Zero Day Initiative — FreeIntelHub

Zero Day Initiative CVE 2d ago

ZDI-26-251: Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to ...

T1548 T1068 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Microsoft 2d ago

ZDI-26-253: Microsoft Visual Studio Code mcp.json Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio Code. User interaction is required ...

T1190 T1059 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE 2d ago

ZDI-26-252: Mozilla Firefox IonMonkey Switch Statement Optimization Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mozilla Firefox. User interaction is required to exploit th...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Linux 4d ago

ZDI-26-250: Linux Kernel Analog Device Driver Improper Validation of Array Index Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to exec...

T1548 T1068 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apple 5d ago

ZDI-26-231: Apple macOS Exposure of Sensitive Information to Unauthorized Sphere Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Apple macOS. An attacker must first obtain the abili...

1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apple 5d ago

ZDI-26-230: Apple macOS CoreMedia Framework Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this v...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE 5d ago

ZDI-26-229: OpenClaw Client PKCE Verifier Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose stored credentials on affected installations of OpenClaw. User interaction is required to exploit this...

1 IOC

Zero Day Initiative →

Zero Day Initiative CVE 5d ago

ZDI-26-228: OpenClaw Canvas Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of OpenClaw. Authentication is not required to exploit this vul...

T1556 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE 5d ago

ZDI-26-227: OpenClaw Canvas Path Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenClaw. Authentication is required to exploit thi...

1 IOC

Zero Day Initiative →

Zero Day Initiative CVE 5d ago

ZDI-26-244: (Pwn2Own) QNAP QHora-322 miro_webserver_controllers_api_login_singIn Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of QNAP QHora-322 routers. Authentication is not requ...

T1556 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE 5d ago

ZDI-26-243: (Pwn2Own) QNAP TS-453E write_file_to_svr External Control of File Path Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-453E devices. Although authentication is ...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE 5d ago

ZDI-26-242: (Pwn2Own) QNAP TS-453E server_handlers.pyc rr2s.kwargs Error Message Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of QNAP TS-453E devices. Although authentica...

1 IOC

Zero Day Initiative →

Zero Day Initiative CVE 5d ago

ZDI-26-241: (Pwn2Own) QNAP QHora-322 qvpn_db_mgr username SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP QHora-322 routers. Although authentication is required...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE 5d ago

ZDI-26-240: (Pwn2Own) QNAP QHora-322 qvpn_db_mgr role_type Improper Neutralization of Escape Sequences Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected QNAP QHora-322 routers. Although authentication is required to exploit this v...

T1556 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE 5d ago

ZDI-26-239: (Pwn2Own) QNAP QHora-322 login.newAuthMiddleware.Authenticator Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of QNAP QHora-322 routers. Authentication is not required to ex...

T1556 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Linux 5d ago

ZDI-26-238: Linux Kernel AoE Driver Use-After-Free Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to exec...

T1548 T1068 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE 5d ago

ZDI-26-237: (Pwn2Own) QNAP QHora-322 ip6_wanifset Improper Restriction of Communication Channel to Intended Endpoints Firewall Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass firewall rules on affected installations of QNAP QHora-322 routers. Authentication is not requ...

1 IOC

Zero Day Initiative →

Zero Day Initiative CVE 5d ago

ZDI-26-236: Digilent DASYLab DSB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Digilent DASYLab. User interaction is required to exploit t...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE 5d ago

ZDI-26-235: Digilent DASYLab DSA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Digilent DASYLab. User interaction is required to exploit t...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE 5d ago

ZDI-26-234: Digilent DASYLab DSA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Digilent DASYLab. User interaction is required to exploit t...

T1190 1 IOC

Zero Day Initiative →