ZDI-25-657: Samsung MagicINFO 9 Server MagicInfoWebAuthorClient Unrestricted File Upload Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is not... 29/07/2025 Zero-Day Initiative
ZDI-25-653: (Pwn2Own) Microsoft SharePoint Deserialization of Untrusted Data Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint Server. Although authentication is required... 26/07/2025 Zero-Day Initiative
ZDI-25-652: (Pwn2Own) Microsoft SharePoint ToolPane Authentication Bypass Vulnerability This vulnerability allows remote attackers to bypass authentication on affected installations of Microsoft SharePoint. Authentication is not required to exploit... 26/07/2025 Zero-Day Initiative
ZDI-25-651: (Pwn2Own) Red Hat Enterprise Linux CBS Packet Scheduling Use-After-Free Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Red Hat Enterprise Linux. An attacker must first... 25/07/2025 Zero-Day Initiative
ZDI-25-650: ATEN eco DC Missing Authorization Privilege Escalation Vulnerability This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit... 25/07/2025 Zero-Day Initiative
ZDI-25-649: Veeam Agent for Microsoft Windows Incorrect Default Permissions Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Veeam Agent for Microsoft Windows. An attacker must... 25/07/2025 Zero-Day Initiative
ZDI-25-648: Anritsu ShockLine CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu ShockLine. User interaction is required to... 25/07/2025 Zero-Day Initiative
ZDI-25-647: Anritsu ShockLine CHX File Parsing Directory Traversal Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu ShockLine. User interaction is required to... 25/07/2025 Zero-Day Initiative
ZDI-25-646: Amazon AWS Client VPN Uncontrolled Search Path Element Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Amazon AWS Client VPN. An attacker must first... 25/07/2025 Zero-Day Initiative
ZDI-25-645: Autodesk Revit RFA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Revit. User interaction is required to... 23/07/2025 Zero-Day Initiative
