IOC Feed — FreeIntelHub

Zero Day Initiative CVE Mar 16

ZDI-26-202: (Pwn2Own) QNAP TS-453E Hyper Data Protector Plugin query_original_file_size SQL Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-453E. Although authentication is required...

CVEs: CVE-2025-59389

Zero Day Initiative →

Zero Day Initiative CVE Mar 16

ZDI-26-201: (Pwn2Own) QNAP TS-453E Hyper Data Protector Plugin Hard-Coded Credentials Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of QNAP TS-453E devices. Authentication is not requir...

CVEs: CVE-2025-59388

Zero Day Initiative →

Zero Day Initiative CVE Mar 16

ZDI-26-200: (Pwn2Own) QNAP TS-453E nvrlog_event_add msg SQL Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-453E devices. Although authentication is ...

CVEs: CVE-2025-62849

Zero Day Initiative →

Zero Day Initiative CVE Mar 16

ZDI-26-199: (Pwn2Own) QNAP TS-453E conn_log_tool Format String Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-453E devices. Although authentication is ...

CVEs: CVE-2025-62848

Zero Day Initiative →

Zero Day Initiative CVE Mar 16

ZDI-26-198: (Pwn2Own) QNAP TS-453E malware_remover Code Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-453E devices. Authentication is not requi...

CVEs: CVE-2025-11837

Zero Day Initiative →

Zero Day Initiative CVE Mar 16

ZDI-26-197: (Pwn2Own) ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex devices. Authentication is ...

CVEs: CVE-2026-4157

Zero Day Initiative →

Zero Day Initiative CVE Mar 16

ZDI-26-196: (Pwn2Own) ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex EV chargers. Authentication...

CVEs: CVE-2026-4156

Zero Day Initiative →

Zero Day Initiative CVE Mar 16

ZDI-26-195: (Pwn2Own) ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging stations. Authentica...

CVEs: CVE-2026-4155

Zero Day Initiative →

Zero Day Initiative CVE Mar 16

ZDI-26-194: Microsoft Exchange InterceptorSmtpAgent Improper Input Validation Security Feature Bypass Vulnerability

This vulnerability allows remote attackers to bypass a security feature on affected installations of Microsoft Exchange. Authentication is not required to ex...

CVEs: CVE-2026-21527

Zero Day Initiative →

Zero Day Initiative CVE Mar 16

ZDI-26-193: (Pwn2Own) Linux Kernel nf_tables_newset Out-Of-Bounds Write Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Linux Kernel. An attacker must first obtain the abil...

CVEs: CVE-2022-1972

Zero Day Initiative →

Zero Day Initiative CVE Mar 16

ZDI-26-192: Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos Era 300. Authentication is not required to exploit th...

CVEs: CVE-2026-4149

Zero Day Initiative →

Zero Day Initiative CVE Mar 16

ZDI-26-191: (Pwn2Own) Linux Kernel nf_tables Use-After-Free Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to exec...

CVEs: CVE-2022-32250

Zero Day Initiative →

Zero Day Initiative CVE Mar 16

ZDI-26-190: (Pwn2Own) VMware Workstation PVSCSI Heap-based Buffer Overflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. An attacker must first obtain the ability t...

CVEs: CVE-2025-41238

Zero Day Initiative →

Zero Day Initiative CVE Mar 16

ZDI-26-189: (Pwn2Own) VMware ESXi VMXNET3 Integer Overflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of VMware ESXi. An attacker must first obtain the ability to execu...

CVEs: CVE-2025-41236

Zero Day Initiative →

Zero Day Initiative CVE Mar 16

ZDI-26-188: (Pwn2Own) VMware ESXi VMCI Integer Underflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of VMware ESXi. An attacker must first obtain the ability to execu...

CVEs: CVE-2025-41237

Zero Day Initiative →

Zero Day Initiative CVE Mar 16

ZDI-26-187: (Pwn2Own) Synology DiskStation Manager Netatalk Library Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not require...

CVEs: CVE-2022-45188

Zero Day Initiative →

Rapid7 Blog Data Breach Mar 13

Metasploit Wrap-Up 03/13/2026

No bad luck here: Friday the 13th brings new modules and a Metasploit Pro milestone This week’s Metasploit Framework release delivers three new modules acros...

CVEs: CVE-2025-71243

Rapid7 Blog →

CISA Advisories CVE Mar 13

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-3909 Google S...

CVEs: CVE-2026-3909 CVE-2026-3910

CISA Advisories →

CISA Advisories CVE Mar 12