CVE — FreeIntelHub

Zero Day Initiative CVE Microsoft Linux Apr 15

ZDI-26-276: Microsoft Windows Secure Kernel Double Free Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to...

T1548 T1068 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apr 15

ZDI-26-272: ATEN Unizon RpcProvider Missing Authentication Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of ATEN Unizon. Authentication is not required t...

1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apr 15

ZDI-26-271: Avast Premium Security Gen Self Protection Driver Exposed Dangerous Function Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the abili...

T1548 T1068 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Trend Micro Apr 15

ZDI-26-270: TrendAI Apex One Console Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One. Authentication is not required to exp...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Trend Micro Apr 15

ZDI-26-269: TrendAI Apex One Console Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One. Authentication is not required to exp...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apr 15

ZDI-26-268: Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Samsung MagicINFO 9 Server. An attacker must first obtain the a...

T1548 T1068 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Fortinet Apr 15

ZDI-26-266: Fortinet FortiWeb cat_cgi_paths Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiWeb. Authentication is required to exploit th...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Fortinet Apr 15

ZDI-26-265: Fortinet FortiWeb cgi_buf_alloc Integer Overflow Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Fortinet FortiWeb. Authentication is required...

1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Adobe Apr 15

ZDI-26-264: Adobe ColdFusion fetchCFSettingFile Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe ColdFusion. Authentication is not required to...

1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Adobe Apr 15

ZDI-26-263: Adobe ColdFusion subscribeToEndpoints Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Adobe ColdFusion. Authentication is not required to exploit ...

T1556 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Adobe Apr 15

ZDI-26-262: Adobe ColdFusion deleteVersion Directory Traversal Arbitrary File Deletion Vulnerability

This vulnerability allows remote attackers to delete arbitrary files on affected installations of Adobe ColdFusion. Although authentication is required to ex...

1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apr 6

ZDI-26-257: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apr 6

ZDI-26-256: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apr 6

ZDI-26-255: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apr 6

ZDI-26-254: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Microsoft Apr 2

ZDI-26-253: Microsoft Visual Studio Code mcp.json Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio Code. User interaction is required ...

T1190 T1059 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apr 2

ZDI-26-252: Mozilla Firefox IonMonkey Switch Statement Optimization Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mozilla Firefox. User interaction is required to exploit th...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apr 2

ZDI-26-251: Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to ...

T1548 T1068 1 IOC

Zero Day Initiative →

Infosecurity Magazine CVE F5 Mar 31

NCSC Urges Immediate Patching of F5 BIG-IP Bug

The National Cyber Security Centre wants UK firms to patch CVE-2025-53521

1 IOC

Infosecurity Magazine →

Zero Day Initiative CVE Linux Mar 31

ZDI-26-250: Linux Kernel Analog Device Driver Improper Validation of Array Index Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to exec...

T1548 T1068 1 IOC

Zero Day Initiative →