Zero Day Initiative — FreeIntelHub

Zero Day Initiative CVE Mar 30

ZDI-26-239: (Pwn2Own) QNAP QHora-322 login.newAuthMiddleware.Authenticator Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of QNAP QHora-322 routers. Authentication is not required to ex...

T1556 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Linux Mar 30

ZDI-26-238: Linux Kernel AoE Driver Use-After-Free Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to exec...

T1548 T1068 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Mar 30

ZDI-26-237: (Pwn2Own) QNAP QHora-322 ip6_wanifset Improper Restriction of Communication Channel to Intended Endpoints Firewall Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass firewall rules on affected installations of QNAP QHora-322 routers. Authentication is not requ...

1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Mar 30

ZDI-26-236: Digilent DASYLab DSB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Digilent DASYLab. User interaction is required to exploit t...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Mar 30

ZDI-26-235: Digilent DASYLab DSA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Digilent DASYLab. User interaction is required to exploit t...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Mar 30

ZDI-26-234: Digilent DASYLab DSA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Digilent DASYLab. User interaction is required to exploit t...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Mar 30

ZDI-26-233: Digilent DASYLab DSA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Digilent DASYLab. User interaction is required to exploit t...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Red Hat Linux Mar 30

ZDI-26-232: (Pwn2Own) Red Hat Enterprise Linux vmwgfx Driver Integer Overflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Red Hat Enterprise Linux. An attacker must first obtain the abi...

T1548 T1068 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apple Mar 30

ZDI-26-231: Apple macOS Exposure of Sensitive Information to Unauthorized Sphere Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Apple macOS. An attacker must first obtain the abili...

1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apple Mar 30

ZDI-26-230: Apple macOS CoreMedia Framework Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this v...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Mar 30

ZDI-26-229: OpenClaw Client PKCE Verifier Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose stored credentials on affected installations of OpenClaw. User interaction is required to exploit this...

1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Mar 30

ZDI-26-228: OpenClaw Canvas Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of OpenClaw. Authentication is not required to exploit this vul...

T1556 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Mar 30

ZDI-26-227: OpenClaw Canvas Path Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenClaw. Authentication is required to exploit thi...

1 IOC

Zero Day Initiative →

Zero Day Initiative Vulnerability Disclosure Microsoft Mar 24

ZDI-26-226: (0Day) Microsoft Azure MCP AzureCliService Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Azure. Authentication is not required to exploit ...

T1190 T1059

Zero Day Initiative →

Zero Day Initiative CVE Mar 23

ZDI-26-225: (Pwn2Own) Samsung Galaxy S25 Samsung Account Open Redirect Security Bypass Vulnerability

This vulnerability allows remote attackers to bypass security on affected installations of Samsung Galaxy S25. Authentication is not required to exploit this...

1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Mar 23

ZDI-26-224: (Pwn2Own) Samsung Galaxy S25 Samsung Account Cross-Site Scripting Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary script on affected installations of Samsung Galaxy S25. Authentication is not required to exp...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Mar 23

ZDI-26-223: (Pwn2Own) Samsung Galaxy S25 Smart Touch Call Application Protection Mechanism Failure Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Samsung Galaxy S25. User interaction is required to...

1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Mar 23

ZDI-26-222: (Pwn2Own) Canon imageCLASS MF654Cdw BJNP Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF654Cdw printers. Authenticatio...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Mar 19

ZDI-26-221: GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerab...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Mar 19

ZDI-26-220: GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerab...

T1190 1 IOC

Zero Day Initiative →