Deepanshu Jha | Secure Cyber Vulnerability Management

ZDI-25-1098: Fortinet FortiSandbox hcproxy Cross-Site Scripting Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiSandbox. Minimal user interaction is required...

17/12/2025

Zero-Day Initiative

ZDI-25-1097: Fortinet FortiSandbox name Parameter Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiSandbox. Authentication is required to exploit...

17/12/2025

Zero-Day Initiative

ZDI-25-1096: Fortinet FortiSandbox upload_vdi_file Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiSandbox. Authentication is required to exploit...

17/12/2025

Zero-Day Initiative

ZDI-25-1095: Fortinet FortiSandbox names admindel_confirm Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiSandbox. Authentication is required to exploit...

17/12/2025

Zero-Day Initiative

ZDI-25-1094: Fortinet FortiWeb ApacheCookie_parse Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Fortinet FortiWeb. Authentication is not required to exploit...

17/12/2025

Zero-Day Initiative

Apple Warns of Zero-day Vulnerability Exploited in Attack (CVE-2025-43529)

Apple issued security updates for iOS, iPadOS, macOS, and its Safari web browser to address a vulnerability being exploited in the wild. Tracked as CVE-2025-43529, the use-after-free vulnerability exists in WebKit. An attacker may exploit the vulnerability by...

17/12/2025

Qualys-Threat-Protect

React Server Components Multiple Vulnerabilities (CVE-2025-55184, CVE-2025-67779, & CVE-2025-55183)

React Server Components (RSC) are vulnerable to two high-severity and one medium-severity vulnerabilities, tracked as CVE-2025-55183, CVE-2025-55184, and CVE-2025-67779. CVE-2025-55184 and CVE-2025-67779 can lead to denial-of-service attacks, while CVE-2025-55183 exposes...

16/12/2025

Qualys-Threat-Protect

CISA Warns Actively Exploited GeoServer Unauthenticated XML XXE Vulnerability (CVE-2025-58360)

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an OSGeo GeoServer vulnerability to its Known Exploited Vulnerabilities Catalog, acknowledging the active exploitation of the vulnerability. Tracked as...

16/12/2025

Qualys-Threat-Protect

ZDI-25-1093: (0Day) PDFsam Enhanced Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows phyiscally-present attackers to escalate privileges on affected installations of PDFsam Enhanced. An attacker must first obtain the...

12/12/2025

Zero-Day Initiative

ZDI-25-1092: (0Day) PDFsam Enhanced XLS File Insufficient UI Warning Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDFsam Enhanced. User interaction is required to...

12/12/2025

Zero-Day Initiative