Deepanshu Jha | Secure Cyber Vulnerability Management

ZDI-25-831: Delta Electronics DIAView Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Electronics DIAView. Authentication is not required...

14/08/2025

Zero-Day Initiative

Microsoft Patch Tuesday, August 2025 Security Update Review

It’s the second Tuesday of August, and Microsoft has rolled out its latest security updates. Microsoft’s August 2025 Patch Tuesday...

13/08/2025

Qualys-Threat-Protect

ZDI-25-830: (0Day) Schneider Electric EcoStruxure Power Monitoring Expert GetPagesAsImages Server-Side Request Forgery Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric EcoStruxure Power Monitoring Expert. Authentication...

13/08/2025

Zero-Day Initiative

ZDI-25-829: (0Day) Schneider Electric EcoStruxure Power Monitoring Expert GetFilteredSinkProvider Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Monitoring Expert. Authentication...

13/08/2025

Zero-Day Initiative

ZDI-25-828: (0Day) Schneider Electric EcoStruxure Power Monitoring Expert HttpPostedFile Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Monitoring Expert. Authentication...

13/08/2025

Zero-Day Initiative

ZDI-25-827: (0Day) Schneider Electric EcoStruxure Power Monitoring Expert GetTgmlContent Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric EcoStruxure Power Monitoring Expert. Authentication...

13/08/2025

Zero-Day Initiative

ZDI-25-826: (0Day) Schneider Electric EcoStruxure Power Monitoring Expert ExportDataAsXML Server-Side Request Forgery Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric EcoStruxure Power Monitoring Expert. Authentication...

13/08/2025

Zero-Day Initiative

ZDI-25-825: Apple macOS AudioToolboxCore Audio Conversion Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the AudioToolboxCore framework...

12/08/2025

Zero-Day Initiative

WinRAR Path Traversal Vulnerability Exploited in the Wild (CVE-2025-8088)

WinRAR released a security patch to address a vulnerability allowing attackers to hijack user extraction processes and plant malicious files...

12/08/2025

Qualys-Threat-Protect

Trend Micro Apex One (On-Prem) Zero-day Vulnerabilities Exploited in the Wild (CVE-2025-54948 & CVE-2025-54987)

Threat actors are exploiting two vulnerabilities impacting Trend Micro Apex One (on-prem) devices. Tracked as CVE-2025-54948 & CVE-2025-54987, the vulnerabilities...

07/08/2025

Qualys-Threat-Protect