ZDI-25-696: Avast Cleanup Premium TuneupSvc Link Following Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An attacker must first obtain... 30/07/2025 Zero-Day Initiative
ZDI-25-672: Samsung MagicINFO 9 Server filenameHasExecutableType Unrestricted File Upload Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is not... 30/07/2025 Zero-Day Initiative
PaperCut NG/MF Vulnerability added to CISA KEV and Active Exploitation (CVE-2023-2533) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a high-severity vulnerability to its Known Exploitable Vulnerabilities Catalog, urgingĀ users to... 30/07/2025 Qualys-Threat-Protect
ZDI-25-671: Samsung MagicINFO 9 Server PremiumClientService Hard-coded Cryptographic Key Authentication Bypass Vulnerability This vulnerability allows remote attackers to bypass authentication on affected installations of Samsung MagicINFO 9 Server. Authentication is not required... 29/07/2025 Zero-Day Initiative
ZDI-25-670: Samsung MagicINFO 9 Server PremiumClientService Hard-coded Cryptographic Key Authentication Bypass Vulnerability This vulnerability allows remote attackers to bypass authentication on affected installations of Samsung MagicINFO 9 Server. Authentication is not required... 29/07/2025 Zero-Day Initiative
ZDI-25-669: Samsung MagicINFO 9 Server FtpMetaUploadServlet Directory Traversal Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Although authentication is... 29/07/2025 Zero-Day Initiative
ZDI-25-668: Samsung MagicINFO 9 Server ServletAuthenticationProcessingFilter Authentication Bypass Vulnerability This vulnerability allows remote attackers to partially bypass authentication on affected installations of Samsung MagicINFO 9 Server. Authentication is not... 29/07/2025 Zero-Day Initiative
ZDI-25-667: Samsung MagicINFO 9 Server MagicInfoCache Deserialization of Untrusted Data Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is not... 29/07/2025 Zero-Day Initiative
ZDI-25-666: Samsung MagicINFO 9 Server DeviceLogUploadServlet Directory Traversal Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is required... 29/07/2025 Zero-Day Initiative
ZDI-25-665: Samsung MagicINFO 9 Server fillLftOrLfdInfo Unrestricted File Upload Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is not... 29/07/2025 Zero-Day Initiative
