ZDI Advisories

GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

GIMP contains a remote code execution vulnerability (CVE-2026-2048) rated as HIGH severity with a CVSS score of 7.8 that allows attackers to execute…

Bosch Rexroth IndraWorks OPC.TestClient XML File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability

A high-severity remote code execution vulnerability (CVE-2025-60035) has been identified in Bosch Rexroth IndraWorks that allows attackers to execute…

RustDesk Client for Windows Transfer File Link Following Information Disclosure Vulnerability

RustDesk Client for Windows contains a local information disclosure vulnerability (CVE-2026-2490) that allows attackers with low-privileged code…

MLflow Use of Default Password Authentication Bypass Vulnerability

MLflow contains a critical authentication bypass vulnerability (CVE-2026-2635) with a CVSS score of 9.8 that allows unauthenticated remote attackers…

GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

GIMP contains a remote code execution vulnerability (CVE-2026-2045) with a CVSS score of 7.8 that allows attackers to execute arbitrary code if a…

Autodesk AutoCAD MODEL File Out-Of-Bounds Write Remote Code Execution Vulnerability

Autodesk AutoCAD contains a remote code execution vulnerability (CVE-2026-0875) rated CVSS 7.8 that allows attackers to execute arbitrary code if…

Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

A high-severity remote code execution vulnerability (CVE-2026-0874) exists in Autodesk AutoCAD that allows attackers to execute arbitrary code when…

Dassault Systèmes eDrawings Viewer EPRT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

A high-severity remote code execution vulnerability (CVE-2026-1284) has been discovered in Dassault Systèmes eDrawings Viewer that allows attackers…

Oracle VirtualBox VMSVGA Race Condition Local Privilege Escalation Vulnerability

Oracle VirtualBox contains a privilege escalation vulnerability (CVE-2026-21984) that allows local attackers with high-privileged code execution on a…

MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability

MLflow Tracking Server contains a remote code execution vulnerability (CVE-2026-2033) that allows unauthenticated attackers to execute arbitrary code…

Dassault Systèmes eDrawings Viewer EPRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

A high-severity remote code execution vulnerability (CVE-2026-1283) has been discovered in Dassault Systèmes eDrawings Viewer that allows attackers…

Oracle VirtualBox VMSVGA Use-After-Free Local Privilege Escalation Vulnerability

CVE-2026-21955 is a privilege escalation vulnerability affecting Oracle VirtualBox that allows local attackers with high-privilege code execution on…

Oracle VirtualBox BusLogic Uninitialized Memory Information Disclosure Vulnerability

Oracle VirtualBox contains a local information disclosure vulnerability (CVE-2026-21963) that allows attackers with high-privilege code execution on…

Oracle VirtualBox VMSVGA Heap-based Buffer Overflow Local Privilege Escalation Vulnerability

A privilege escalation vulnerability has been discovered in Oracle VirtualBox (CVE-2026-21983) that allows local attackers with high-privileged code…

Oracle VirtualBox VMSVGA Out-Of-Bounds Access Local Privilege Escalation Vulnerability

A privilege escalation vulnerability exists in Oracle VirtualBox (CVE-2026-21956) that allows attackers with high-privileged code execution on a…

Oracle VirtualBox LsiLogic Uninitialized Memory Information Disclosure Vulnerability

Oracle VirtualBox contains a local information disclosure vulnerability (CVE-2026-21985) that allows privileged attackers to access sensitive data on…

Oracle VirtualBox VMSVGA Out-Of-Bounds Write Local Privilege Escalation Vulnerability

CVE-2026-21957 is a privilege escalation vulnerability in Oracle VirtualBox that allows local attackers with high-privileged code execution on a…

Sante DICOM Viewer Pro DCM File Parsing Buffer Overflow Remote Code Execution Vulnerability

A remote code execution vulnerability (CVE-2026-2034) has been identified in Sante DICOM Viewer Pro, rated as HIGH severity with a CVSS score of 7.8.

Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

A remote code execution vulnerability (CVE-2025-13845) has been discovered in Schneider Electric EcoStruxure Power Build with a CVSS score of 7.8,…

Nagios Host zabbixagent_configwizard_func Command Injection Remote Code Execution Vulnerability

A high-severity remote code execution vulnerability exists in Nagios Host (CVE-2026-2041) that allows authenticated attackers to execute arbitrary…

GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability

GFI Archiver contains an authentication bypass vulnerability (CVE-2026-2038) that allows remote attackers to gain unauthorized access without…

GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability

GFI Archiver contains an authentication bypass vulnerability (CVE-2026-2039) that allows remote attackers to gain unauthorized access without valid…

Ivanti Endpoint Manager ROI SQL Injection Remote Code Execution Vulnerability

Ivanti Endpoint Manager contains a high-severity vulnerability (CVE-2026-1602, CVSS 7.2) that allows authenticated remote attackers to execute…

Schneider Electric EcoStruxure Power Build SSD File Parsing Use-After-Free Remote Code Execution Vulnerability

CVE-2025-13845 is a high-severity remote code execution vulnerability in Schneider Electric EcoStruxure Power Build that allows attackers to execute…

Microsoft Windows win32kfull Use-After-Free Local Privilege Escalation Vulnerability

A local privilege escalation vulnerability in Microsoft Windows (CVE-2026-21235) allows attackers with low-level code execution capabilities to gain…

Microsoft Windows searchConnector-ms NTLM Response Information Disclosure Vulnerability

This vulnerability in Microsoft Windows allows attackers to capture and disclose NTLM authentication responses, a critical component used for network…

Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

Schneider Electric EcoStruxure Power Build contains a remote code execution vulnerability (CVE-2025-13845) that allows attackers to execute arbitrary…

Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

CVE-2025-13845 is a high-severity remote code execution vulnerability in Schneider Electric EcoStruxure Power Build that requires user interaction,…

Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

A high-severity remote code execution vulnerability (CVE-2025-13845) affects Schneider Electric EcoStruxure Power Build, allowing attackers to…

Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

Schneider Electric EcoStruxure Power Build contains a remote code execution vulnerability (CVE-2025-13845) that allows attackers to execute arbitrary…