Secure Cyber Vulnerability Management (SCVM)

ZDI-25-467: GStreamer H266 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required...

04/07/2025

Zero-Day Initiative

Anthropic Model Context Protocol (MCP) Inspector Remote Code Execution Vulnerability (CVE-2025-49596)

A critical remote code execution vulnerability has been discovered in Anthropic’s open‑source tool, MCP Inspector, which is widely used by...

04/07/2025

Qualys-Threat-Protect

Cisco Unified Communications Manager Static SSH Credentials Vulnerability (CVE-2025-20309)

Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) are vulnerable to a...

04/07/2025

Qualys-Threat-Protect

WingFTP Critical Remote Code Execution Vulnerability (CVE-2025-47812)

Julien Ahrens from RCE Security discovered a critical security vulnerability impacting WingFTP. Tracked as CVE-2025-47812, the vulnerability has a CVSS...

03/07/2025

Qualys-Threat-Protect

Google Addresses Zero-day Vulnerability impacting Chrome Browser (CVE-2025-6554)

Chrome browser is vulnerable to a security vulnerability being exploited in the wild. Tracked as CVE-205-6554, this is a type...

02/07/2025

Qualys-Threat-Protect

ZDI-25-466: (0Day) Marvell QConvergeConsole readNICParametersFromFile Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Authentication is not required to...

28/06/2025

Zero-Day Initiative

ZDI-25-465: (0Day) Marvell QConvergeConsole readObjectFromConfigFile Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Authentication is not required to...

28/06/2025

Zero-Day Initiative

ZDI-25-464: (0Day) Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Authentication is not required to...

28/06/2025

Zero-Day Initiative

ZDI-25-463: (0Day) Marvell QConvergeConsole getDriverTmpPath Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to...

28/06/2025

Zero-Day Initiative

ZDI-25-462: (0Day) Marvell QConvergeConsole decryptFile Directory Traversal Arbitrary File Write Vulnerability

This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to...

28/06/2025

Zero-Day Initiative