ZDI-25-829: (0Day) Schneider Electric EcoStruxure Power Monitoring Expert GetFilteredSinkProvider Deserialization of Untrusted Data Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Monitoring Expert. Authentication... 13/08/2025 Zero-Day Initiative
ZDI-25-828: (0Day) Schneider Electric EcoStruxure Power Monitoring Expert HttpPostedFile Directory Traversal Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Monitoring Expert. Authentication... 13/08/2025 Zero-Day Initiative
ZDI-25-827: (0Day) Schneider Electric EcoStruxure Power Monitoring Expert GetTgmlContent Directory Traversal Information Disclosure Vulnerability This vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric EcoStruxure Power Monitoring Expert. Authentication... 13/08/2025 Zero-Day Initiative
ZDI-25-826: (0Day) Schneider Electric EcoStruxure Power Monitoring Expert ExportDataAsXML Server-Side Request Forgery Information Disclosure Vulnerability This vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric EcoStruxure Power Monitoring Expert. Authentication... 13/08/2025 Zero-Day Initiative
ZDI-25-825: Apple macOS AudioToolboxCore Audio Conversion Out-Of-Bounds Read Information Disclosure Vulnerability This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the AudioToolboxCore framework... 12/08/2025 Zero-Day Initiative
WinRAR Path Traversal Vulnerability Exploited in the Wild (CVE-2025-8088) WinRAR released a security patch to address a vulnerability allowing attackers to hijack user extraction processes and plant malicious files... 12/08/2025 Qualys-Threat-Protect
Trend Micro Apex One (On-Prem) Zero-day Vulnerabilities Exploited in the Wild (CVE-2025-54948 & CVE-2025-54987) Threat actors are exploiting two vulnerabilities impacting Trend Micro Apex One (on-prem) devices. Tracked as CVE-2025-54948 & CVE-2025-54987, the vulnerabilities... 07/08/2025 Qualys-Threat-Protect
ZDI-25-824: (0Day) Microsoft Windows Theme File Parsing Improper Input Validation NTLM Relay Vulnerability This vulnerability allows remote attackers to relay NTLM credentials on affected installations of Microsoft Windows. User interaction is required to... 07/08/2025 Zero-Day Initiative
ZDI-25-823: (0Day) Microsoft Windows Theme File Parsing Improper Input Validation NTLM Relay Vulnerability This vulnerability allows remote attackers to relay NTLM credentials on affected installations of Microsoft Windows. User interaction is required to... 07/08/2025 Zero-Day Initiative
ZDI-25-822: (0Day) Microsoft SharePoint GetTransformer Unsafe Reflection Denial-of-Service Vulnerability This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft SharePoint. Authentication is required to... 07/08/2025 Zero-Day Initiative
