ZDI Advisories
1275 advisoriesZero Day Initiative vulnerability advisories – published disclosures and upcoming publications.
GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability
A high-severity remote code execution vulnerability (CVE-2026-4154) affects GIMP and allows attackers to execute arbitrary code if a user opens a…
GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability
GIMP contains a remote code execution vulnerability (CVE-2026-4151) that allows attackers to execute arbitrary code if a user opens a malicious file…
GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability
GIMP contains a remote code execution vulnerability (CVE-2026-4150) with a CVSS score of 7.8 that allows attackers to execute arbitrary code when a…
GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
GIMP contains a remote code execution vulnerability (CVE-2026-4152) with a CVSS score of 7.8 that allows attackers to execute arbitrary code when a…
QNAP TS-453E smbd domain_name Argument Injection Authentication Bypass Vulnerability
This vulnerability (CVE-2025-62847) affects QNAP TS-453E NAS devices and allows network-adjacent attackers to completely bypass authentication…
Samsung Galaxy S25 Samsung Members Security Feature Bypass Vulnerability
A medium-severity security feature bypass vulnerability affects Samsung Galaxy S25 devices, allowing remote attackers to circumvent protective…
KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
A high-severity privilege escalation vulnerability (CVE-2026-4158) has been discovered in KeePassXC that allows attackers with low-privileged code…
Delta Electronics ASDA-Soft PAR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
Delta Electronics ASDA-Soft contains a remote code execution vulnerability (CVE-2026-1361) rated 7.8 HIGH, which attackers can exploit by tricking…
Samsung Galaxy S25 Samsung Members Open Redirect Security Bypass Vulnerability
A medium-severity security bypass vulnerability exists in Samsung Galaxy S25 devices that allows remote attackers to circumvent security controls…
QNAP TS-453E conn_log_tool Format String Remote Code Execution Vulnerability
A network-adjacent attacker can execute arbitrary code on QNAP TS-453E NAS devices (CVE-2025-62848) by bypassing the authentication mechanism,…
Canon imageCLASS MF654Cdw TTF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Canon imageCLASS MF654Cdw printers contain a critical vulnerability (CVE-2025-14235) that allows network-adjacent attackers to execute arbitrary code…
Canon imageCLASS MF654Cdw XML SOAP Request Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
A critical remote code execution vulnerability (CVE-2025-14231) has been discovered in Canon imageCLASS MF654Cdw printers, allowing unauthenticated…
QNAP TS-453E Hyper Data Protector Plugin query_original_file_size SQL Injection Remote Code Execution Vulnerability
A critical vulnerability in QNAP TS-453E NAS devices (CVE-2025-59389) allows network-adjacent attackers to execute arbitrary code by bypassing the…
Canon imageCLASS MF654Cdw PJCC Request Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
Canon imageCLASS MF654Cdw printers contain a critical remote code execution vulnerability (CVE-2025-14234) that allows network-adjacent attackers to…
VMware ESXi VMCI Integer Underflow Local Privilege Escalation Vulnerability
VMware ESXi is vulnerable to a local privilege escalation attack (CVE-2025-41237) rated as HIGH severity with a CVSS score of 8.2, requiring…
QNAP TS-453E Hyper Data Protector Plugin Hard-Coded Credentials Authentication Bypass Vulnerability
A medium-severity authentication bypass vulnerability (CVE-2025-59388) affects QNAP TS-453E NAS devices, allowing network-adjacent attackers to gain…
Linux Kernel nf_tables_newset Out-Of-Bounds Write Information Disclosure Vulnerability
This vulnerability in the Linux Kernel allows local attackers to read sensitive information on affected systems, but requires them to already have…
Linux Kernel nf_tables Use-After-Free Privilege Escalation Vulnerability
CVE-2022-32250 is a privilege escalation vulnerability in the Linux Kernel that allows local attackers with low-privileged code execution to escalate…
ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability
ChargePoint Home Flex charging stations contain a high-severity vulnerability (CVE-2026-4155, CVSS 7.5) that allows unauthenticated remote attackers…
QNAP TS-453E nvrlog_event_add msg SQL Injection Remote Code Execution Vulnerability
A high-severity remote code execution vulnerability (CVE-2025-62849) affects QNAP TS-453E network-attached storage devices, allowing network-adjacent…
ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability
ChargePoint Home Flex EV chargers contain a critical vulnerability (CVE-2026-4156) that allows network-adjacent attackers to execute arbitrary code…
Canon imageCLASS MF654Cdw XPS Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2025-14232 is a critical remote code execution vulnerability affecting Canon imageCLASS MF654Cdw printers that allows unauthenticated,…
ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability
ChargePoint Home Flex devices contain a critical vulnerability (CVE-2026-4157) that allows unauthenticated, network-adjacent attackers to execute…
QNAP TS-453E malware_remover Code Injection Remote Code Execution Vulnerability
A critical unauthenticated remote code execution vulnerability (CVE-2025-11837) has been identified in QNAP TS-453E NAS devices, allowing…
Canon imageCLASS MF654Cdw dtdc_addr_importSub Stack-based Buffer Overflow Remote Code Execution Vulnerability
Canon imageCLASS MF654Cdw printers contain a network-based vulnerability (CVE-2025-14236) that allows unauthenticated attackers to execute arbitrary…
Synology DiskStation Manager Netatalk Library Buffer Overflow Remote Code Execution Vulnerability
Synology DiskStation Manager contains a critical remote code execution vulnerability (CVE-2022-45188) with a CVSS score of 9.8 that requires no…
Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability
The Sonos Era 300 speaker contains a critical remote code execution vulnerability (CVE-2026-4149) that allows unauthenticated attackers to execute…
Microsoft Exchange InterceptorSmtpAgent Improper Input Validation Security Feature Bypass Vulnerability
A medium-severity vulnerability (CVE-2026-21527) in Microsoft Exchange allows unauthenticated remote attackers to bypass a security feature,…
Canon imageCLASS MF654Cdw TTF Parsing Integer Overflow Remote Code Execution Vulnerability
A critical vulnerability (CVE-2025-14237) in Canon imageCLASS MF654Cdw printers allows unauthenticated attackers on the network to execute arbitrary…
VMware Workstation PVSCSI Heap-based Buffer Overflow Local Privilege Escalation Vulnerability
CVE-2025-41238 is a privilege escalation vulnerability in VMware Workstation with a high severity rating of 8.2 that allows local attackers to gain…