ZDI-25-631: (0Day) Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to... 23/07/2025 Zero-Day Initiative
ZDI-25-630: (0Day) Ashlar-Vellum Cobalt LI File Parsing Integer Overflow Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to... 23/07/2025 Zero-Day Initiative
ZDI-25-627: rocket.chat Incorrect Authorization Information Disclosure Vulnerability This vulnerability allows remote attackers to disclose sensitive information on affected installations of rocket.chat. Authentication is not required to exploit... 22/07/2025 Zero-Day Initiative
ZDI-25-626: (Pwn2Own) NVIDIA Container Toolkit Environment Variable Handling Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of NVIDIA Container Toolkit. An attacker must first obtain... 22/07/2025 Zero-Day Initiative
ZDI-25-625: Veeam Backup Enterprise Manager JobManagmentService Improper Access Control Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veeam Backup Enterprise Manager. Authentication is required... 22/07/2025 Zero-Day Initiative
ZDI-25-624: (Pwn2Own) Phoenix Contact CHARX SEC-3100 Command Injection Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is... 22/07/2025 Zero-Day Initiative
ZDI-25-623: (Pwn2Own) Phoenix Contact CHARX SEC-3150 Origin Validation Error Firewall Bypass Vulnerability This vulnerability allows network-adjacent attackers to bypass firewall rules and access another interface on affected installations of Phoenix Contact CHARX... 22/07/2025 Zero-Day Initiative
ZDI-25-622: (Pwn2Own) Phoenix Contact CHARX SEC-3150 Configuration Service Missing Authentication Vulnerability This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Phoenix Contact CHARX SEC-3150 devices. Authentication is not... 22/07/2025 Zero-Day Initiative
ZDI-25-621: (Pwn2Own) Phoenix Contact CHARX SEC-3150 DHCP Configuration Command Injection Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3150 devices. Authentication is... 22/07/2025 Zero-Day Initiative
CrushFTP Authentication Bypass Vulnerability Exploited in the Wild (CVE-2025-54309) CrushFTP warned its users about active exploitation of a zero-day vulnerability tracked as CVE-2025-54309. Successful exploitation of this vulnerability may... 22/07/2025 Qualys-Threat-Protect
