Zero Day Initiative — FreeIntelHub

Zero Day Initiative CVE Docker Apr 23

ZDI-26-299: Docker Desktop Enhanced Container Isolation Exposed Dangerous Function Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. An attacker must first obtain the ability to ex...

T1548 T1068 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apr 23

ZDI-26-298: Siemens SINEC NMS Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Siemens SINEC NMS. Authentication is not required to exploit...

T1556 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apr 23

ZDI-26-297: Siemens SINEC NMS Improper Authentication Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Siemens SINEC NMS. Authentication is required to exploit this ...

T1548 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apr 23

ZDI-26-296: Delta Electronics ASDA-Soft PAR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics ASDA-Soft. User interaction is required t...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative Vulnerability Disclosure Apr 21

ZDI-26-295: (0Day) PublicCMS getXml Server-Side Request Forgery Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PublicCMS. Authentication is not required to exploi...

Zero Day Initiative →

Zero Day Initiative Vulnerability Disclosure Microsoft Apr 21

ZDI-26-294: (0Day) Microsoft Windows library-ms NTLM Response Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is re...

Zero Day Initiative →

Zero Day Initiative Vulnerability Disclosure Microsoft Apr 21

ZDI-26-293: (0Day) Microsoft Office URI Handler NTLM Response Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose NTLM responses on affected installations of Microsoft Office. User interaction is required to exploit ...

Zero Day Initiative →

Zero Day Initiative CVE Amazon Apr 21

ZDI-26-245: (0Day) aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit t...

T1190 T1059 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apr 15

ZDI-26-292: QNAP TS-453E QVRPro excpostgres Exposed Dangerous Method Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-453E devices. Authentication is not requi...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apr 15

ZDI-26-291: NI LabVIEW LVCLASS File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI LabVIEW. User interaction is required to exploit this vu...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apr 15

ZDI-26-290: NI LabVIEW LVLIB File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI LabVIEW. User interaction is required to exploit this vu...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Linux Apr 15

ZDI-26-289: Linux Kernel ETS Scheduler Race Condition Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to exec...

T1548 T1068 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apr 15

ZDI-26-288: DriveLock Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of DriveLock. Authentication is required to exploit th...

1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apr 15

ZDI-26-287: DriveLock Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of DriveLock. Authentication is not required to exploi...

1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apr 15

ZDI-26-286: DriveLock SQL Injection Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of DriveLock. Authentication is required to exploit this vulnerab...

T1548 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apr 15

ZDI-26-285: DriveLock Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of DriveLock. Authentication is not required to exploi...

1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apr 15

ZDI-26-284: DriveLock Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of DriveLock. Authentication is not required to exploi...

1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apr 15

ZDI-26-283: GStreamer qtdemux Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exp...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apr 15

ZDI-26-282: GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerab...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Microsoft Apr 15

ZDI-26-281: Microsoft vcpkg OpenSSL Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on applications built using the Microsoft vcpkg port of OpenSSL. An attacker must first obta...

T1548 T1068 1 IOC

Zero Day Initiative →