ZDI-26-249: NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability 31/03/2026
ZDI-26-248: NoMachine External Control of File Path Local Privilege Escalation Vulnerability 31/03/2026
ZDI-26-249: NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability... 31/03/2026 Zero-Day Initiative
ZDI-26-248: NoMachine External Control of File Path Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability... 31/03/2026 Zero-Day Initiative
ZDI-26-247: NoMachine External Control of File Path Arbitrary File Deletion Vulnerability This vulnerability allows local attackers to delete arbitrary files on affected installations of NoMachine. An attacker must first obtain the... 31/03/2026 Zero-Day Initiative
ZDI-26-246: (0Day) aws-mcp-server Command Injection Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit... 31/03/2026 Zero-Day Initiative
ZDI-26-245: (0Day) aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit... 31/03/2026 Zero-Day Initiative
ZDI-26-244: (Pwn2Own) QNAP QHora-322 miro_webserver_controllers_api_login_singIn Authentication Bypass Vulnerability This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of QNAP QHora-322 routers. Authentication is not required to... 31/03/2026 Zero-Day Initiative
ZDI-26-243: (Pwn2Own) QNAP TS-453E write_file_to_svr External Control of File Path Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-453E devices. Although authentication is required... 31/03/2026 Zero-Day Initiative
ZDI-26-242: (Pwn2Own) QNAP TS-453E server_handlers.pyc rr2s.kwargs Error Message Information Disclosure Vulnerability This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of QNAP TS-453E devices. Although authentication is required... 31/03/2026 Zero-Day Initiative
ZDI-26-241: (Pwn2Own) QNAP QHora-322 qvpn_db_mgr username SQL Injection Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP QHora-322 routers. Although authentication is required... 31/03/2026 Zero-Day Initiative
ZDI-26-240: (Pwn2Own) QNAP QHora-322 qvpn_db_mgr role_type Improper Neutralization of Escape Sequences Authentication Bypass Vulnerability This vulnerability allows remote attackers to bypass authentication on affected QNAP QHora-322 routers. Although authentication is required to exploit this... 31/03/2026 Zero-Day Initiative
