Zero Day Initiative — FreeIntelHub

Zero Day Initiative CVE Apr 15

ZDI-26-280: (Pwn2Own) HP DeskJet 2855e JobStatusEvent Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP DeskJet 2855e printers. Authentication is not ...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Microsoft Apr 15

ZDI-26-279: Microsoft Windows Snipping Tool Improper Input Validation Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit ...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Microsoft Apr 15

ZDI-26-278: Microsoft Windows win32kfull Improper Locking Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to...

T1548 T1068 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Microsoft Apr 15

ZDI-26-277: Microsoft Windows afd.sys Race Condition Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to...

T1548 T1068 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Microsoft Linux Apr 15

ZDI-26-276: Microsoft Windows Secure Kernel Double Free Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to...

T1548 T1068 1 IOC

Zero Day Initiative →

Zero Day Initiative Vulnerability Disclosure Microsoft Apr 15

ZDI-26-275: Microsoft Qlib _mount_nfs_uri Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Microsoft Qlib. Authentication is not required to...

T1190 T1059

Zero Day Initiative →

Zero Day Initiative Vulnerability Disclosure Microsoft Apr 15

ZDI-26-274: Microsoft Qlib fit Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Qlib. User interaction is required to exploit thi...

T1190

Zero Day Initiative →

Zero Day Initiative Vulnerability Disclosure Microsoft Apr 15

ZDI-26-273: Microsoft Olive Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Olive. User interaction is required to exploit th...

T1190

Zero Day Initiative →

Zero Day Initiative CVE Apr 15

ZDI-26-272: ATEN Unizon RpcProvider Missing Authentication Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of ATEN Unizon. Authentication is not required t...

1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apr 15

ZDI-26-271: Avast Premium Security Gen Self Protection Driver Exposed Dangerous Function Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the abili...

T1548 T1068 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Trend Micro Apr 15

ZDI-26-270: TrendAI Apex One Console Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One. Authentication is not required to exp...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Trend Micro Apr 15

ZDI-26-269: TrendAI Apex One Console Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One. Authentication is not required to exp...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apr 15

ZDI-26-268: Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Samsung MagicINFO 9 Server. An attacker must first obtain the a...

T1548 T1068 1 IOC

Zero Day Initiative →

Zero Day Initiative Vulnerability Disclosure Apr 15

ZDI-26-267: Malwarebytes Anti-Malware Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Anti-Malware. An attacker must first obtain the ab...

T1548 T1068

Zero Day Initiative →

Zero Day Initiative CVE Fortinet Apr 15

ZDI-26-266: Fortinet FortiWeb cat_cgi_paths Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiWeb. Authentication is required to exploit th...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Fortinet Apr 15

ZDI-26-265: Fortinet FortiWeb cgi_buf_alloc Integer Overflow Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Fortinet FortiWeb. Authentication is required...

1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Adobe Apr 15

ZDI-26-264: Adobe ColdFusion fetchCFSettingFile Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe ColdFusion. Authentication is not required to...

1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Adobe Apr 15

ZDI-26-263: Adobe ColdFusion subscribeToEndpoints Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Adobe ColdFusion. Authentication is not required to exploit ...

T1556 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Adobe Apr 15

ZDI-26-262: Adobe ColdFusion deleteVersion Directory Traversal Arbitrary File Deletion Vulnerability

This vulnerability allows remote attackers to delete arbitrary files on affected installations of Adobe ColdFusion. Although authentication is required to ex...

1 IOC

Zero Day Initiative →

Zero Day Initiative Vulnerability Disclosure Docker Apr 15

ZDI-26-261: (0Day) Docker Desktop credentialHelper Directory Traversal Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. An attacker must first obtain the ability to es...

T1548

Zero Day Initiative →