ZDI-25-898: Delta Electronics COMMGR Stack-based Buffer Overflow Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics COMMGR. An attacker must first... 19/09/2025 Zero-Day Initiative
ZDI-25-897: Avira Prime Link Following Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Avira Prime. An attacker must first obtain the... 19/09/2025 Zero-Day Initiative
Another Zero-day Vulnerability impacting Google Chrome (CVE-2025-10585) On Wednesday, Google rolled out security updates for a Chrome vulnerability actively exploited in the wild. Tracked as CVE-2025-10585, the vulnerability is... 19/09/2025 Qualys-Threat-Protect
ZDI-25-896: Wondershare Repairit SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability This vulnerability allows remote attackers to bypass authentication on Wondershare Repairit. Authentication is not required to exploit this vulnerability. The... 18/09/2025 Zero-Day Initiative
ZDI-25-895: Wondershare Repairit Incorrect Permission Assignment Authentication Bypass Vulnerability This vulnerability allows remote attackers to bypass authentication on affected installations of Wondershare Repairit. Authentication is not required to exploit... 18/09/2025 Zero-Day Initiative
ZDI-25-894: Digilent WaveForms DWF3WORK File Parsing Directory Traversal Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Digilent WaveForms. User interaction is required to... 18/09/2025 Zero-Day Initiative
More than 400 npm Packages affected by the Ongoing Supply Chain Attack A malicious update to ctrl/tinycolor (2.2M weekly downloads) triggered the supply chain attack, impacting over 400 packages spanning multiple maintainers.... 18/09/2025 Qualys-Threat-Protect
ZDI-25-893: Siemens Simcenter Femap STP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required... 13/09/2025 Zero-Day Initiative
Ivanti September Security Updates Address Multiple Vulnerabilities in Popular Products Ivanti released its security bulletin for September, addressing 13 vulnerabilities. The vulnerabilities impact Ivanti Endpoint Manager, Ivanti Connect Secure, Policy... 12/09/2025 Qualys-Threat-Protect
Ivanti February Security Updates Address Multiple Vulnerabilities in Popular Products Ivanti released its security bulletin for September, addressing 13 vulnerabilities. The vulnerabilities impact Ivanti Endpoint Manager, Ivanti Connect Secure, Policy... 12/09/2025 Qualys-Threat-Protect
