ZDI-25-900: Apple macOS OGG Audio File Header Parsing Memory Corruption Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to... 19/09/2025 Zero-Day Initiative
ZDI-25-899: Apple macOS Audio APAC Frame Decoding Out-Of-Bounds Write Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to... 19/09/2025 Zero-Day Initiative
ZDI-25-898: Delta Electronics COMMGR Stack-based Buffer Overflow Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics COMMGR. An attacker must first... 19/09/2025 Zero-Day Initiative
ZDI-25-897: Avira Prime Link Following Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Avira Prime. An attacker must first obtain the... 19/09/2025 Zero-Day Initiative
Another Zero-day Vulnerability impacting Google Chrome (CVE-2025-10585) On Wednesday, Google rolled out security updates for a Chrome vulnerability actively exploited in the wild. Tracked as CVE-2025-10585, the vulnerability is... 19/09/2025 Qualys-Threat-Protect
ZDI-25-896: Wondershare Repairit SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability This vulnerability allows remote attackers to bypass authentication on Wondershare Repairit. Authentication is not required to exploit this vulnerability. The... 18/09/2025 Zero-Day Initiative
ZDI-25-895: Wondershare Repairit Incorrect Permission Assignment Authentication Bypass Vulnerability This vulnerability allows remote attackers to bypass authentication on affected installations of Wondershare Repairit. Authentication is not required to exploit... 18/09/2025 Zero-Day Initiative
ZDI-25-894: Digilent WaveForms DWF3WORK File Parsing Directory Traversal Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Digilent WaveForms. User interaction is required to... 18/09/2025 Zero-Day Initiative
More than 400 npm Packages affected by the Ongoing Supply Chain Attack A malicious update to ctrl/tinycolor (2.2M weekly downloads) triggered the supply chain attack, impacting over 400 packages spanning multiple maintainers.... 18/09/2025 Qualys-Threat-Protect
ZDI-25-893: Siemens Simcenter Femap STP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required... 13/09/2025 Zero-Day Initiative
