ZDI-25-1039: (Pwn2Own) Synology BeeStation Plus auth_info Stack-based Buffer Overflow Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Synology BeeStation Plus. Authentication is not required... 04/12/2025 Zero-Day Initiative
ZDI-25-1038: NVIDIA Megatron load_common Deserialization of Untrusted Data Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of NVIDIA Megatron. User interaction is required to... 02/12/2025 Zero-Day Initiative
ZDI-25-1037: Emerson Movicon RTUSERS File Parsing Memory Corruption Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Emerson Movicon. User interaction is required to... 02/12/2025 Zero-Day Initiative
ZDI-25-1036: Tencent TFace restore_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent TFace. User interaction is required to... 02/12/2025 Zero-Day Initiative
ZDI-25-1035: Tencent TFace eval Deserialization of Untrusted Data Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent TFace. User interaction is required to... 02/12/2025 Zero-Day Initiative
ZDI-25-1034: Tencent PatrickStar merge_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent PatrickStar. User interaction is required to... 02/12/2025 Zero-Day Initiative
ZDI-25-1033: Tencent NeuralNLP-NeuralClassifier _load_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent NeuralNLP-NeuralClassifier. User interaction is required to... 02/12/2025 Zero-Day Initiative
ZDI-25-1032: Tencent MimicMotion create_pipeline Deserialization of Untrusted Data Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent MimicMotion. User interaction is required to... 02/12/2025 Zero-Day Initiative
ZDI-25-1031: Tencent MedicalNet generate_model Deserialization of Untrusted Data Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent MedicalNet. User interaction is required to... 02/12/2025 Zero-Day Initiative
ZDI-25-1030: Tencent HunyuanVideo load_vae Deserialization of Untrusted Data Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent HunyuanVideo. User interaction is required to... 02/12/2025 Zero-Day Initiative
