WinRAR Path Traversal Vulnerability Exploited in the Wild (CVE-2025-8088) WinRAR released a security patch to address a vulnerability allowing attackers to hijack user extraction processes and plant malicious files... 12/08/2025 Qualys-Threat-Protect
Trend Micro Apex One (On-Prem) Zero-day Vulnerabilities Exploited in the Wild (CVE-2025-54948 & CVE-2025-54987) Threat actors are exploiting two vulnerabilities impacting Trend Micro Apex One (on-prem) devices. Tracked as CVE-2025-54948 & CVE-2025-54987, the vulnerabilities... 07/08/2025 Qualys-Threat-Protect
ZDI-25-824: (0Day) Microsoft Windows Theme File Parsing Improper Input Validation NTLM Relay Vulnerability This vulnerability allows remote attackers to relay NTLM credentials on affected installations of Microsoft Windows. User interaction is required to... 07/08/2025 Zero-Day Initiative
ZDI-25-823: (0Day) Microsoft Windows Theme File Parsing Improper Input Validation NTLM Relay Vulnerability This vulnerability allows remote attackers to relay NTLM credentials on affected installations of Microsoft Windows. User interaction is required to... 07/08/2025 Zero-Day Initiative
ZDI-25-822: (0Day) Microsoft SharePoint GetTransformer Unsafe Reflection Denial-of-Service Vulnerability This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft SharePoint. Authentication is required to... 07/08/2025 Zero-Day Initiative
ZDI-25-821: (0Day) Microsoft Windows Internet Explorer Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to... 07/08/2025 Zero-Day Initiative
ZDI-25-820: (0Day) Microsoft SharePoint IsAuthorizedType Deserialization of Untrusted Data Information Disclosure and Denial-of-Service Vulnerability This vulnerability allows remote attackers to disclose sensitive information or create a denial-of-service condition on affected installations of Microsoft SharePoint.... 07/08/2025 Zero-Day Initiative
ZDI-25-819: (0Day) Microsoft Windows NetBIOS Hostname SmartScreen Bypass Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to bypass the SmartScreen security feature on affected installations of Microsoft Windows. User interaction is... 07/08/2025 Zero-Day Initiative
ZDI-25-818: (0Day) Microsoft Windows OneDrive SmartScreen Bypass Vulnerability This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Microsoft Windows. User interaction is... 07/08/2025 Zero-Day Initiative
ZDI-25-817: (0Day) Microsoft Edge PDF NTLM Response Information Disclosure Vulnerability This vulnerability allows remote attackers to relay NTLM credentials on affected installations of Microsoft Edge. User interaction is required to... 07/08/2025 Zero-Day Initiative
