ZDI-25-991: Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is... 12/11/2025 Zero-Day Initiative
ZDI-25-990: Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is... 12/11/2025 Zero-Day Initiative
ZDI-25-989: Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is... 12/11/2025 Zero-Day Initiative
ZDI-25-988: MSP360 Free Backup Link Following Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of MSP360 Free Backup. An attacker must first obtain... 12/11/2025 Zero-Day Initiative
ZDI-25-987: Autodesk AutoCAD PRT File Parsing Memory Corruption Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to... 11/11/2025 Zero-Day Initiative
ZDI-25-986: Autodesk On-Demand Install Services adsk_IPCUpdaterChannel Origin Validation Error Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Autodesk On-Demand Install Services. An attacker must first... 11/11/2025 Zero-Day Initiative
ZDI-25-985: Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required... 11/11/2025 Zero-Day Initiative
Cisco Addresses Remote Code Execution Vulnerabilities in Unified Contact Center Express (CVE-2025-20354 & CVE-2025-20358) Cisco Unified CCX is vulnerable to two security vulnerabilities that could allow an unauthenticated, remote attacker to upload arbitrary files, bypass authentication,... 07/11/2025 Qualys-Threat-Protect
ZDI-25-984: Alibaba Cloud Workspace Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Alibaba Cloud Workspace Client. An attacker must first... 31/10/2025 Zero-Day Initiative
ZDI-25-983: evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of evernote-mcp-server. An attacker must first obtain the ability... 31/10/2025 Zero-Day Initiative
