ZDI-25-311: (Pwn2Own) Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to... 30/05/2025 Zero-Day Initiative
ZDI-25-310: Linux Kernel ksmbd Session Setup Null Pointer Dereference Denial-of-Service Vulnerability This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Linux Kernel. Authentication is not required... 30/05/2025 Zero-Day Initiative
Invision Community Remote Code Execution Vulnerability (CVE-2025-47916) A critical remote code execution vulnerability (CVE-2025-47916) in the Invision Community has come to light. The vulnerability may allow attackers to... 29/05/2025 Qualys-Threat-Protect
ZDI-25-309: (Pwn2Own) Canon imageCLASS MF656Cdw sfpcmAuthenticateSecAdmin Stack-based Buffer Overflow Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF656Cdw printers. Authentication is not... 29/05/2025 Zero-Day Initiative
vBulletin Remote Code Execution Vulnerabilities Exploited in the Wild (CVE-2025-48827 & CVE-2025-48828) Security researchers at Karma(In)Security discovered two unauthenticated remote code execution vulnerabilities in VBulletin, a popular commercial forum solution. Tracked as CVE-2025-48828,... 29/05/2025 Qualys-Threat-Protect
Versa Concerto Zero-day Remote Code Execution Vulnerabilities (CVE-2025-34025, CVE-2025-34026, & CVE-2025-34027) Security researchers at Project Discovery discovered two critical zero-day vulnerabilities in Versa Concerto, a popular SD-WAN and network orchestration platform.... 23/05/2025 Qualys-Threat-Protect
CISA Warns of Ivanti EPMM Unauthenticated Remote Code Execution Vulnerabilities (CVE-2025-4427 & CVE-2025-4428) Ivanti released security updates to address two high security vulnerabilities impacting its Endpoint Manager Mobile (EPMM). Tracked as CVE-2025-4427 and... 21/05/2025 Qualys-Threat-Protect
ZDI-25-308: Adobe Dreamweaver V8 Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dreamweaver. User interaction is required to... 21/05/2025 Zero-Day Initiative
ZDI-25-307: Linux Kernel OpenvSwitch Out-Of-Bounds Read Information Disclosure Vulnerability This vulnerability allows local attackers to disclose sensitive information on affected installations of Linux Kernel. An attacker must first obtain... 21/05/2025 Zero-Day Initiative
ZDI-25-305: Apple XNU kernel vm_map Race Condition Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the... 21/05/2025 Zero-Day Initiative
