ZDI-25-753: (Pwn2Own) QNAP TS-464 Improper Handling of URL Encoding Authentication Bypass Vulnerability This vulnerability allows remote attackers to bypass authentication on affected installations of QNAP TS-464 devices. Authentication is not required to... 02/08/2025 Zero-Day Initiative
ZDI-25-733: (0Day) Marvell QConvergeConsole compressConfigFiles Directory Traversal Information Disclosure and Denial-of-Service Vulnerability This vulnerability allows remote attackers to disclose sensitive information or to create a denial-of-service condition on affected installations of Marvell... 01/08/2025 Zero-Day Initiative
ZDI-25-732: (Pwn2Own) Lorex 2K Indoor Wi-Fi Security Camera Improper Validation of Array Index Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. Authentication... 31/07/2025 Zero-Day Initiative
ZDI-25-731: (Pwn2Own) Lorex 2K Indoor Wi-Fi Security Camera Stack-based Buffer Overflow Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. Authentication... 31/07/2025 Zero-Day Initiative
ZDI-25-730: (Pwn2Own) Lorex 2K Indoor Wi-Fi Security Camera Stack-based Buffer Overflow Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. Authentication... 31/07/2025 Zero-Day Initiative
ZDI-25-729: (Pwn2Own) Canonical Ubuntu Kernel taprio Scheduler Race Condition Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Canonical Ubuntu. An attacker must first obtain the... 31/07/2025 Zero-Day Initiative
ZDI-25-728: Apple macOS MediaToolbox Framework Memory Corruption Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the MediaToolbox framework... 31/07/2025 Zero-Day Initiative
ZDI-25-727: Apple macOS libFontValidation kern Table Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the libFontValidation library... 31/07/2025 Zero-Day Initiative
ZDI-25-726: (0Day) Ashlar-Vellum Cobalt LI File Parsing Use-After-Free Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to... 31/07/2025 Zero-Day Initiative
ZDI-25-725: (0Day) Ashlar-Vellum Cobalt XE File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to... 31/07/2025 Zero-Day Initiative
