ZDI-25-1050: Microsoft Azure Virtual Desktop Link Following Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Azure Virtual Desktop. An attacker must first... 11/12/2025 Zero-Day Initiative
ZDI-25-1049: Microsoft Windows win32kfull Out-Of-Bounds Write Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the... 11/12/2025 Zero-Day Initiative
ZDI-25-1048: Microsoft Windows win32kfull Out-Of-Bounds Write Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the... 11/12/2025 Zero-Day Initiative
ZDI-25-1047: Microsoft Windows win32kbase Out-Of-Bounds Access Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the... 11/12/2025 Zero-Day Initiative
ZDI-25-1046: Microsoft Windows win32kfull Type Confusion Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the... 11/12/2025 Zero-Day Initiative
Fortinet Addresses Critical Vulnerabilities Impacting Multiple Fortinet Products (CVE-2025-59718 & CVE-2025-59719) Fortinet releases fixes to address two critical vulnerabilities affecting FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager. Tracked as CVE-2025-59718 and CVE-2025-59719, both... 11/12/2025 Qualys-Threat-Protect
Microsoft Patch Tuesday, December 2025 Security Update Review As the year winds down, Microsoft Patch Tuesday in December arrives with essential fixes and enhancements to close vulnerabilities and boost performance. Here’s a quick breakdown of what you need to know.... 10/12/2025 Qualys-Threat-Protect
ZDI-25-1041: NVIDIA Isaac-GR00T TorchSerializer Deserialization of Untrusted Data Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of NVIDIA Isaac-GR00T. Authentication is not required to... 05/12/2025 Zero-Day Initiative
React Server Components (RSC) Remote Code Execution Vulnerabilities On December 3rd, 2025, React disclosed a critical remote code execution (RCE) vulnerability in React Server Components (RSC), tracked as... 04/12/2025 Qualys-Threat-Protect
ZDI-25-1040: (Pwn2Own) Synology DiskStation DS925+ samlAuth Authentication Bypass Vulnerability This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Synology DiskStation DS925+ devices. Authentication is not required... 04/12/2025 Zero-Day Initiative
