CISA Warns Actively Exploited GeoServer Unauthenticated XML XXE Vulnerability (CVE-2025-58360) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an OSGeo GeoServer vulnerability to its Known Exploited Vulnerabilities Catalog, acknowledging the active exploitation of the vulnerability. Tracked as... 16/12/2025 Qualys-Threat-Protect
ZDI-25-1093: (0Day) PDFsam Enhanced Uncontrolled Search Path Element Local Privilege Escalation Vulnerability This vulnerability allows phyiscally-present attackers to escalate privileges on affected installations of PDFsam Enhanced. An attacker must first obtain the... 12/12/2025 Zero-Day Initiative
ZDI-25-1092: (0Day) PDFsam Enhanced XLS File Insufficient UI Warning Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDFsam Enhanced. User interaction is required to... 12/12/2025 Zero-Day Initiative
ZDI-25-1091: (0Day) PDFsam Enhanced Launch Insufficient UI Warning Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDFsam Enhanced. User interaction is required to... 12/12/2025 Zero-Day Initiative
ZDI-25-1090: (0Day) PDFsam Enhanced DOC File Insufficient UI Warning Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDFsam Enhanced. User interaction is required to... 12/12/2025 Zero-Day Initiative
ZDI-25-1089: (0Day) PDFsam Enhanced App Out-Of-Bounds Read Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDFsam Enhanced. User interaction is required to... 12/12/2025 Zero-Day Initiative
ZDI-25-1088: (0Day) Soda PDF Desktop Launch Insufficient UI Warning Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required... 12/12/2025 Zero-Day Initiative
ZDI-25-1087: (0Day) Soda PDF Desktop Word File Insufficient UI Warning Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required... 12/12/2025 Zero-Day Initiative
ZDI-25-1086: (0Day) Soda PDF Desktop CBZ File Parsing Directory Traversal Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required... 12/12/2025 Zero-Day Initiative
ZDI-25-1085: (0Day) Soda PDF Desktop XLS File Insufficient UI Warning Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required... 12/12/2025 Zero-Day Initiative
