ZDI-25-962: Oracle VirtualBox VMSVGA Integer Overflow Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the... 28/10/2025 Zero-Day Initiative
ZDI-25-961: Oracle VirtualBox USB Use-After-Free Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the... 28/10/2025 Zero-Day Initiative
ZDI-25-960: Oracle VirtualBox VMSVGA Stack-based Buffer Overflow Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the... 28/10/2025 Zero-Day Initiative
ZDI-25-959: Oracle VirtualBox VMSVGA Integer Underflow Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the... 28/10/2025 Zero-Day Initiative
ZDI-25-958: Oracle VirtualBox VMSVGA Out-Of-Bounds Read Information Disclosure Vulnerability This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain... 28/10/2025 Zero-Day Initiative
Adobe Magento Improper Input Validation Vulnerability Exploited in Attack (CVE-2025-54236) Security experts from e-commerce security firm Sansec have discovered that threat attackers are actively exploiting a vulnerability in Adobe Commerce and... 25/10/2025 Qualys-Threat-Protect
Oracle Critical Patch Update, October 2025 Security Update Review Oracle released its third quarterly edition of this year’s Critical Patch Update. The update received patches for 374 security vulnerabilities.... 23/10/2025 Qualys-Threat-Protect
F5 BIG-IP Source Code Leaked in State-Linked Cyberattack (BRICKSTORM Malware) F5 Networks warned its users about a widespread cyberattack that compromised its systems and led to the theft of BIG-IP... 17/10/2025 Qualys-Threat-Protect
ZDI-25-956: (0Day) Ashlar-Vellum Cobalt CO File Parsing Use-After-Free Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to... 17/10/2025 Zero-Day Initiative
ZDI-25-955: (0Day) Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to... 17/10/2025 Zero-Day Initiative
