Cisco Addresses Remote Code Execution Vulnerabilities in Unified Contact Center Express (CVE-2025-20354 & CVE-2025-20358) Cisco Unified CCX is vulnerable to two security vulnerabilities that could allow an unauthenticated, remote attacker to upload arbitrary files, bypass authentication,... 07/11/2025 Qualys-Threat-Protect
ZDI-25-984: Alibaba Cloud Workspace Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Alibaba Cloud Workspace Client. An attacker must first... 31/10/2025 Zero-Day Initiative
ZDI-25-983: evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of evernote-mcp-server. An attacker must first obtain the ability... 31/10/2025 Zero-Day Initiative
ZDI-25-982: oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of oobabooga text-generation-webui. Authentication is not required to... 31/10/2025 Zero-Day Initiative
ZDI-25-981: oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of oobabooga text-generation-webui. Authentication is not required to... 31/10/2025 Zero-Day Initiative
ZDI-25-980: Heimdall Data Database Proxy Cross-Site Scripting Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Heimdall Data Database Proxy. Minimal user interaction... 31/10/2025 Zero-Day Initiative
ZDI-25-979: Netgate pfSense CE Suricata Path Traversal Remote Code Execution Vulnerability This vulnerability allows remote attackers to create arbitrary files on affected installations of Netgate pfSense. Authentication is required to exploit... 31/10/2025 Zero-Day Initiative
ZDI-25-978: GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit... 30/10/2025 Zero-Day Initiative
ZDI-25-977: Delta Electronics ASDA-Soft PAR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics ASDA-Soft. User interaction is required... 30/10/2025 Zero-Day Initiative
ZDI-25-976: Delta Electronics ASDA-Soft PAR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics ASDA-Soft. User interaction is required... 30/10/2025 Zero-Day Initiative
