ZDI-25-415: ServiceStack GetErrorResponse Improper Input Validation NTLM Relay Vulnerability This vulnerability allows remote attackers to relay NTLM credentials on affected installations of ServiceStack. Interaction with this library is required... 24/06/2025 Zero-Day Initiative
ZDI-25-414: Ruby WEBrick read_header HTTP Request Smuggling Vulnerability This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable... 24/06/2025 Zero-Day Initiative
ZDI-25-413: Fuji Electric Smart Editor TL5 File Parsing Stack-Based Buffer Overflow Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Smart Editor. User interaction is... 21/06/2025 Zero-Day Initiative
ZDI-25-412: Fuji Electric Smart Editor X1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Smart Editor. User interaction is... 21/06/2025 Zero-Day Initiative
ZDI-25-411: Delta Electronics CNCSoft-G2 DPAX File Parsing Memory Corruption Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required... 21/06/2025 Zero-Day Initiative
ZDI-25-410: Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this... 20/06/2025 Zero-Day Initiative
ZDI-25-409: RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to... 20/06/2025 Zero-Day Initiative
ZDI-25-408: PEAK-System Driver PCANFD_ADD_FILTERS Time-Of-Check Time-Of-Use Information Disclosure Vulnerability This vulnerability allows local attackers to disclose sensitive information on affected installations of PEAK-System Driver. An attacker must first obtain... 19/06/2025 Zero-Day Initiative
ZDI-25-407: SolarWinds Web Help Desk AjaxProxy Deserialization of Untrusted Data Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Web Help Desk. Authentication is not... 18/06/2025 Zero-Day Initiative
ZDI-25-406: SolarWinds Serv-U FTP Service Directory Traversal Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Serv-U. Authentication is required to exploit... 18/06/2025 Zero-Day Initiative
