Skip to content

Secure Cyber Vulnerability Management

  • Home
  • About Us
  • Our Services
  • Privacy Policy
  • Home
  • About Us
  • Our Services
  • Privacy Policy
09/07/2026
Zero-Day Initiative

ZDI-26-398: (0Day) (Pwn2Own) Lorex 2K Indoor Wi-Fi Security Camera CDeviceOperator Format String Remote Code Execution Vulnerability

by Deepanshu Jha
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5.
  • Next ZDI-26-399: (0Day) (Pwn2Own) Lorex 2K Indoor Wi-Fi Security Camera Device Management Server Improper Certificate Validation Vulnerability
  • Previous Adobe Releases Patches for ColdFusion Critical Vulnerabilities

Comments are closed.

You may also like

ZDI-25-722: (0Day) Ashlar-Vellum Cobalt XE File Parsing Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to...

31/07/2025
Zero-Day Initiative

ZDI-25-833: NVIDIA Transformers4Rec load_model_trainer_states_from_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NVIDIA Transformers4Rec. User interaction is required to...

14/08/2025
Zero-Day Initiative
Secure Cyber Vulnerability Management

Secure Cyber Vulnerability Management © 2026. All Rights Reserved.