ZDI-25-757: (Pwn2Own) QNAP QHora-322 tar Command Injection Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP QHora-322 routers. Authentication is not required... 02/08/2025 Zero-Day Initiative
ZDI-25-756: (Pwn2Own) QNAP QHora-322 Improper Restriction of Communication Channel to Intended Endpoints Vulnerability This vulnerability allows network-adjacent attackers to access the management interface on affected installations of QNAP QHora-322 routers. Authentication is not... 02/08/2025 Zero-Day Initiative
ZDI-25-755: (Pwn2Own) QNAP QHora-322 qsyslog-cli username Format String Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP QHora-322 routers. Authentication is not required... 02/08/2025 Zero-Day Initiative
ZDI-25-754: (Pwn2Own) QNAP TS-464 privWizard.cgi Authentication CRLF Injection Privilege Escalation Vulnerability This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of QNAP TS-464 devices. Although authentication is required to... 02/08/2025 Zero-Day Initiative
ZDI-25-753: (Pwn2Own) QNAP TS-464 Improper Handling of URL Encoding Authentication Bypass Vulnerability This vulnerability allows remote attackers to bypass authentication on affected installations of QNAP TS-464 devices. Authentication is not required to... 02/08/2025 Zero-Day Initiative
ZDI-25-733: (0Day) Marvell QConvergeConsole compressConfigFiles Directory Traversal Information Disclosure and Denial-of-Service Vulnerability This vulnerability allows remote attackers to disclose sensitive information or to create a denial-of-service condition on affected installations of Marvell... 01/08/2025 Zero-Day Initiative
ZDI-25-732: (Pwn2Own) Lorex 2K Indoor Wi-Fi Security Camera Improper Validation of Array Index Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. Authentication... 31/07/2025 Zero-Day Initiative
ZDI-25-731: (Pwn2Own) Lorex 2K Indoor Wi-Fi Security Camera Stack-based Buffer Overflow Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. Authentication... 31/07/2025 Zero-Day Initiative
ZDI-25-730: (Pwn2Own) Lorex 2K Indoor Wi-Fi Security Camera Stack-based Buffer Overflow Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. Authentication... 31/07/2025 Zero-Day Initiative
ZDI-25-729: (Pwn2Own) Canonical Ubuntu Kernel taprio Scheduler Race Condition Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Canonical Ubuntu. An attacker must first obtain the... 31/07/2025 Zero-Day Initiative
