Indicators of Compromise

Zero Day Initiative CVE Feb 25

ZDI-26-130: IceWarp collaboration Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of IceWarp. Authentication is not required to exploit ...

CVEs: CVE-2026-2493

Zero Day Initiative →

Zero Day Initiative CVE Feb 25

ZDI-26-129: Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Socomec DIRIS A-40 power monitoring devices. Authe...

CVEs: CVE-2026-2491

Zero Day Initiative →

Zero Day Initiative CVE Feb 25

ZDI-26-128: (Pwn2Own) Ubiquiti Networks AI Pro Uncaught Exception Denial-of-Service Vulnerability

This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Ubiquiti Networks AI Pro. Authentic...

CVEs: CVE-2026-21634

Zero Day Initiative →

Zero Day Initiative CVE Feb 25

ZDI-26-127: (Pwn2Own) Ubiquiti Networks AI Pro Cleartext Transmission Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Ubiquiti Networks AI Pro. Authentication ...

CVEs: CVE-2026-21633

Zero Day Initiative →

Zero Day Initiative CVE Feb 25

ZDI-26-126: (Pwn2Own) Ubiquiti Networks AI Pro Discovery Protocol Missing Encryption Protocol Downgrade Vulnerability

This vulnerability allows network-adjacent attackers to downgrade the communication protocol on affected installations of Ubiquiti Networks AI Pro. Authentic...

CVEs: CVE-2026-21633

Zero Day Initiative →

Zero Day Initiative CVE Feb 25

ZDI-26-125: Docker Desktop grpcfuse Kernel Module Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Docker Desktop. An attacker must first obtain the ab...

CVEs: CVE-2026-2664

Zero Day Initiative →

Zero Day Initiative CVE Feb 25

ZDI-26-124: claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of claude-hovercraft. Authentication is not required to exploi...

CVEs: CVE-2025-15060

Zero Day Initiative →

Zero Day Initiative CVE Feb 19

ZDI-26-122: PDF-XChange Editor TrackerUpdate Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of PDF-XChange Editor. An attacker must first obtain the ability t...

CVEs: CVE-2026-2040

Zero Day Initiative →

Zero Day Initiative CVE Feb 19

ZDI-26-121: GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerab...

CVEs: CVE-2026-2048

Zero Day Initiative →

Zero Day Initiative CVE Feb 19

ZDI-26-120: GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerab...

CVEs: CVE-2026-2047

Zero Day Initiative →

Zero Day Initiative CVE Feb 19

ZDI-26-119: GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerab...

CVEs: CVE-2026-2045

Zero Day Initiative →

Zero Day Initiative CVE Feb 19

ZDI-26-118: GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerab...

CVEs: CVE-2026-2044

Zero Day Initiative →

Zero Day Initiative CVE Feb 19

ZDI-26-117: RustDesk Client for Windows Transfer File Link Following Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of RustDesk Client for Windows. An attacker must first ...

CVEs: CVE-2026-2490

Zero Day Initiative →

Zero Day Initiative CVE Feb 19

ZDI-26-116: TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of TensorFlow. An attacker must first obtain the ability to execut...

CVEs: CVE-2026-2492

Zero Day Initiative →

Zero Day Initiative CVE Feb 19

ZDI-26-115: Fortinet FortiClient VPN FCConfig Utility Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Fortinet FortiClient VPN. An attacker must first obtain the abi...

CVEs: CVE-2025-62676

Zero Day Initiative →

Zero Day Initiative CVE Feb 19

ZDI-26-114: Dassault Systèmes eDrawings Viewer EPRT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. User interaction is re...

CVEs: CVE-2026-1335

Zero Day Initiative →

Zero Day Initiative CVE Feb 19

ZDI-26-113: Dassault Systèmes eDrawings Viewer EPRT File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. User interaction is re...

CVEs: CVE-2026-1334

Zero Day Initiative →

Zero Day Initiative CVE Feb 19

ZDI-26-112: Dassault Systèmes eDrawings Viewer EPRT File Parsing Uninitialized Variable Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. User interaction is re...

CVEs: CVE-2026-1333

Zero Day Initiative →

Zero Day Initiative CVE Feb 19

ZDI-26-111: MLflow Use of Default Password Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulne...

CVEs: CVE-2026-2635

Zero Day Initiative →

Zero Day Initiative CVE Feb 19

ZDI-26-110: Bosch Rexroth IndraWorks Print Settings File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bosch Rexroth IndraWorks. User interaction is required to e...

CVEs: CVE-2025-60037 CVE-2025-60038

Zero Day Initiative →