ZDI-25-1032: Tencent MimicMotion create_pipeline Deserialization of Untrusted Data Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent MimicMotion. User interaction is required to... 02/12/2025 Zero-Day Initiative
ZDI-25-1031: Tencent MedicalNet generate_model Deserialization of Untrusted Data Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent MedicalNet. User interaction is required to... 02/12/2025 Zero-Day Initiative
ZDI-25-1030: Tencent HunyuanVideo load_vae Deserialization of Untrusted Data Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent HunyuanVideo. User interaction is required to... 02/12/2025 Zero-Day Initiative
ZDI-25-1029: Tencent HunyuanDiT model_resume Deserialization of Untrusted Data Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent HunyuanDiT. User interaction is required to... 02/12/2025 Zero-Day Initiative
ZDI-25-1028: Tencent HunyuanDiT merge Deserialization of Untrusted Data Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent HunyuanDiT. User interaction is required to... 02/12/2025 Zero-Day Initiative
ZDI-25-1027: Tencent Hunyuan3D-1 load_pretrained Deserialization of Untrusted Data Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent Hunyuan3D-1. User interaction is required to... 02/12/2025 Zero-Day Initiative
ZDI-25-1026: Appleton UPSMON-PRO UPSMONProService Stack-based Buffer Overflow Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Appleton UPSMON-PRO. Authentication is not required to... 28/11/2025 Zero-Day Initiative
ZDI-25-1025: MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is... 28/11/2025 Zero-Day Initiative
Shai-Hulud 2.0 Supply Chain Attack Compromised Major Packages A renewed and intensified npm supply chain attack campaign linked to the original Shai-Hulud malware is making headlines. This campaign,... 27/11/2025 Qualys-Threat-Protect
ZDI-25-1024: DreamFactory saveZipFile Command Injection Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of DreamFactory. Authentication is required to exploit this... 27/11/2025 Zero-Day Initiative
