ZDI-25-965: DataChain data_storage Deserialization of Untrusted Data Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of DataChain. User interaction is required to exploit... 28/10/2025 Zero-Day Initiative
ZDI-25-964: Microsoft Windows LNK File Parsing Improper Input Validation NTLM Relay Vulnerability This vulnerability allows remote attackers to relay NTLM credentials on affected installations of Microsoft Windows. User interaction is required to... 28/10/2025 Zero-Day Initiative
ZDI-25-963: Veeam Agent for Microsoft Windows Link Following Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Veeam Agent for Microsoft Windows. An attacker must... 28/10/2025 Zero-Day Initiative
ZDI-25-962: Oracle VirtualBox VMSVGA Integer Overflow Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the... 28/10/2025 Zero-Day Initiative
ZDI-25-961: Oracle VirtualBox USB Use-After-Free Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the... 28/10/2025 Zero-Day Initiative
ZDI-25-960: Oracle VirtualBox VMSVGA Stack-based Buffer Overflow Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the... 28/10/2025 Zero-Day Initiative
ZDI-25-959: Oracle VirtualBox VMSVGA Integer Underflow Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the... 28/10/2025 Zero-Day Initiative
ZDI-25-958: Oracle VirtualBox VMSVGA Out-Of-Bounds Read Information Disclosure Vulnerability This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain... 28/10/2025 Zero-Day Initiative
Adobe Magento Improper Input Validation Vulnerability Exploited in Attack (CVE-2025-54236) Security experts from e-commerce security firm Sansec have discovered that threat attackers are actively exploiting a vulnerability in Adobe Commerce and... 25/10/2025 Qualys-Threat-Protect
Oracle Critical Patch Update, October 2025 Security Update Review Oracle released its third quarterly edition of this year’s Critical Patch Update. The update received patches for 374 security vulnerabilities.... 23/10/2025 Qualys-Threat-Protect
