ZDI-25-317: Hewlett Packard Enterprise StoreOnce VSA deletePackages Directory Traversal Arbitrary File Deletion Vulnerability This vulnerability allows remote attackers to delete arbitrary files on affected installations of Hewlett Packard Enterprise StoreOnce VSA. Although authentication... 03/06/2025 Zero-Day Initiative
ZDI-25-316: Hewlett Packard Enterprise StoreOnce VSA Authentication Bypass Vulnerability This vulnerability allows remote attackers to bypass authentication on affected installations of Hewlett Packard Enterprise StoreOnce VSA. Authentication is not... 03/06/2025 Zero-Day Initiative
ZDI-25-315: Hewlett Packard Enterprise StoreOnce VSA queryHardwareReportLocally Command Injection Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise StoreOnce VSA. Although authentication... 03/06/2025 Zero-Day Initiative
ZDI-25-314: Hewlett Packard Enterprise StoreOnce VSA doExecute Command Injection Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise StoreOnce VSA. Although authentication... 03/06/2025 Zero-Day Initiative
ZDI-25-313: Hewlett Packard Enterprise StoreOnce VSA determineInclusionAndExtract Server-Side Request Forgery Vulnerability This vulnerability allows remote attackers to initiate arbitrary server-side requests on affected installations of Hewlett Packard Enterprise StoreOnce VSA. Authentication... 03/06/2025 Zero-Day Initiative
ZDI-25-312: Hewlett Packard Enterprise StoreOnce VSA setLocateBeaconOnHardware Command Injection Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise StoreOnce VSA. Although authentication... 03/06/2025 Zero-Day Initiative
ZDI-25-311: (Pwn2Own) Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to... 30/05/2025 Zero-Day Initiative
ZDI-25-310: Linux Kernel ksmbd Session Setup Null Pointer Dereference Denial-of-Service Vulnerability This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Linux Kernel. Authentication is not required... 30/05/2025 Zero-Day Initiative
Invision Community Remote Code Execution Vulnerability (CVE-2025-47916) A critical remote code execution vulnerability (CVE-2025-47916) in the Invision Community has come to light. The vulnerability may allow attackers to... 29/05/2025 Qualys-Threat-Protect
ZDI-25-309: (Pwn2Own) Canon imageCLASS MF656Cdw sfpcmAuthenticateSecAdmin Stack-based Buffer Overflow Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF656Cdw printers. Authentication is not... 29/05/2025 Zero-Day Initiative
