ZDI-25-988: MSP360 Free Backup Link Following Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of MSP360 Free Backup. An attacker must first obtain... 12/11/2025 Zero-Day Initiative
ZDI-25-987: Autodesk AutoCAD PRT File Parsing Memory Corruption Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to... 11/11/2025 Zero-Day Initiative
ZDI-25-986: Autodesk On-Demand Install Services adsk_IPCUpdaterChannel Origin Validation Error Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Autodesk On-Demand Install Services. An attacker must first... 11/11/2025 Zero-Day Initiative
ZDI-25-985: Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required... 11/11/2025 Zero-Day Initiative
ZDI-25-984: Alibaba Cloud Workspace Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Alibaba Cloud Workspace Client. An attacker must first... 31/10/2025 Zero-Day Initiative
ZDI-25-983: evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of evernote-mcp-server. An attacker must first obtain the ability... 31/10/2025 Zero-Day Initiative
ZDI-25-982: oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of oobabooga text-generation-webui. Authentication is not required to... 31/10/2025 Zero-Day Initiative
ZDI-25-981: oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of oobabooga text-generation-webui. Authentication is not required to... 31/10/2025 Zero-Day Initiative
ZDI-25-980: Heimdall Data Database Proxy Cross-Site Scripting Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Heimdall Data Database Proxy. Minimal user interaction... 31/10/2025 Zero-Day Initiative
ZDI-25-979: Netgate pfSense CE Suricata Path Traversal Remote Code Execution Vulnerability This vulnerability allows remote attackers to create arbitrary files on affected installations of Netgate pfSense. Authentication is required to exploit... 31/10/2025 Zero-Day Initiative
