ZDI Advisories
722 advisoriesZero Day Initiative vulnerability advisories – published disclosures and upcoming publications.
ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability
ChargePoint Home Flex EV chargers contain a critical vulnerability (CVE-2026-4156) that allows network-adjacent attackers to execute arbitrary code…
Linux Kernel nf_tables Use-After-Free Privilege Escalation Vulnerability
CVE-2022-32250 is a privilege escalation vulnerability in the Linux Kernel that allows local attackers with low-privileged code execution to escalate…
ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability
ChargePoint Home Flex charging stations contain a high-severity vulnerability (CVE-2026-4155, CVSS 7.5) that allows unauthenticated remote attackers…
QNAP TS-453E nvrlog_event_add msg SQL Injection Remote Code Execution Vulnerability
A high-severity remote code execution vulnerability (CVE-2025-62849) affects QNAP TS-453E network-attached storage devices, allowing network-adjacent…
Canon imageCLASS MF654Cdw XPS Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2025-14232 is a critical remote code execution vulnerability affecting Canon imageCLASS MF654Cdw printers that allows unauthenticated,…
ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability
ChargePoint Home Flex devices contain a critical vulnerability (CVE-2026-4157) that allows unauthenticated, network-adjacent attackers to execute…
QNAP TS-453E malware_remover Code Injection Remote Code Execution Vulnerability
A critical unauthenticated remote code execution vulnerability (CVE-2025-11837) has been identified in QNAP TS-453E NAS devices, allowing…
Canon imageCLASS MF654Cdw dtdc_addr_importSub Stack-based Buffer Overflow Remote Code Execution Vulnerability
Canon imageCLASS MF654Cdw printers contain a network-based vulnerability (CVE-2025-14236) that allows unauthenticated attackers to execute arbitrary…
Canon imageCLASS MF654Cdw TTF Parsing Integer Overflow Remote Code Execution Vulnerability
A critical vulnerability (CVE-2025-14237) in Canon imageCLASS MF654Cdw printers allows unauthenticated attackers on the network to execute arbitrary…
Synology DiskStation Manager Netatalk Library Buffer Overflow Remote Code Execution Vulnerability
Synology DiskStation Manager contains a critical remote code execution vulnerability (CVE-2022-45188) with a CVSS score of 9.8 that requires no…
VMware Workstation PVSCSI Heap-based Buffer Overflow Local Privilege Escalation Vulnerability
CVE-2025-41238 is a privilege escalation vulnerability in VMware Workstation with a high severity rating of 8.2 that allows local attackers to gain…
VMware ESXi VMXNET3 Integer Overflow Local Privilege Escalation Vulnerability
VMware ESXi contains a privilege escalation vulnerability (CVE-2025-41236) with a CVSS score of 8.2 that allows attackers with high-privileged code…
Canon imageCLASS MF654Cdw PJCC Request Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
Canon imageCLASS MF654Cdw printers contain a critical remote code execution vulnerability (CVE-2025-14234) that allows network-adjacent attackers to…
Microsoft Exchange InterceptorSmtpAgent Improper Input Validation Security Feature Bypass Vulnerability
A medium-severity vulnerability (CVE-2026-21527) in Microsoft Exchange allows unauthenticated remote attackers to bypass a security feature,…
Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability
The Sonos Era 300 speaker contains a critical remote code execution vulnerability (CVE-2026-4149) that allows unauthenticated attackers to execute…
Delta Electronics ASDA-Soft PAR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
Delta Electronics ASDA-Soft contains a remote code execution vulnerability (CVE-2026-1361) rated 7.8 HIGH, which attackers can exploit by tricking…
QNAP TS-453E Hyper Data Protector Plugin query_original_file_size SQL Injection Remote Code Execution Vulnerability
A critical vulnerability in QNAP TS-453E NAS devices (CVE-2025-59389) allows network-adjacent attackers to execute arbitrary code by bypassing the…
Canon imageCLASS MF654Cdw XML SOAP Request Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
A critical remote code execution vulnerability (CVE-2025-14231) has been discovered in Canon imageCLASS MF654Cdw printers, allowing unauthenticated…
Canon imageCLASS MF654Cdw TTF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Canon imageCLASS MF654Cdw printers contain a critical vulnerability (CVE-2025-14235) that allows network-adjacent attackers to execute arbitrary code…
QNAP TS-453E conn_log_tool Format String Remote Code Execution Vulnerability
A network-adjacent attacker can execute arbitrary code on QNAP TS-453E NAS devices (CVE-2025-62848) by bypassing the authentication mechanism,…
Samsung Galaxy S25 Samsung Members Open Redirect Security Bypass Vulnerability
A medium-severity security bypass vulnerability exists in Samsung Galaxy S25 devices that allows remote attackers to circumvent security controls…
ATEN
ATEN is a Taiwan-based manufacturer of IT infrastructure and KVM switching solutions widely used in data centers and server environments.
Bitdefender
Bitdefender is a major cybersecurity software vendor known for antivirus and endpoint protection products.
ATEN
ATEN is a well-known manufacturer of IT infrastructure and KVM switch solutions used for data center and remote management.
Adobe
Adobe, a leading software company known for creative and document processing applications, has a high-severity local vulnerability (CVSS 7.0) that…
ATEN
ATEN is a well-known manufacturer of IT infrastructure and KVM switch products used widely in data centers and enterprise environments.
ATEN
ATEN is a manufacturer of IT infrastructure and remote management products, particularly known for KVM switches and data center management solutions.
ATEN
ATEN is a well-known manufacturer of IT infrastructure and KVM switch solutions used in data centers and enterprise environments.
ATEN
ATEN is a well-known manufacturer of IT infrastructure and KVM switch solutions used in data centers and enterprise environments.
GStreamer
GStreamer is a widely-used open-source multimedia framework used for audio and video processing across many applications and operating systems.