Skip to main content

ZDI Advisories

1275 advisories

Zero Day Initiative vulnerability advisories – published disclosures and upcoming publications.

ZDI-26-221 7.8 CVE-2026-4154 GIMP Mar 19, 2026

GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability

A high-severity remote code execution vulnerability (CVE-2026-4154) affects GIMP and allows attackers to execute arbitrary code if a user opens a…

ZDI-26-218 7.8 CVE-2026-4151 GIMP Mar 19, 2026

GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability

GIMP contains a remote code execution vulnerability (CVE-2026-4151) that allows attackers to execute arbitrary code if a user opens a malicious file…

ZDI-26-217 7.8 CVE-2026-4150 GIMP Mar 19, 2026

GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability

GIMP contains a remote code execution vulnerability (CVE-2026-4150) with a CVSS score of 7.8 that allows attackers to execute arbitrary code when a…

ZDI-26-219 7.8 CVE-2026-4152 GIMP Mar 19, 2026

GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

GIMP contains a remote code execution vulnerability (CVE-2026-4152) with a CVSS score of 7.8 that allows attackers to execute arbitrary code when a…

ZDI-26-216 6.3 CVE-2025-62847 QNAP Mar 17, 2026

QNAP TS-453E smbd domain_name Argument Injection Authentication Bypass Vulnerability

This vulnerability (CVE-2025-62847) affects QNAP TS-453E NAS devices and allows network-adjacent attackers to completely bypass authentication…

ZDI-26-210 5.4 CVE-2025-21079 Samsung Mar 16, 2026

Samsung Galaxy S25 Samsung Members Security Feature Bypass Vulnerability

A medium-severity security feature bypass vulnerability affects Samsung Galaxy S25 devices, allowing remote attackers to circumvent protective…

ZDI-26-215 7.3 CVE-2026-4158 KeePassXC Mar 16, 2026

KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

A high-severity privilege escalation vulnerability (CVE-2026-4158) has been discovered in KeePassXC that allows attackers with low-privileged code…

ZDI-26-211 7.8 CVE-2026-1361 Delta Mar 16, 2026

Delta Electronics ASDA-Soft PAR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Delta Electronics ASDA-Soft contains a remote code execution vulnerability (CVE-2026-1361) rated 7.8 HIGH, which attackers can exploit by tricking…

ZDI-26-209 5.0 CVE-2025-21079 Samsung Mar 16, 2026

Samsung Galaxy S25 Samsung Members Open Redirect Security Bypass Vulnerability

A medium-severity security bypass vulnerability exists in Samsung Galaxy S25 devices that allows remote attackers to circumvent security controls…

ZDI-26-199 5.5 CVE-2025-62848 QNAP Mar 16, 2026

QNAP TS-453E conn_log_tool Format String Remote Code Execution Vulnerability

A network-adjacent attacker can execute arbitrary code on QNAP TS-453E NAS devices (CVE-2025-62848) by bypassing the authentication mechanism,…

ZDI-26-206 8.8 CVE-2025-14235 Canon Mar 16, 2026

Canon imageCLASS MF654Cdw TTF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Canon imageCLASS MF654Cdw printers contain a critical vulnerability (CVE-2025-14235) that allows network-adjacent attackers to execute arbitrary code…

ZDI-26-203 8.8 CVE-2025-14231 Canon Mar 16, 2026

Canon imageCLASS MF654Cdw XML SOAP Request Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

A critical remote code execution vulnerability (CVE-2025-14231) has been discovered in Canon imageCLASS MF654Cdw printers, allowing unauthenticated…

ZDI-26-202 8.0 CVE-2025-59389 QNAP Mar 16, 2026

QNAP TS-453E Hyper Data Protector Plugin query_original_file_size SQL Injection Remote Code Execution Vulnerability

A critical vulnerability in QNAP TS-453E NAS devices (CVE-2025-59389) allows network-adjacent attackers to execute arbitrary code by bypassing the…

ZDI-26-205 8.8 CVE-2025-14234 Canon Mar 16, 2026

Canon imageCLASS MF654Cdw PJCC Request Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Canon imageCLASS MF654Cdw printers contain a critical remote code execution vulnerability (CVE-2025-14234) that allows network-adjacent attackers to…

ZDI-26-188 8.2 CVE-2025-41237 VMware Mar 16, 2026

VMware ESXi VMCI Integer Underflow Local Privilege Escalation Vulnerability

VMware ESXi is vulnerable to a local privilege escalation attack (CVE-2025-41237) rated as HIGH severity with a CVSS score of 8.2, requiring…

ZDI-26-201 6.3 CVE-2025-59388 QNAP Mar 16, 2026

QNAP TS-453E Hyper Data Protector Plugin Hard-Coded Credentials Authentication Bypass Vulnerability

A medium-severity authentication bypass vulnerability (CVE-2025-59388) affects QNAP TS-453E NAS devices, allowing network-adjacent attackers to gain…

ZDI-26-193 3.8 CVE-2022-1972 Linux Mar 16, 2026

Linux Kernel nf_tables_newset Out-Of-Bounds Write Information Disclosure Vulnerability

This vulnerability in the Linux Kernel allows local attackers to read sensitive information on affected systems, but requires them to already have…

ZDI-26-191 8.8 CVE-2022-32250 Linux Mar 16, 2026

Linux Kernel nf_tables Use-After-Free Privilege Escalation Vulnerability

CVE-2022-32250 is a privilege escalation vulnerability in the Linux Kernel that allows local attackers with low-privileged code execution to escalate…

ZDI-26-195 7.5 CVE-2026-4155 ChargePoint Mar 16, 2026

ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability

ChargePoint Home Flex charging stations contain a high-severity vulnerability (CVE-2026-4155, CVSS 7.5) that allows unauthenticated remote attackers…

ZDI-26-200 8.0 CVE-2025-62849 QNAP Mar 16, 2026

QNAP TS-453E nvrlog_event_add msg SQL Injection Remote Code Execution Vulnerability

A high-severity remote code execution vulnerability (CVE-2025-62849) affects QNAP TS-453E network-attached storage devices, allowing network-adjacent…

ZDI-26-196 7.5 CVE-2026-4156 ChargePoint Mar 16, 2026

ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability

ChargePoint Home Flex EV chargers contain a critical vulnerability (CVE-2026-4156) that allows network-adjacent attackers to execute arbitrary code…

ZDI-26-204 8.8 CVE-2025-14232 Canon Mar 16, 2026

Canon imageCLASS MF654Cdw XPS Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability

CVE-2025-14232 is a critical remote code execution vulnerability affecting Canon imageCLASS MF654Cdw printers that allows unauthenticated,…

ZDI-26-197 7.5 CVE-2026-4157 ChargePoint Mar 16, 2026

ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability

ChargePoint Home Flex devices contain a critical vulnerability (CVE-2026-4157) that allows unauthenticated, network-adjacent attackers to execute…

ZDI-26-198 8.8 CVE-2025-11837 QNAP Mar 16, 2026

QNAP TS-453E malware_remover Code Injection Remote Code Execution Vulnerability

A critical unauthenticated remote code execution vulnerability (CVE-2025-11837) has been identified in QNAP TS-453E NAS devices, allowing…

ZDI-26-207 8.8 CVE-2025-14236 Canon Mar 16, 2026

Canon imageCLASS MF654Cdw dtdc_addr_importSub Stack-based Buffer Overflow Remote Code Execution Vulnerability

Canon imageCLASS MF654Cdw printers contain a network-based vulnerability (CVE-2025-14236) that allows unauthenticated attackers to execute arbitrary…

ZDI-26-187 9.8 CVE-2022-45188 Synology Mar 16, 2026

Synology DiskStation Manager Netatalk Library Buffer Overflow Remote Code Execution Vulnerability

Synology DiskStation Manager contains a critical remote code execution vulnerability (CVE-2022-45188) with a CVSS score of 9.8 that requires no…

ZDI-26-192 10.0 CVE-2026-4149 Sonos Mar 16, 2026

Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability

The Sonos Era 300 speaker contains a critical remote code execution vulnerability (CVE-2026-4149) that allows unauthenticated attackers to execute…

ZDI-26-194 5.3 CVE-2026-21527 Microsoft Mar 16, 2026

Microsoft Exchange InterceptorSmtpAgent Improper Input Validation Security Feature Bypass Vulnerability

A medium-severity vulnerability (CVE-2026-21527) in Microsoft Exchange allows unauthenticated remote attackers to bypass a security feature,…

ZDI-26-208 8.8 CVE-2025-14237 Canon Mar 16, 2026

Canon imageCLASS MF654Cdw TTF Parsing Integer Overflow Remote Code Execution Vulnerability

A critical vulnerability (CVE-2025-14237) in Canon imageCLASS MF654Cdw printers allows unauthenticated attackers on the network to execute arbitrary…

ZDI-26-190 8.2 CVE-2025-41238 VMware Mar 16, 2026

VMware Workstation PVSCSI Heap-based Buffer Overflow Local Privilege Escalation Vulnerability

CVE-2025-41238 is a privilege escalation vulnerability in VMware Workstation with a high severity rating of 8.2 that allows local attackers to gain…

Prev Page 28 of 43 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy