ZDI-25-474: (0Day) INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT HMITool. User interaction is required to... 08/07/2025 Zero-Day Initiative
ZDI-25-473: Parallels Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Client. An attacker must first obtain the... 08/07/2025 Zero-Day Initiative
ZDI-25-472: Delta Electronics CNCSoft Screen Editor DPB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft. User interaction is required... 04/07/2025 Zero-Day Initiative
ZDI-25-471: Delta Electronics CNCSoft Screen Editor DPB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft. User interaction is required... 04/07/2025 Zero-Day Initiative
ZDI-25-470: Delta Electronics CNCSoft Screen Editor DPB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft. User interaction is required... 04/07/2025 Zero-Day Initiative
ZDI-25-469: Delta Electronics CNCSoft Screen Editor DPB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft. User interaction is required... 04/07/2025 Zero-Day Initiative
ZDI-25-468: GFI Archiver Telerik Web UI Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is not required to... 04/07/2025 Zero-Day Initiative
ZDI-25-467: GStreamer H266 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required... 04/07/2025 Zero-Day Initiative
Anthropic Model Context Protocol (MCP) Inspector Remote Code Execution Vulnerability (CVE-2025-49596) A critical remote code execution vulnerability has been discovered in Anthropic’s open‑source tool, MCP Inspector, which is widely used by... 04/07/2025 Qualys-Threat-Protect
Cisco Unified Communications Manager Static SSH Credentials Vulnerability (CVE-2025-20309) Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) are vulnerable to a... 04/07/2025 Qualys-Threat-Protect
