Skip to content

Secure Cyber Vulnerability Management

  • Home
  • About Us
  • Our Services
  • Privacy Policy
  • Home
  • About Us
  • Our Services
  • Privacy Policy
31/03/2026
Zero-Day Initiative

ZDI-26-247: NoMachine External Control of File Path Arbitrary File Deletion Vulnerability

by Deepanshu Jha
This vulnerability allows local attackers to delete arbitrary files on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.1. The following CVEs are assigned: CVE-2026-5053.
  • Next ZDI-26-248: NoMachine External Control of File Path Local Privilege Escalation Vulnerability
  • Previous ZDI-26-246: (0Day) aws-mcp-server Command Injection Remote Code Execution Vulnerability

Comments are closed.

You may also like

ZDI-25-581: (Pwn2Own) Microsoft SharePoint DataSetSurrogateSelector Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint Server. Although authentication is required...

09/07/2025
Zero-Day Initiative

ZDI-25-457: (0Day) Marvell QConvergeConsole deleteAppFile Directory Traversal Arbitrary File Deletion Vulnerability

This vulnerability allows remote attackers to delete arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to...

28/06/2025
Zero-Day Initiative
Secure Cyber Vulnerability Management

Secure Cyber Vulnerability Management © 2026. All Rights Reserved.