ZDI-25-311: (Pwn2Own) Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to... 30/05/2025 Zero-Day Initiative
ZDI-25-310: Linux Kernel ksmbd Session Setup Null Pointer Dereference Denial-of-Service Vulnerability This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Linux Kernel. Authentication is not required... 30/05/2025 Zero-Day Initiative
Invision Community Remote Code Execution Vulnerability (CVE-2025-47916) A critical remote code execution vulnerability (CVE-2025-47916) in the Invision Community has come to light. The vulnerability may allow attackers to... 29/05/2025 Qualys-Threat-Protect
ZDI-25-309: (Pwn2Own) Canon imageCLASS MF656Cdw sfpcmAuthenticateSecAdmin Stack-based Buffer Overflow Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF656Cdw printers. Authentication is not... 29/05/2025 Zero-Day Initiative
vBulletin Remote Code Execution Vulnerabilities Exploited in the Wild (CVE-2025-48827 & CVE-2025-48828) Security researchers at Karma(In)Security discovered two unauthenticated remote code execution vulnerabilities in VBulletin, a popular commercial forum solution. Tracked as CVE-2025-48828,... 29/05/2025 Qualys-Threat-Protect
Versa Concerto Zero-day Remote Code Execution Vulnerabilities (CVE-2025-34025, CVE-2025-34026, & CVE-2025-34027) Security researchers at Project Discovery discovered two critical zero-day vulnerabilities in Versa Concerto, a popular SD-WAN and network orchestration platform.... 23/05/2025 Qualys-Threat-Protect
CISA Warns of Ivanti EPMM Unauthenticated Remote Code Execution Vulnerabilities (CVE-2025-4427 & CVE-2025-4428) Ivanti released security updates to address two high security vulnerabilities impacting its Endpoint Manager Mobile (EPMM). Tracked as CVE-2025-4427 and... 21/05/2025 Qualys-Threat-Protect
ZDI-25-308: Adobe Dreamweaver V8 Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dreamweaver. User interaction is required to... 21/05/2025 Zero-Day Initiative
ZDI-25-307: Linux Kernel OpenvSwitch Out-Of-Bounds Read Information Disclosure Vulnerability This vulnerability allows local attackers to disclose sensitive information on affected installations of Linux Kernel. An attacker must first obtain... 21/05/2025 Zero-Day Initiative
ZDI-25-306: Docker Desktop Helper Service Link Following Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. An attacker must first obtain the... 21/05/2025 Zero-Day Initiative