CVE-2025-1706
Published : May 17, 2025, 1:15 a.m. | 13 hours, 29 minutes ago
Description : Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 17 May 2025 | 1:15 am UTC

CVE-2024-47893 - VMware GPU Firmware Memory Disclosure

CVE ID : CVE-2024-47893
Published : May 17, 2025, 1:15 a.m. | 13 hours, 29 minutes ago
Description : Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to read and/or write data outside the Guest's virtualised GPU memory.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 17 May 2025 | 1:15 am UTC

ZDI-CAN-26913: Anritsu

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'kimiya' was reported to the affected vendor on: 2025-05-15, 2 days ago. The vendor is given until 2025-09-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 15 May 2025 | 5:00 am UTC

ZDI-CAN-26589: DreamFactory

A CVSS score 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Catalin Iovita, David Bors, Alexandru Postolache' was reported to the affected vendor on: 2025-05-15, 2 days ago. The vendor is given until 2025-09-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 15 May 2025 | 5:00 am UTC

ZDI-CAN-26882: Anritsu

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'kimiya' was reported to the affected vendor on: 2025-05-15, 2 days ago. The vendor is given until 2025-09-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 15 May 2025 | 5:00 am UTC

ZDI-CAN-26000: CyberArk

A CVSS score 7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Nikolett Sipos & Nabeel Ahmed from NTT Belgium' was reported to the affected vendor on: 2025-05-15, 2 days ago. The vendor is given until 2025-09-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 15 May 2025 | 5:00 am UTC

ZDI-CAN-26962: 2BrightSparks

A CVSS score 7.3 AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Sharkkcode and Zeze with TeamT5' was reported to the affected vendor on: 2025-05-13, 4 days ago. The vendor is given until 2025-09-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 13 May 2025 | 5:00 am UTC

ZDI-CAN-26647: ATEN

A CVSS score 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Vu Khanh Trinh (@_Sonicrr) from VNPT Cyber Immunity' was reported to the affected vendor on: 2025-05-13, 4 days ago. The vendor is given until 2025-09-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 13 May 2025 | 5:00 am UTC

ZDI-25-286: Dassault Systèmes eDrawings Viewer OBJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-1883.

Source: ZDI: Published Advisories | 13 May 2025 | 5:00 am UTC

ZDI-25-290: Rockwell Automation ThinManager ThinServer Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Rockwell Automation ThinManager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-3617.

Source: ZDI: Published Advisories | 13 May 2025 | 5:00 am UTC

ZDI-25-289: Rockwell Automation ThinManager ThinServer Null Pointer Dereference Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Rockwell Automation ThinManager. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2025-3618.

Source: ZDI: Published Advisories | 13 May 2025 | 5:00 am UTC

ZDI-25-287: JetBrains TeamCity Diagnostics Data Directory Cross-Site Scripting Vulnerability

This vulnerability allows remote attackers to execute arbitrary script on affected installations of JetBrains TeamCity. Minimal user interaction is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.4. The following CVEs are assigned: CVE-2025-46618.

Source: ZDI: Published Advisories | 13 May 2025 | 5:00 am UTC

ZDI-25-288: Fortinet FortiWeb cgi_httpcontentrouting_post Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiWeb. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2025-25254.

Source: ZDI: Published Advisories | 13 May 2025 | 5:00 am UTC

ZDI-25-285: Dassault Systèmes eDrawings Viewer SLDPRT File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-1884.

Source: ZDI: Published Advisories | 13 May 2025 | 5:00 am UTC

ZDI-CAN-26827: Delta Electronics

A CVSS score 10.0 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-05-08, 9 days ago. The vendor is given until 2025-09-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 8 May 2025 | 5:00 am UTC

ZDI-CAN-26798: XWiki.org

A CVSS score 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'NgockhanhC311' was reported to the affected vendor on: 2025-05-08, 9 days ago. The vendor is given until 2025-09-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 8 May 2025 | 5:00 am UTC

ZDI-CAN-27123: VMware

A CVSS score 6.5 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N severity vulnerability discovered by 'Gwangun Jung at THEORI' was reported to the affected vendor on: 2025-05-08, 9 days ago. The vendor is given until 2025-09-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 8 May 2025 | 5:00 am UTC

ZDI-CAN-27084: Autodesk

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-05-08, 9 days ago. The vendor is given until 2025-09-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 8 May 2025 | 5:00 am UTC

ZDI-CAN-27083: Autodesk

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-05-08, 9 days ago. The vendor is given until 2025-09-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 8 May 2025 | 5:00 am UTC

ZDI-CAN-27152: Autodesk

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mat Powell of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-05-08, 9 days ago. The vendor is given until 2025-09-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 8 May 2025 | 5:00 am UTC

ZDI-CAN-27117: Dassault Systèmes

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-05-08, 9 days ago. The vendor is given until 2025-09-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 8 May 2025 | 5:00 am UTC

ZDI-CAN-27085: Autodesk

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-05-08, 9 days ago. The vendor is given until 2025-09-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 8 May 2025 | 5:00 am UTC

ZDI-CAN-26481: Cisco

A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Kentaro Kawane of GMO Cybersecurity by Ierae' was reported to the affected vendor on: 2025-05-06, 11 days ago. The vendor is given until 2025-09-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 6 May 2025 | 5:00 am UTC

ZDI-CAN-26482: Cisco

A CVSS score 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Kentaro Kawane of GMO Cybersecurity by Ierae' was reported to the affected vendor on: 2025-05-06, 11 days ago. The vendor is given until 2025-09-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 6 May 2025 | 5:00 am UTC

ZDI-CAN-26480: Cisco

A CVSS score 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Kentaro Kawane of GMO Cybersecurity by Ierae' was reported to the affected vendor on: 2025-05-06, 11 days ago. The vendor is given until 2025-09-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 6 May 2025 | 5:00 am UTC

ZDI-CAN-26851: Lorex

A CVSS score 7.5 AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'PHP Hooligans / Midnight Blue' was reported to the affected vendor on: 2025-05-06, 11 days ago. The vendor is given until 2025-09-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 6 May 2025 | 5:00 am UTC

ZDI-CAN-26479: Cisco

A CVSS score 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Kentaro Kawane of GMO Cybersecurity by Ierae' was reported to the affected vendor on: 2025-05-06, 11 days ago. The vendor is given until 2025-09-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 6 May 2025 | 5:00 am UTC

ZDI-CAN-26483: Cisco

A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Kentaro Kawane of GMO Cybersecurity by Ierae' was reported to the affected vendor on: 2025-05-06, 11 days ago. The vendor is given until 2025-09-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 6 May 2025 | 5:00 am UTC

ZDI-CAN-27121: Cisco

A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Bobby Gould (@bobbygould5) of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-05-02, 15 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 2 May 2025 | 5:00 am UTC

ZDI-CAN-26776: Microsoft

A CVSS score 8.6 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-05-02, 15 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 2 May 2025 | 5:00 am UTC

ZDI-CAN-27055: Rockwell Automation

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Rocco Calvi (@TecR0c) with TecSecurity' was reported to the affected vendor on: 2025-05-02, 15 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 2 May 2025 | 5:00 am UTC

ZDI-CAN-27107: Apple

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Michael DePlante (@izobashi) of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-05-02, 15 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 2 May 2025 | 5:00 am UTC

ZDI-25-283: MATE Desktop Atril Document Viewer CBT File Parsing Argument Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of MATE Desktop Atril Document Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8.

Source: ZDI: Published Advisories | 2 May 2025 | 5:00 am UTC

ZDI-CAN-26743: 7-Zip

A CVSS score 7.0 AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Ryota Shiga (GMO Flatt Security Inc.) with takumi-san.ai' was reported to the affected vendor on: 2025-05-02, 15 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 2 May 2025 | 5:00 am UTC

ZDI-CAN-27105: Apple

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Michael DePlante (@izobashi) of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-05-02, 15 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 2 May 2025 | 5:00 am UTC

ZDI-25-284: MATE Desktop Atril Document Viewer EPUB File Parsing Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of MATE Desktop Atril Document Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8.

Source: ZDI: Published Advisories | 2 May 2025 | 5:00 am UTC

ZDI-CAN-27098: Autodesk

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mat Powell of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-05-02, 15 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 2 May 2025 | 5:00 am UTC

ZDI-CAN-27106: Apple

A CVSS score 3.3 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by 'Michael DePlante (@izobashi) of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-05-02, 15 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 2 May 2025 | 5:00 am UTC

ZDI-CAN-26753: 7-Zip

A CVSS score 7.0 AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Ryota Shiga (GMO Flatt Security Inc.) with takumi-san.ai' was reported to the affected vendor on: 2025-05-02, 15 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 2 May 2025 | 5:00 am UTC

ZDI-CAN-26771: Trend Micro

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Lays (@_L4ys) of TRAPA Security' was reported to the affected vendor on: 2025-05-02, 15 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 2 May 2025 | 5:00 am UTC

ZDI-CAN-26280: SolarWinds

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'ccc' was reported to the affected vendor on: 2025-05-02, 15 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 2 May 2025 | 5:00 am UTC

ZDI-25-271: Cisco IOS XE SNMP OID Handling Out-Of-Bounds Read Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2025-20172.

Source: ZDI: Published Advisories | 1 May 2025 | 5:00 am UTC

ZDI-25-281: Cisco IOS XE SNMP SET cewProxyClass Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-20175.

Source: ZDI: Published Advisories | 1 May 2025 | 5:00 am UTC

ZDI-25-277: Cisco IOS XE SNMP SET cewEventTime Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-20175.

Source: ZDI: Published Advisories | 1 May 2025 | 5:00 am UTC

ZDI-25-278: Cisco IOS XE SNMP GET-NEXT ctspIpSgtValue Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-20176.

Source: ZDI: Published Advisories | 1 May 2025 | 5:00 am UTC

ZDI-25-273: Cisco IOS XE SNMP OID Handling Out-Of-Bounds Read Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2025-20172.

Source: ZDI: Published Advisories | 1 May 2025 | 5:00 am UTC

ZDI-25-279: Cisco IOS XE SNMP GET-NEXT cContextMappingBridgeDomainIdentifier Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-20173.

Source: ZDI: Published Advisories | 1 May 2025 | 5:00 am UTC

ZDI-25-274: Cisco IOS XE SNMP OID Handling Out-Of-Bounds Read Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2025-20172.

Source: ZDI: Published Advisories | 1 May 2025 | 5:00 am UTC

ZDI-25-275: Cisco IOS XE SNMP GET-NEXT callHomeUserDefCmdName Unexpected Sign Extension Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2025-20171.

Source: ZDI: Published Advisories | 1 May 2025 | 5:00 am UTC

ZDI-25-272: Cisco IOS XE SNMP OID Handling Out-Of-Bounds Read Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2025-20172.

Source: ZDI: Published Advisories | 1 May 2025 | 5:00 am UTC

ZDI-25-282: Webmin CRLF Injection Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Webmin. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-2774.

Source: ZDI: Published Advisories | 1 May 2025 | 5:00 am UTC

ZDI-25-270: Cisco IOS XE SNMP GET-NEXT ciscoFlashFileSize Unexpected Sign Extension Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2025-20169.

Source: ZDI: Published Advisories | 1 May 2025 | 5:00 am UTC

ZDI-25-276: Cisco IOS XE SNMP GET-NEXT cilmCurrentImageLevel Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2025-20174.

Source: ZDI: Published Advisories | 1 May 2025 | 5:00 am UTC

ZDI-25-280: Cisco IOS XE SNMP GET-NEXT ciscoFlashChipCode Unexpected Sign Extension Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2025-20170.

Source: ZDI: Published Advisories | 1 May 2025 | 5:00 am UTC

ZDI-25-269: (Pwn2Own) Synology BeeStation BST150-4T Unnecessary Privileges Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology BeeStation BST150-4T devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.3. The following CVEs are assigned: CVE-2024-10445.

Source: ZDI: Published Advisories | 1 May 2025 | 5:00 am UTC

ZDI-25-268: GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of GStreamer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.0. The following CVEs are assigned: CVE-2025-2759.

Source: ZDI: Published Advisories | 30 Apr 2025 | 5:00 am UTC

ZDI-CAN-26711: Linux

A CVSS score 6.7 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L severity vulnerability discovered by 'Slavin Liu' was reported to the affected vendor on: 2025-04-30, 17 days ago. The vendor is given until 2025-08-28 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 30 Apr 2025 | 5:00 am UTC

ZDI-CAN-26777: Adobe

A CVSS score 3.3 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-04-30, 17 days ago. The vendor is given until 2025-08-28 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 30 Apr 2025 | 5:00 am UTC

ZDI-CAN-26902: Wondershare

A CVSS score 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N severity vulnerability discovered by 'Alfredo Oliveira and David Fiser of Trend Research' was reported to the affected vendor on: 2025-04-30, 17 days ago. The vendor is given until 2025-08-28 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 30 Apr 2025 | 5:00 am UTC

ZDI-25-263: (Pwn2Own) Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerability

This vulnerability allows local attackers to escape the sandbox on affected Tesla Model S vehicles. An attacker must first obtain the ability to execute code within the sandbox on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.0. The following CVEs are assigned: CVE-2024-6030.

Source: ZDI: Published Advisories | 30 Apr 2025 | 5:00 am UTC

ZDI-25-265: (Pwn2Own) Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2025-2082.

Source: ZDI: Published Advisories | 30 Apr 2025 | 5:00 am UTC

ZDI-25-264: (Pwn2Own) Tesla Model S Iris Modem ql_atfwd Command Injection Code Execution Vulnerability

This vulnerability allows local attackers to execute arbitrary code on affected Tesla Model S vehicles. An attacker must first obtain the ability to execute code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-6032.

Source: ZDI: Published Advisories | 30 Apr 2025 | 5:00 am UTC

ZDI-25-258: (Pwn2Own) Adobe Acrobat Reader DC distributionURL JavaScript API Restrictions Bypass Vulnerability

This vulnerability allows remote attackers to bypass JavaScript API restrictions on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-34099.

Source: ZDI: Published Advisories | 30 Apr 2025 | 5:00 am UTC

ZDI-25-260: (Pwn2Own) Tesla Model S Iris Modem Race Condition Firewall Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass the firewall on the Iris modem in affected Tesla Model S vehicles. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.0. The following CVEs are assigned: CVE-2024-6029.

Source: ZDI: Published Advisories | 30 Apr 2025 | 5:00 am UTC

ZDI-25-262: (Pwn2Own) Tesla Model S Iris Modem QCMAP_ConnectionManager Improper Input Validation Sandbox Escape Vulnerability

This vulnerability allows local attackers to escape the sandbox on affected affected Tesla Model S vehicles. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-13943.

Source: ZDI: Published Advisories | 30 Apr 2025 | 5:00 am UTC

ZDI-25-261: (Pwn2Own) Tesla Model S oFono AT Command Heap-based Buffer Overflow Code Execution Vulnerability

This vulnerability allows local attackers to execute arbitrary code on affected Tesla Model S vehicles. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-6031.

Source: ZDI: Published Advisories | 30 Apr 2025 | 5:00 am UTC

ZDI-25-267: GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-3887.

Source: ZDI: Published Advisories | 30 Apr 2025 | 5:00 am UTC

ZDI-25-259: (Pwn2Own) Adobe Acrobat Reader DC Collab Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-34098.

Source: ZDI: Published Advisories | 30 Apr 2025 | 5:00 am UTC

ZDI-25-266: Apache ActiveMQ NMS Body Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apache ActiveMQ NMS. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 8.1. The following CVEs are assigned: CVE-2025-29953.

Source: ZDI: Published Advisories | 30 Apr 2025 | 5:00 am UTC

ZDI-25-257: (Pwn2Own) Oracle VirtualBox OHCI USB Controller Race Condition Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.2. The following CVEs are assigned: CVE-2024-21113.

Source: ZDI: Published Advisories | 30 Apr 2025 | 5:00 am UTC

ZDI-CAN-23861: Viessmann

A CVSS score 6.8 AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'adhkr - LuwakLab' was reported to the affected vendor on: 2025-04-29, 18 days ago. The vendor is given until 2025-08-27 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 29 Apr 2025 | 5:00 am UTC

ZDI-CAN-26767: Action1

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Xavier DANEST' was reported to the affected vendor on: 2025-04-28, 19 days ago. The vendor is given until 2025-08-26 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 28 Apr 2025 | 5:00 am UTC

ZDI-CAN-26744: Siemens

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Rocco Calvi (@TecR0c) with TecSecurity' was reported to the affected vendor on: 2025-04-25, 22 days ago. The vendor is given until 2025-08-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 25 Apr 2025 | 5:00 am UTC

ZDI-CAN-26824: Delta Electronics

A CVSS score 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N severity vulnerability discovered by 'kimiya' was reported to the affected vendor on: 2025-04-25, 22 days ago. The vendor is given until 2025-08-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 25 Apr 2025 | 5:00 am UTC

ZDI-CAN-26947: NI

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Rocco Calvi (@TecR0c) with TecSecurity' was reported to the affected vendor on: 2025-04-25, 22 days ago. The vendor is given until 2025-08-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 25 Apr 2025 | 5:00 am UTC

ZDI-CAN-26747: Siemens

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Rocco Calvi (@TecR0c) with TecSecurity' was reported to the affected vendor on: 2025-04-25, 22 days ago. The vendor is given until 2025-08-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 25 Apr 2025 | 5:00 am UTC

ZDI-CAN-26946: NI

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Rocco Calvi (@TecR0c) with TecSecurity' was reported to the affected vendor on: 2025-04-25, 22 days ago. The vendor is given until 2025-08-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 25 Apr 2025 | 5:00 am UTC

count: 100