ZERO-DAY
DATE |
NAME |
CATEGORY |
SUBCATE |
INFO |
| 25.4.25 | ZDI-25-256 |
ZERO-DAY |
Avast Free Antivirus Integer Overflow Local Privilege Escalation Vulnerability | |
| 25.4.25 | ZDI-25-255 |
ZERO-DAY |
Allegra isZipEntryValide Directory Traversal Remote Code Execution Vulnerability | |
| 25.4.25 | ZDI-25-254 |
ZERO-DAY |
Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability | |
| 25.4.25 | ZDI-25-253 |
ZERO-DAY |
SonicWALL Connect Tunnel Link Following Denial-of-Service Vulnerability | |
| 24.4.25 | ZDI-25-252 |
ZERO-DAY |
(0Day) Cato Networks Cato Client for macOS Helper Service Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability | |
| 24.4.25 | ZDI-25-251 |
ZERO-DAY |
(0Day) Harman Becker MGU21 Bluetooth Improper Input Validation Denial-of-Service Vulnerability | |
| 24.4.25 | ZDI-25-250 |
ZERO-DAY |
(0Day) Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability | |
| 24.4.25 | ZDI-25-249 |
ZERO-DAY |
(0Day) eCharge Hardy Barth cPH2 index.php Command Injection Remote Code Execution Vulnerability | |
| 24.4.25 | ZDI-25-248 |
ZERO-DAY |
(0Day) eCharge Hardy Barth cPH2 nwcheckexec.php dest Command Injection Remote Code Execution Vulnerability | |
| 24.4.25 | ZDI-25-247 |
ZERO-DAY |
(0Day) eCharge Hardy Barth cPH2 check_req.php ntp Command Injection Remote Code Execution Vulnerability | |
| 11.4.25 | ZDI-25-246 |
ZERO-DAY |
MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure Vulnerability | |
| 11.4.25 | ZDI-25-245 |
ZERO-DAY |
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | |
| 11.4.25 | ZDI-25-244 |
ZERO-DAY |
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | |
| 11.4.25 | ZDI-25-243 |
ZERO-DAY |
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | |
| 11.4.25 | ZDI-25-242 |
ZERO-DAY |
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | |
| 11.4.25 | ZDI-25-241 |
ZERO-DAY |
Trend Micro Deep Security Agent Link Following Denial-of-Service Vulnerability | |
| 11.4.25 | ZDI-25-240 |
ZERO-DAY |
Trend Micro Deep Security Anti-Malware Solution Platform Link Following Local Privilege Escalation Vulnerability | |
| 11.4.25 | ZDI-25-239 | ZERO-DAY |
ZERO-DAY |
Trend Micro Deep Security Link Following Local Privilege Escalation Vulnerability |
| 11.4.25 | ZDI-25-238 | ZERO-DAY |
ZERO-DAY |
Trend Micro Apex Central Query Server-Side Request Forgery Information Disclosure Vulnerability |
| 11.4.25 | ZDI-25-237 | ZERO-DAY |
ZERO-DAY |
Trend Micro Apex Central modOSCE Server-Side Request Forgery Information Disclosure Vulnerability |
| 11.4.25 | ZDI-25-236 | ZERO-DAY |
ZERO-DAY |
Trend Micro Apex Central modTMSM Server-Side Request Forgery Information Disclosure Vulnerability |
| 11.4.25 | ZDI-25-235 | ZERO-DAY |
ZERO-DAY |
Ivanti Endpoint Manager OpenRecordSet SQL Injection Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-234 | ZERO-DAY |
ZERO-DAY |
Microsoft Windows dxkrnl Untrusted Pointer Dereference Local Privilege Escalation Vulnerability |
| 11.4.25 | ZDI-25-233 | ZERO-DAY |
ZERO-DAY |
Luxion KeyShot Viewer KSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-232 | ZERO-DAY |
ZERO-DAY |
Luxion KeyShot PVS File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-231 | ZERO-DAY |
ZERO-DAY |
Luxion KeyShot SKP File Parsing Use-After-Free Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-230 | ZERO-DAY | ZERO-DAY | (Pwn2Own) Samsung Galaxy S24 Smart Switch Agent Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-229 | ZERO-DAY | ZERO-DAY | (Pwn2Own) Samsung Galaxy S24 Quick Share Directory Traversal Arbitrary File Write Vulnerability |
| 11.4.25 | ZDI-25-228 |
ZERO-DAY |
(Pwn2Own) Samsung Galaxy S24 Quick Share Insufficient UI Warning Arbitrary File Write Vulnerability | |
| 11.4.25 | ZDI-25-227 |
ZERO-DAY |
(Pwn2Own) Samsung Galaxy S24 Gaming Hub Exposed Dangerous Method Local Privilege Escalation Vulnerability | |
| 11.4.25 | ZDI-25-226 |
ZERO-DAY |
(Pwn2Own) Samsung Galaxy S24 Gaming Hub Improper Input Validation Privilege Escalation Vulnerability | |
| 11.4.25 | ZDI-25-225 |
ZERO-DAY |
(Pwn2Own) Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability | |
| 11.4.25 | ZDI-25-224 |
ZERO-DAY |
(Pwn2Own) Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability | |
| 11.4.25 | ZDI-25-223 |
ZERO-DAY |
(Pwn2Own) Sonos Era 300 Speaker libsmb2 Use-After-Free Remote Code Execution Vulnerability | |
| 11.4.25 | ZDI-25-222 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Lexmark CX331adwe concatstrings Type Confusion Information Disclosure Vulnerability |
| 11.4.25 | ZDI-25-221 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Lexmark CX331adwe httpd extract-trace Link Following Local Privilege Escalation Vulnerability |
| 11.4.25 | ZDI-25-220 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Lexmark CX331adwe basic_auth.cgi PATH_TRANSLATED Directory Traversal Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-219 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Lexmark CX331adwe JBIG2 File Parsing new_image Integer Overflow Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-218 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Lexmark CX331adwe JPEG2000 Memory Corruption Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-217 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Lexmark CX331adwe loadCFFdata Type Confusion Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-216 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Synology TC500 ONVIF Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-215 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Synology DiskStation DS1823xs+ LDAP Client Improper Certificate Validation Authentication Bypass Vulnerability |
| 11.4.25 | ZDI-25-214 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Synology DiskStation DS1823xs+ Vue.JS Improper Neutralization of Argument Delimiters Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-213 | ZERO-DAY | ZERO-DAY | (Pwn2Own) Synology BeeStation BST150-4T Improper Authentication Vulnerability |
| 11.4.25 | ZDI-25-212 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Synology BeeStation BST150-4T Improper Authentication Vulnerability |
| 11.4.25 | ZDI-25-211 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Synology BeeStation BST150-4T Improper Input Validation Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-210 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Synology BeeStation BST150-4T Improper Input Validation Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-209 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Synology BeeStation BST150-4T Cleartext Transmission of Sensitive Information Vulnerability |
| 11.4.25 | ZDI-25-208 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Synology DiskStation DS1823xs+ Replication Service Out-Of-Bounds Write Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-207 | ZERO-DAY | ZERO-DAY | (Pwn2Own) Synology BeeStation BST150-4T Command Injection Remote Code Execution Vulnerability |
| 8.4.25 | ZDI-25-206 | ZERO-DAY |
ZERO-DAY |
Amazon AWS CloudFormation Templates Uncontrolled Search Path Element Remote Code Execution Vulnerability |
| 8.4.25 | ZDI-25-205 | ZERO-DAY |
ZERO-DAY |
Amazon AWS CloudFormation Templates Uncontrolled Search Path Element Remote Code Execution Vulnerability |
| 8.4.25 | ZDI-25-204 | ZERO-DAY |
ZERO-DAY |
GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| 8.4.25 | ZDI-25-203 | ZERO-DAY | ZERO-DAY | GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability |
| 8.4.25 | ZDI-25-202 |
ZERO-DAY |
Fortinet FortiWeb cgi_xmlprotection_xmlschemafile_post Directory Traversal Arbitrary File Write Vulnerability | |
| 8.4.25 | ZDI-25-201 |
ZERO-DAY |
Trend Micro Cleaner One Pro Link Following Denial-of-Service Vulnerability | |
| 8.4.25 | ZDI-25-200 |
ZERO-DAY |
Exim Use-After-Free Local Privilege Escalation Vulnerability | |
| 2.4.25 | ZDI-25-196 | ZERO-DAY |
ZERO-DAY |
Apple macOS ICC Profile Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| 2.4.25 | ZDI-25-195 | ZERO-DAY |
ZERO-DAY |
Apple macOS CoreGraphics Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| 2.4.25 | ZDI-25-194 | ZERO-DAY |
ZERO-DAY |
Apple macOS AppleIntelKBLGraphics Time-Of-Check Time-Of-Use Information Disclosure Vulnerability |
| 2.4.25 | ZDI-25-193 | ZERO-DAY |
ZERO-DAY |
Apple macOS CoreText Font Glyphs Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| 2.4.25 | ZDI-25-192 | ZERO-DAY |
ZERO-DAY |
Apple macOS MP4 File Parsing Memory Corruption Remote Code Execution Vulnerability |
| 2.4.25 | ZDI-25-191 | ZERO-DAY |
ZERO-DAY |
Apple macOS MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| 2.4.25 | ZDI-25-190 | ZERO-DAY |
ZERO-DAY |
Apple macOS MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| 2.4.25 | ZDI-25-189 | ZERO-DAY |
ZERO-DAY |
Apple macOS AudioToolbox AMR File Parsing Memory Corruption Remote Code Execution Vulnerability |
| 2.4.25 | ZDI-25-188 | ZERO-DAY |
ZERO-DAY |
Apple macOS AudioToolboxCore WAV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
|
26.3.25 |
ZDI-25-187 | ZERO-DAY | ZERO-DAY | (0Day) BEC Technologies Multiple Routers sys ping Command Injection Remote Code Execution Vulnerability |
|
26.3.25 |
ZDI-25-186 | ZERO-DAY | ZERO-DAY | (0Day) BEC Technologies Multiple Routers Cleartext Password Storage Information Disclosure Vulnerability |
|
26.3.25 |
ZDI-25-185 | ZERO-DAY | ZERO-DAY | (0Day) BEC Technologies Multiple Routers Insufficiently Protected Credentials Information Disclosure Vulnerability |
|
26.3.25 |
ZDI-25-184 | ZERO-DAY | ZERO-DAY | (0Day) BEC Technologies Multiple Routers Authentication Bypass Vulnerability |
|
26.3.25 |
ZDI-25-183 | ZERO-DAY | ZERO-DAY | (0Day) Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
|
26.3.25 |
ZDI-25-182 | ZERO-DAY | ZERO-DAY | (0Day) Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
|
26.3.25 |
ZDI-25-181 | ZERO-DAY | ZERO-DAY | (0Day) Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability |
|
26.3.25 |
ZDI-25-180 | ZERO-DAY | ZERO-DAY | (0Day) 70mai A510 Use of Default Password Authentication Bypass Vulnerability |
|
26.3.25 |
ZDI-25-179 | ZERO-DAY | ZERO-DAY | (0Day) CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability |
|
26.3.25 |
ZDI-25-178 | ZERO-DAY | ZERO-DAY | (0Day) CarlinKit CPC200-CCPA update.cgi Improper Verification of Cryptographic Signature Code Execution Vulnerability |
|
26.3.25 |
ZDI-25-177 | ZERO-DAY | ZERO-DAY | (0Day) CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authentication Bypass Vulnerability |
|
26.3.25 |
ZDI-25-176 | ZERO-DAY | ZERO-DAY | (0Day) CarlinKit CPC200-CCPA Missing Root of Trust Local Privilege Escalation Vulnerability |
|
20.3.25 |
ZDI-25-175 | ZERO-DAY | ZERO-DAY | (0Day) Luxion KeyShot USDC File Parsing Use-After-Free Remote Code Execution Vulnerability |
|
20.3.25 |
ZDI-25-174 | ZERO-DAY | ZERO-DAY | (0Day) Luxion KeyShot DAE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
|
20.3.25 |
ZDI-25-173 | ZERO-DAY | ZERO-DAY | (0Day) Luxion KeyShot DAE File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability |
|
19.3.25 |
ZERO-DAY |
(0Day) Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability |