CVE — FreeIntelHub

Zero Day Initiative CVE Apr 27

ZDI-26-303: Foxit PDF Reader AcroForm Signature Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to e...

1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apr 27

ZDI-26-302: Foxit PDF Reader AcroForm Signature Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit t...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apr 27

ZDI-26-301: Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit t...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apr 27

ZDI-26-300: Flowise AccountService resetPassword Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Flowise. Authentication is not required to exploit this vuln...

T1556 1 IOC

Zero Day Initiative →

CISA Advisories CVE Apr 24

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

T1059 4 IOCs

CISA Advisories →

CISA Advisories CVE Apr 23

Milesight Cameras

View CSAF Summary Successful exploitation of these vulnerabilities could crash the device being accessed or allow remote code execution. The following versio...

T1190 6 IOCs

CISA Advisories →

CISA Advisories CVE Apr 23

SpiceJet Online Booking System

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information. The following versions of Spice...

2 IOCs

CISA Advisories →

CISA Advisories CVE Apr 23

Yadea T5 Electric Bicycle

View CSAF Summary Successful exploitation of this vulnerability could result in an attacker being able to unlock and start the bicycle, leading to vehicle th...

1 IOC

CISA Advisories →

CISA Advisories CVE Apr 23

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-39987 Marimo Re...

T1190 1 IOC

CISA Advisories →

CISA Advisories CVE Apr 23

Intrado 911 Emergency Gateway (EGW)

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to read, modify, or delete files. The following versions of Intrado 9...

1 IOC

CISA Advisories →

CISA Advisories CVE Apr 23

Hangzhou Xiongmai Technology Co., Ltd XM530 IP Camera

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to bypass authentication and have remote access to sensitive informat...

1 IOC

CISA Advisories →

CISA Advisories CVE Apr 23

Carlson Software VASCO-B GNSS Receiver

View CSAF Summary Successful exploitation of this vulnerability could enable a remote attacker to alter critical system functions or disrupt device operation...

1 IOC

CISA Advisories →

Zero Day Initiative CVE Docker Apr 23

ZDI-26-299: Docker Desktop Enhanced Container Isolation Exposed Dangerous Function Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. An attacker must first obtain the ability to ex...

T1548 T1068 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apr 23

ZDI-26-298: Siemens SINEC NMS Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Siemens SINEC NMS. Authentication is not required to exploit...

T1556 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apr 23

ZDI-26-297: Siemens SINEC NMS Improper Authentication Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Siemens SINEC NMS. Authentication is required to exploit this ...

T1548 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apr 23

ZDI-26-296: Delta Electronics ASDA-Soft PAR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics ASDA-Soft. User interaction is required t...

T1190 1 IOC

Zero Day Initiative →

CISA Advisories CVE Microsoft Apr 22

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-33825 Microsoft...

1 IOC

CISA Advisories →

CISA Advisories CVE Apr 21

Hardy Barth Salia EV Charge Controller

View CSAF Summary Successful exploitation of these vulnerabilities could crash the device being accessed; a buffer overflow condition may allow remote code e...

T1190 2 IOCs

CISA Advisories →

Zero Day Initiative CVE Amazon Apr 21

ZDI-26-245: (0Day) aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit t...

T1190 T1059 1 IOC

Zero Day Initiative →

Infosecurity Magazine CVE Apr 20

Attackers Exploit DVR Command Injection Flaw to Deploy Mirai-Based Botnet

FortiGuard Labs has identified a Mirai-based Nexcorium campaign actively exploiting CVE-2024-3721 in TBK DVR devices

T1059 1 IOC

Infosecurity Magazine →