Processing...

Critical vulnerabilities Week 2026-07-19

Critical Vulnerabilities pose a significant risk as they can be leveraged to carry out cyber attacks, install malware, steal sensitive data, or gain unauthorised access to systems. It's crucial for organisations and individuals to stay informed about the latest threats in order to assess their potential impact and take timely mitigating actions. If you need help with any of these, contact the HelpDesk for assistance. Cyber Security Services are also available.

Hero Image

7-Zip XZ Decompression Heap-based Buffer Overflow Remote Code Execution Vulnerability (7)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.0. The following CVEs are assigned: CVE-2026-14266.

Read More

Linux Kernel vmwgfx Integer Overflow Local Privilege Escalation Vulnerability (8.8)

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8.

Read More

Linux Kernel CAN ISO-TP Protocol Race Condition Local Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8.

Read More

dnsmasq DNS Response Heap-based Buffer Overflow Remote Code Execution Vulnerability (8.1)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of dnsmasq. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.1. The following CVEs are assigned: CVE-2026-2291.

Read More

Fuji Electric Tellus pcid64 Driver Untrusted Pointer Dereference Denial of Service Vulnerability (5.5)

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Fuji Electric Tellus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.5. The following CVEs are assigned: CVE-2026-8108.

Read More

Fuji Electric Tellus pcid64 Driver Exposed Dangerous Method Local Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of Fuji Electric Tellus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-8108.

Read More

Rockwell Automation Arena Simulation DOE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-6071.

Read More

(Pwn2Own) Autel MaxiCharger AC Elite Home WebSockets Integer Underflow Remote Code Execution Vulnerability (8.1)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Home EV chargers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.1. The following CVEs are assigned: CVE-2026-13308.

Read More

(Pwn2Own) Autel MaxiCharger AC Elite Home USB Heap-based Buffer Overflow Arbitrary Code Execution Vulnerability (6.8)

This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Home EV chargers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.8. The following CVEs are assigned: CVE-2026-13307.

Read More

(Pwn2Own) Autel MaxiCharger AC Elite Home NFC Stack-based Buffer Overflow Arbitrary Code Execution Vulnerability (6.8)

This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Home EV chargers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.8. The following CVEs are assigned: CVE-2026-13309.

Read More

(Pwn2Own) Autel MaxiCharger AC Elite Home USB Authentication Bypass Vulnerability (4.3)

This vulnerability allows physically present attackers to bypass authentication on affected installations of Autel MaxiCharger AC Elite Home EV chargers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2026-13306.

Read More

(Pwn2Own) Autel MaxiCharger AC Elite Home Software Update Improper Verification of Cryptographic Signature Arbitrary Code Execution Vulnerability (6.4)

This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Home EV chargers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.4. The following CVEs are assigned: CVE-2026-13305.

Read More

G DATA Total Security Backup Service Link Following Local Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-13268.

Read More

ASUS Business Manager Service Client-Side Authentication Local Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of ASUS Business Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-8921.

Read More

MSI Center NTIOLib_X64 Origin Validation Error Local Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of MSI Center. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-6102.

Read More

NVIDIA NeMo Framework Deserialization of Untrusted Data Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NVIDIA NeMo Framework. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-24157.

Read More

WatchGuard FireWare OS admd Stack-based Buffer Overflow Remote Code Execution Vulnerability (7.5)

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WatchGuard FireWare OS. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2026-8247.

Read More

WatchGuard FireWare OS iked ike2_hmac Null Pointer Dereference Denial-of-Service Vulnerability (5.9)

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of WatchGuard FireWare OS. Authentication is not required to exploit this vulnerability, but only systems using VPN with IKEv2 are vulnerable. The ZDI has assigned a CVSS rating of 5.9. The following CVEs are assigned: CVE-2026-13084.

Read More

OpenSSL X.509 Email Validation Out-Of-Bounds Read Information Disclosure Vulnerability (6.5)

This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenSSL. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2026-42771.

Read More

OpenSSL OCSP Stapling Verification Double Free Remote Code Execution Vulnerability (7.5)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenSSL. User interaction is required to exploit this vulnerability in that the target must make a request to a malicious server. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2026-35188.

Read More

Synology DiskStation DS925+ MailPlus Improper Restriction of Communication Channel to Intended Endpoints Vulnerability (4.3)

This vulnerability allows network-adjacent attackers to access the Redis instance on affected installations of Synology DiskStation DS925+ devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2026-13135.

Read More

Synology DiskStation DS925+ MailPlus Redis Weak Cryptography for Passwords Remote Code Execution Vulnerability (8.8)

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation DS925+ devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-15660.

Read More

Samsung rlottie Numeric Truncation Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung rlottie. Interaction with the rlottie library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-15551.

Read More

Cisco Identity Services Engine validFileNameOrPath Directory Traversal Information Disclosure Vulnerability (5.5)

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Identity Services Engine. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.5. The following CVEs are assigned: CVE-2026-20146.

Read More

Adobe Creative Cloud AGSService Incorrect Permission Assignment Local Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of Adobe Creative Cloud Desktop Application. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-48344.

Read More

Adobe Creative Cloud AdobeUpdateService Uncontrolled Search Path Element Local Privilege Escalation Vulnerability (7)

This vulnerability allows local attackers to escalate privileges on affected installations of Adobe Creative Cloud. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.0. The following CVEs are assigned: CVE-2026-48272.

Read More

Microsoft SharePoint SPFieldMultiLineText Cross-Site Scripting Vulnerability (7.3)

This vulnerability allows remote attackers to execute web requests with a target user's privileges on affected installations of Microsoft SharePoint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.3. The following CVEs are assigned: CVE-2026-55126.

Read More

Microsoft Windows ServerManager Exposed Dangerous Method Local Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-50311.

Read More

Microsoft Hyper-V netvsc Out-Of-Bounds Read Local Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Hyper-V. An attacker must first obtain the ability to execute low-privileged code within a Windows virtual machine under Hyper-V in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-54129.

Read More

Microsoft Windows WMI Providers Incorrect Authorization Local Privilege Escalation Vulnerability (7)

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.0. The following CVEs are assigned: CVE-2026-49805.

Read More

Microsoft PowerShell Help Directory Traversal Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft PowerShell. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-40400.

Read More

(Pwn2Own) Microsoft SharePoint Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability (8.1)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.1. The following CVEs are assigned: CVE-2026-50522.

Read More

(Pwn2Own) Microsoft SharePoint Deserialization of Untrusted Data Remote Code Execution Vulnerability (8.1)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.1. The following CVEs are assigned: CVE-2026-50522.

Read More

NVIDIA NVTabular Pickle File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NVIDIA NVTabular. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-24237.

Read More

NVIDIA NeMo Framework Deserialization of Untrusted Data Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NVIDIA NeMo Framework. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-24228.

Read More

X.Org Server Glamor Font Heap-based Buffer Overflow Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-55999.

Read More

X.Org Server ComputeScaledProperties Heap-based Buffer Overflow Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-56003.

Read More

X.Org Server PCF Font Parsing Heap-based Buffer Overflow Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-56002.

Read More

X.Org Server BitmapScaleBitmaps Integer Overflow Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-56001.

Read More

X.Org Server GLX Extension Use-After-Free Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-56000.

Read More

Delta Electronics DTM Soft Project File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DTM Soft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-12578.

Read More

(0Day) Ollama downloadBlob Improper Validation of Array Index Denial-of-Service Vulnerability (7.5)

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ollama. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2026-15685.

Read More

(0Day) Glarysoft Glary Utilities Link Following Local Privilege Escalation Vulnerability (7.3)

This vulnerability allows local attackers to escalate privileges on affected installations of Glarysoft Glary Utilities. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.3. The following CVEs are assigned: CVE-2026-15684.

Read More

(0Day) AnyDesk Support Information Link Following Denial-of-Service Vulnerability (4.7)

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.7. The following CVEs are assigned: CVE-2026-15682.

Read More

(0Day) AnyDesk Screen Recording Link Following Denial-of-Service Vulnerability (4.7)

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.7. The following CVEs are assigned: CVE-2026-15681.

Read More

(0Day) (Pwn2Own) Lorex 2K Indoor Wi-Fi Security Camera Device Management Server Improper Certificate Validation Vulnerability (7.5)

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. User interaction is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2026-15683.

Read More

(0Day) (Pwn2Own) Lorex 2K Indoor Wi-Fi Security Camera CDeviceOperator Format String Remote Code Execution Vulnerability (7.5)

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2026-15680.

Read More

X.Org Server CreateSaverWindow Use-After-Free Information Disclosure Vulnerability (5.5)

This vulnerability allows local attackers to disclose sensitive information on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.5. The following CVEs are assigned: CVE-2026-50263.

Read More

X.Org Server ChangeDrawableAttributes Out-Of-Bounds Read Information Disclosure Vulnerability (5.5)

This vulnerability allows local attackers to disclose sensitive information on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.5. The following CVEs are assigned: CVE-2026-50262.

Read More

X.Org Server SyncChangeCounter Use-After-Free Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-50261.

Read More

X.Org Server FreeCounter Use-After-Free Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-50260.

Read More

X.Org Server SetMap Request Stack-based Buffer Overflow Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-50259.

Read More

X.Org Server Xkb Key Types Stack-based Buffer Overflow Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-50258.

Read More

X.Org Server miSyncDestroyFence Use-After-Free Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-50257.

Read More

X.Org Server Font Alias Stack-based Buffer Overflow Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-50256.

Read More

Oracle PeopleSoft ExecuteProcessActivityCommand External Control of File Path Remote Code Execution Vulnerability (8.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle PeopleSoft. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-35273.

Read More

Oracle PeopleSoft HubMBeanPersistance Deserialization of Untrusted Data Remote Code Execution Vulnerability (7.5)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle PeopleSoft. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2026-35273.

Read More

Oracle PeopleSoft HttpListeningConnector Server-Side Request Forgery Vulnerability (9.3)

This vulnerability allows remote attackers to initiate arbitrary server-side requests on affected installations of Oracle PeopleSoft. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.3. The following CVEs are assigned: CVE-2026-35273.

Read More

Unraid Web Server ToggleState Command Injection Remote Code Execution Vulnerability (8.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-9773.

Read More

Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability (8.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-9772.

Read More

MosaicML Composer Deserialization of Untrusted Data Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of MosaicML Composer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-10043.

Read More

ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability (7.2)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2026-9779.

Read More

ATEN Unizon ImportDeviceList Directory Traversal Remote Code Execution Vulnerability (7.2)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2026-9778.

Read More

ATEN Unizon restoreDB Directory Traversal Remote Code Execution Vulnerability (7.2)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2026-9777.

Read More

ATEN Unizon writeFileToHttpServletResponse Directory Traversal Information Disclosure Vulnerability (7.5)

This vulnerability allows remote attackers to disclose sensitive information on affected installations of ATEN Unizon. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2026-9776.

Read More

ATEN Unizon uploadSSL Directory Traversal Arbitrary File Deletion Vulnerability (5.5)

This vulnerability allows remote attackers to delete arbitrary files on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.5. The following CVEs are assigned: CVE-2026-9775.

Read More

ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion Vulnerability (5.5)

This vulnerability allows remote attackers to delete arbitrary files on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.5. The following CVEs are assigned: CVE-2026-9774.

Read More

Quest NetVault Backup viewclient Cross-Site Scripting Authentication Bypass Vulnerability (8.8)

This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-7569.

Read More

Quest NetVault Backup NVBULogDaemon Command Injection Remote Code Execution Vulnerability (8.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-9787.

Read More

Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability (8.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-9786.

Read More

Quest NetVault Backup NVBULibrarySlot SQL Injection Remote Code Execution Vulnerability (8.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-9785.

Read More

Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code Execution Vulnerability (8.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-9784.

Read More

Quest NetVault Backup NVBURemovableMedia SQL Injection Remote Code Execution Vulnerability (8.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-9783.

Read More

Quest NetVault Backup NVBUDeviceDrive SQL Injection Remote Code Execution Vulnerability (8.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-9782.

Read More

Quest NetVault Backup NVBURASDevice SQL Injection Remote Code Execution Vulnerability (8.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-9781.

Read More

Quest NetVault Backup addclient3 Cross-Site Scripting Authentication Bypass Vulnerability (8.8)

This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-9780.

Read More

Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability (8.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-7570.

Read More

Fuji Electric Tellus pcid64 Driver Registry APIs Exposed Dangerous Method Local Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of Fuji Electric Tellus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-8108.

Read More

Fuji Electric Tellus pcid64 Driver File APIs Exposed Dangerous Method Arbitrary File Deletion Vulnerability (7.8)

This vulnerability allows local attackers to delete arbitrary files on affected installations of Fuji Electric Tellus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-8108.

Read More

FlowiseAI Flowise CSV Agent customReadCSV Code Injection Remote Code Execution Vulnerability (8.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Flowise. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-41137.

Read More

FlowiseAI Flowise CSV Agent Prompt Injection Remote Code Execution Vulnerability (9.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Flowise. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2026-41264.

Read More

Docker MCP Plugin OCI Image Label Parsing Argument Injection Remote Code Execution Vulnerability (8.6)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Docker MCP Plugin. User interaction is required to exploit this vulnerability in that the target must reference a malicious Docker image via a docker URI scheme. The ZDI has assigned a CVSS rating of 8.6. The following CVEs are assigned: CVE-2026-55887.

Read More

Oracle VirtualBox VMSVGA Stack-based Buffer Overflow Local Privilege Escalation Vulnerability (7.5)

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2026-46873.

Read More

Adobe Acrobat Reader DC Field signatureInfo Use-After-Free Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-27278.

Read More

MATE Desktop Atril Document Viewer EPUB File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of MATE Desktop Atril Document Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-52849.

Read More

Samsung rlottie Numeric Truncation Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung rlottie. Interaction with the rlottie library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-8916.

Read More

Allegra downloadAttachment Cross-Site Scripting Authentication Bypass Vulnerability (4.6)

This vulnerability allows remote attackers to execute arbitrary script on affected installations of Allegra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 4.6. The following CVEs are assigned: CVE-2026-11443.

Read More

Allegra exportReport Directory Traversal Information Disclosure Vulnerability (6.5)

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2026-11442.

Read More

Apache HTTP Server mod_proxy_ajp Out-Of-Bounds Read Information Disclosure Vulnerability (3.7)

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apache HTTP Server. An attacker must first obtain the ability to compromise an AJP backend associated with the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 3.7. The following CVEs are assigned: CVE-2026-34032.

Read More

Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-27220.

Read More

Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-47919.

Read More

Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-47918.

Read More

Adobe Acrobat Pro DC AcroForm Use-After-Free Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-47917.

Read More

Adobe USD-Fileformat-plugins Heap-based Buffer Overflow Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe USD-Fileformat-plugins. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-48292.

Read More

Adobe USD-Fileformat-plugins Heap-based Buffer Overflow Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe USD-Fileformat-plugins. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-48291.

Read More

Adobe Acrobat Pro DC Annots.api Use-After-Free Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-47915.

Read More

Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-47914.

Read More

Adobe Acrobat Reader DC Multimedia Rendition Use-After-Free Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-47913.

Read More

Adobe Acrobat Reader DC Annotation Use-After-Free Information Disclosure Vulnerability (3.3)

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2026-47924.

Read More

Adobe Acrobat Reader DC Font Handling Use-After-Free Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-47912.

Read More

Adobe Acrobat Reader DC Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability (3.3)

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2026-47923.

Read More

Adobe Acrobat Reader DC TIF File Parsing Integer Overflow Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-47911.

Read More

Progress Software Kemp LoadMaster apiuser Uninitialized Memory Remote Code Execution Vulnerability (9.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2026-8037.

Read More

Progress Software Kemp LoadMaster dolistapikeys Uninitialized Memory Remote Code Execution Vulnerability (7.2)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2026-8037.

Read More

Progress Software Kemp LoadMaster dodelapikey Uninitialized Memory Remote Code Execution Vulnerability (8.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-8037.

Read More

Microsoft Windows Narrator Braille Support brlapi Exposed Dangerous Function Local Privilege Escalation Vulnerability (7)

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Additionally, Braille support for Narrator must be installed. The ZDI has assigned a CVSS rating of 7.0. The following CVEs are assigned: CVE-2026-48565.

Read More

NVIDIA Transformers4Rec Model.load Deserialization of Untrusted Data Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NVIDIA Transformers4Rec. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-24162.

Read More

X.Org Server CheckKeyTypes Buffer Overflow Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-34003.

Read More

X.Org Server CheckKeyActions Out-Of-Bounds Read Information Disclosure Vulnerability (6.1)

This vulnerability allows local attackers to disclose sensitive information on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.1. The following CVEs are assigned: CVE-2026-34002.

Read More

X.Org Server SyncAwaitFence Use-After-Free Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-34001.

Read More

X.Org Server CheckSetGeom Out-Of-Bounds Read Information Disclosure Vulnerability (6.1)

This vulnerability allows local attackers to disclose sensitive information on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.1. The following CVEs are assigned: CVE-2026-34000.

Read More

X.Org Server XkbSetCompatMap Integer Underflow Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-33999.

Read More

QEMU calc_image_hostmem Integer Overflow Local Privilege Escalation Vulnerability (8.8)

This vulnerability allows local attackers to escalate privileges on affected installations of QEMU. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-3886.

Read More

(Pwn2Own) Microsoft Edge Feedback Log File Handling Directory Traversal Remote Code Execution Vulnerability (7.5)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2026-45495.

Read More

(Pwn2Own) Microsoft Edge Navigation Handling Universal Cross-Site Scripting Vulnerability (5)

This vulnerability allows remote attackers to execute arbitrary cross-origin script on affected installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 5.0. The following CVEs are assigned: CVE-2026-45494.

Read More

(Pwn2Own) Microsoft Edge Origin Validation Error Security Bypass Vulnerability (4.3)

This vulnerability allows remote attackers to access restricted functionality on affected installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2026-45492.

Read More

ASUS MyASUS Origin Validation Error Local Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of ASUS MyASUS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-7480.

Read More

Docker Desktop grpcfuse Kernel Module Uncontrolled Recursion Denial-of-Service Vulnerability (6.5)

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Docker Desktop. An attacker must first obtain the ability to execute low-privileged code within a container on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2026-8936.

Read More

TrendAI Vision One Security Agent Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of TrendAI Vision One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-45208.

Read More

TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of TrendAI Vision One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-45207.

Read More

TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of TrendAI Vision One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-45206.

Read More

TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of TrendAI Vision One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-34930.

Read More

TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of TrendAI Vision One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-34929.

Read More

TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of TrendAI Vision One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-34928.

Read More

TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of TrendAI Vision One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-34927.

Read More

Progress Software Kemp LoadMaster addcountry Command Injection Remote Code Execution Vulnerability (8.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-3517.

Read More

Progress Software Kemp LoadMaster ssodomain_killsession Command Injection Remote Code Execution Vulnerability (8.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-3518.

Read More

Siemens Simcenter Femap IPT File Parsing Memory Corruption Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-12659.

Read More

Siemens Simcenter Femap IPT File Parsing Memory Corruption Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-12659.

Read More

Apple macOS USD Out-Of-Bounds Read Information Disclosure Vulnerability (3.3)

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2026-28941.

Read More

Apple macOS USD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-28940.

Read More

Apple Safari Regular Expression Duplicate Named Groups Heap-based Buffer Overflow Remote Code Execution Vulnerability (8.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-28847.

Read More

Apple Safari Web Inspector WebCore Style Resolver Use-After-Free Remote Code Execution Vulnerability (7.5)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2026-28955.

Read More

Apple macOS CoreSymbolication Out-Of-Bounds Read Information Disclosure Vulnerability (3.3)

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the CoreSymbolication framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2026-28918.

Read More

Microsoft Windows splwow64 Race Condition Local Privilege Escalation Vulnerability (4.4)

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.4. The following CVEs are assigned: CVE-2026-34342.

Read More

Microsoft Windows Message Queueing Double Free Local Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows that run Message Queueing. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-33838.

Read More

Ivanti Endpoint Manager RemoteControlAuth Exposed Dangerous Method Information Disclosure Vulnerability (4.9)

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Endpoint Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 4.9. The following CVEs are assigned: CVE-2026-8109.

Read More

FlowiseAI Flowise Airtable_Agent Code Injection Remote Code Execution Vulnerability (9.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Flowise. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2026-41265.

Read More

Oracle VirtualBox SoundBlaster 16 Race Condition Local Privilege Escalation Vulnerability (7.5)

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2026-35230.

Read More

(0Day) OpenAI Codex Sandbox Escape Vulnerability (8.6)

This vulnerability allows remote attackers to bypass the sandbox on affected installations of OpenAI Codex. User interaction is required to exploit this vulnerability in that the target must use Codex to process a repository containing malicious JavaScript. The ZDI has assigned a CVSS rating of 8.6.

Read More

Foxit PDF Reader AcroForm Annotation Use-After-Free Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-5943.

Read More

Foxit PDF Reader AcroForm Signature Use-After-Free Information Disclosure Vulnerability (3.3)

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2026-5942.

Read More

Foxit PDF Reader AcroForm Signature Use-After-Free Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-5941.

Read More

Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-5940.

Read More

Flowise AccountService resetPassword Authentication Bypass Vulnerability (8.1)

This vulnerability allows remote attackers to bypass authentication on affected installations of Flowise. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.1. The following CVEs are assigned: CVE-2026-41276.

Read More

Docker Desktop Enhanced Container Isolation Exposed Dangerous Function Local Privilege Escalation Vulnerability (8.8)

This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. An attacker must first obtain the ability to execute low-privileged code within a container in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-6406.

Read More

Siemens SINEC NMS Authentication Bypass Vulnerability (7.3)

This vulnerability allows remote attackers to bypass authentication on affected installations of Siemens SINEC NMS. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.3. The following CVEs are assigned: CVE-2026-24032.

Read More

Siemens SINEC NMS Improper Authentication Privilege Escalation Vulnerability (8.8)

This vulnerability allows remote attackers to escalate privileges on affected installations of Siemens SINEC NMS. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-25654.

Read More

Delta Electronics ASDA-Soft PAR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics ASDA-Soft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-5726.

Read More

(0Day) PublicCMS getXml Server-Side Request Forgery Information Disclosure Vulnerability (8.2)

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PublicCMS. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.2.

Read More

(0Day) Microsoft Windows library-ms NTLM Response Information Disclosure Vulnerability (3.5)

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must view a folder containing malicious content. The ZDI has assigned a CVSS rating of 3.5.

Read More

(0Day) Microsoft Office URI Handler NTLM Response Information Disclosure Vulnerability (4.3)

This vulnerability allows remote attackers to disclose NTLM responses on affected installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 4.3.

Read More

QNAP TS-453E QVRPro excpostgres Exposed Dangerous Method Remote Code Execution Vulnerability (8.8)

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-453E devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-22898.

Read More

NI LabVIEW LVCLASS File Parsing Memory Corruption Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI LabVIEW. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-32861.

Read More

NI LabVIEW LVLIB File Parsing Memory Corruption Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI LabVIEW. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-32860.

Read More

Linux Kernel ETS Scheduler Race Condition Local Privilege Escalation Vulnerability (7.5)

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2025-71066.

Read More

DriveLock Directory Traversal Information Disclosure Vulnerability (6.5)

This vulnerability allows remote attackers to disclose sensitive information on affected installations of DriveLock. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2026-5492.

Read More

DriveLock Directory Traversal Information Disclosure Vulnerability (7.5)

This vulnerability allows remote attackers to disclose sensitive information on affected installations of DriveLock. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2026-5491.

Read More

DriveLock SQL Injection Privilege Escalation Vulnerability (8.8)

This vulnerability allows remote attackers to escalate privileges on affected installations of DriveLock. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-5490.

Read More

DriveLock Directory Traversal Information Disclosure Vulnerability (5.3)

This vulnerability allows remote attackers to disclose sensitive information on affected installations of DriveLock. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.3. The following CVEs are assigned: CVE-2026-5489.

Read More

DriveLock Directory Traversal Information Disclosure Vulnerability (7.5)

This vulnerability allows remote attackers to disclose sensitive information on affected installations of DriveLock. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2026-5487.

Read More

GStreamer qtdemux Stack-based Buffer Overflow Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-5056.

Read More

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-2050.

Read More

Microsoft vcpkg OpenSSL Uncontrolled Search Path Element Local Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on applications built using the Microsoft vcpkg port of OpenSSL. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-34054.

Read More

(Pwn2Own) HP DeskJet 2855e JobStatusEvent Stack-based Buffer Overflow Remote Code Execution Vulnerability (8.8)

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP DeskJet 2855e printers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-4682.

Read More

Microsoft Windows Snipping Tool Improper Input Validation Remote Code Execution Vulnerability (7.5)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2026-32183.

Read More

Microsoft Windows win32kfull Improper Locking Local Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-33104.

Read More

Microsoft Windows afd.sys Race Condition Local Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-32073.

Read More

Microsoft Windows Secure Kernel Double Free Local Privilege Escalation Vulnerability (7.5)

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2026-26179.

Read More

Microsoft Qlib _mount_nfs_uri Command Injection Remote Code Execution Vulnerability (8.8)

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Microsoft Qlib. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8.

Read More

Microsoft Qlib fit Deserialization of Untrusted Data Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Qlib. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8.

Read More

Microsoft Olive Deserialization of Untrusted Data Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Olive. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8.

Read More

ATEN Unizon RpcProvider Missing Authentication Denial-of-Service Vulnerability (7.5)

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of ATEN Unizon. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2026-5057.

Read More

Avast Premium Security Gen Self Protection Driver Exposed Dangerous Function Local Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-5424.

Read More

TrendAI Apex One Console Directory Traversal Remote Code Execution Vulnerability (9.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2025-54987.

Read More

TrendAI Apex One Console Directory Traversal Remote Code Execution Vulnerability (9.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2025-54948.

Read More

Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of Samsung MagicINFO 9 Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-25203.

Read More

Malwarebytes Anti-Malware Uncontrolled Search Path Element Local Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Anti-Malware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8.

Read More

Fortinet FortiWeb cat_cgi_paths Out-Of-Bounds Write Remote Code Execution Vulnerability (8.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiWeb. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-40688.

Read More

Fortinet FortiWeb cgi_buf_alloc Integer Overflow Denial-of-Service Vulnerability (6.5)

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Fortinet FortiWeb. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2026-39811.

Read More

Adobe ColdFusion fetchCFSettingFile Directory Traversal Information Disclosure Vulnerability (7.5)

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe ColdFusion. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2026-27305.

Read More

Adobe ColdFusion subscribeToEndpoints Authentication Bypass Vulnerability (6.5)

This vulnerability allows remote attackers to bypass authentication on affected installations of Adobe ColdFusion. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2026-27282.

Read More

Adobe ColdFusion deleteVersion Directory Traversal Arbitrary File Deletion Vulnerability (5.4)

This vulnerability allows remote attackers to delete arbitrary files on affected installations of Adobe ColdFusion. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 5.4. The following CVEs are assigned: CVE-2026-34619.

Read More

(0Day) Docker Desktop credentialHelper Directory Traversal Privilege Escalation Vulnerability (7.5)

This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. An attacker must first obtain the ability to escape the container and execute high-privileged code within the Docker Hyper-V VM in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5.

Read More

(0Day) Docker Desktop System Editor Uncontrolled Search Path Element Privilege Escalation Vulnerability (7.5)

This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. An attacker must first obtain the ability to escape the container and execute high-privileged code within the Docker Hyper-V VM in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5.

Read More

(0Day) Docker Desktop cli-plugins Incorrect Permission Assignment Local Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop for Windows. An attacker must first obtain the ability to escape the container and execute low-privileged code within the Docker Hyper-V VM in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8.

Read More

(0Day) Docker Desktop extension-manager Exposed Dangerous Function Local Privilege Escalation Vulnerability (8.2)

This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop for Windows. An attacker must first obtain the ability to execute high-privileged code within the container in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.2.

Read More

(0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-5495.

Read More

(0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-5494.

Read More

(0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-5493.

Read More

(0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-5496.

Read More

Microsoft Visual Studio Code mcp.json Command Injection Remote Code Execution Vulnerability (7.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio Code. User interaction is required to exploit this vulnerability in that the target open a malicious project. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-21518.

Read More

Mozilla Firefox IonMonkey Switch Statement Optimization Type Confusion Remote Code Execution Vulnerability (8.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-4698.

Read More

Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-3775.

Read More

Linux Kernel Analog Device Driver Improper Validation of Array Index Local Privilege Escalation Vulnerability (8.2)

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.2. The following CVEs are assigned: CVE-2026-23092.

Read More

NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-5055.

Read More

NoMachine External Control of File Path Local Privilege Escalation Vulnerability (7.8)

This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-5054.

Read More

NoMachine External Control of File Path Arbitrary File Deletion Vulnerability (7.1)

This vulnerability allows local attackers to delete arbitrary files on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.1. The following CVEs are assigned: CVE-2026-5053.

Read More

(0Day) aws-mcp-server Command Injection Remote Code Execution Vulnerability (9.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2026-5058.

Read More

(0Day) aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability (9.8)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2026-5059.

Read More