ZDI-25-626: (Pwn2Own) NVIDIA Container Toolkit Environment Variable Handling Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of NVIDIA Container Toolkit. An attacker must first obtain... 22/07/2025 Zero-Day Initiative
ZDI-25-625: Veeam Backup Enterprise Manager JobManagmentService Improper Access Control Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veeam Backup Enterprise Manager. Authentication is required... 22/07/2025 Zero-Day Initiative
ZDI-25-624: (Pwn2Own) Phoenix Contact CHARX SEC-3100 Command Injection Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is... 22/07/2025 Zero-Day Initiative
ZDI-25-623: (Pwn2Own) Phoenix Contact CHARX SEC-3150 Origin Validation Error Firewall Bypass Vulnerability This vulnerability allows network-adjacent attackers to bypass firewall rules and access another interface on affected installations of Phoenix Contact CHARX... 22/07/2025 Zero-Day Initiative
ZDI-25-622: (Pwn2Own) Phoenix Contact CHARX SEC-3150 Configuration Service Missing Authentication Vulnerability This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Phoenix Contact CHARX SEC-3150 devices. Authentication is not... 22/07/2025 Zero-Day Initiative
ZDI-25-621: (Pwn2Own) Phoenix Contact CHARX SEC-3150 DHCP Configuration Command Injection Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3150 devices. Authentication is... 22/07/2025 Zero-Day Initiative
CrushFTP Authentication Bypass Vulnerability Exploited in the Wild (CVE-2025-54309) CrushFTP warned its users about active exploitation of a zero-day vulnerability tracked as CVE-2025-54309. Successful exploitation of this vulnerability may... 22/07/2025 Qualys-Threat-Protect
Microsoft SharePoint Server Zero-day Vulnerability Exploited in the Wild (CVE-2025-53770) Microsoft released patches for an actively exploited vulnerability impacting SharePoint Server. Tracked as CVE-2025-53770, the vulnerability was part of an... 22/07/2025 Qualys-Threat-Protect
ZDI-25-620: Dassault Systèmes eDrawings Viewer JT File Parsing Use-After-Free Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. User interaction is... 18/07/2025 Zero-Day Initiative
ZDI-25-619: Dassault Systèmes eDrawings Viewer JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. User interaction is... 18/07/2025 Zero-Day Initiative
