Lucene search
K

16763 matches found

Zero Day Initiative
Zero Day Initiative
•added 2025/06/18 12:0 a.m.•8 views

PEAK-System Driver PCANFD_ADD_FILTERS Time-Of-Check Time-Of-Use Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of PEAK-System Driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

3.8CVSS5.9AI score0.00087EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/17 12:0 a.m.•5 views

Fuji Electric Smart Editor V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Smart Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS7.7AI score0.00189EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/17 12:0 a.m.•7 views

Fuji Electric Smart Editor TL5 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Smart Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS7.8AI score0.00161EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/17 12:0 a.m.•5 views

Fuji Electric Smart Editor X1 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Smart Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS7.7AI score0.00189EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/17 12:0 a.m.•3 views

Fuji Electric Smart Editor V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Smart Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS7.7AI score0.00189EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/17 12:0 a.m.•5 views

SolarWinds Serv-U FTP Service Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Serv-U. Authentication is required to exploit this vulnerability. The specific flaw exists within the FTP service, which listens on TCP port 21 by default. The issue results from the lack ...

7.5CVSS8.4AI score0.06328EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/17 12:0 a.m.•4 views

SolarWinds Web Help Desk AjaxProxy Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Web Help Desk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AjaxProxy. The issue results from the lack of proper validation of...

9.8CVSS7.2AI score0.36619EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/17 12:0 a.m.•6 views

Fuji Electric Smart Editor V10 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Smart Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS7.8AI score0.00186EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/17 12:0 a.m.•5 views

Fuji Electric Smart Editor TL5 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Smart Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS7.7AI score0.00189EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/17 12:0 a.m.•4 views

Fuji Electric Smart Editor X1 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Smart Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS7.7AI score0.00189EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/17 12:0 a.m.•3 views

Delta Electronics COMMGR Insufficient Randomization Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Delta Electronics COMMGR. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PLC simulator service, which listens on TCP port 8895 by default. By...

9.8CVSS9.6AI score0.00637EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/17 12:0 a.m.•7 views

Trend Micro Internet Security Platinum Host Service Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Internet Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

7.8CVSS7.8AI score0.00144EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/16 12:0 a.m.•8 views

Siemens TeleControl Server Basic UpdateDatabaseSettings SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens TeleControl Server Basic. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

6.5CVSS6.8AI score0.00732EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/16 12:0 a.m.•3 views

Siemens TeleControl Server Basic UpdateUsers SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens TeleControl Server Basic. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

6.5CVSS6.8AI score0.00732EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/16 12:0 a.m.•4 views

Siemens TeleControl Server Basic Authenticate SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens TeleControl Server Basic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the Authenticate method. The issue results from t...

9.8CVSS8.1AI score0.00912EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/16 12:0 a.m.•3 views

Siemens TeleControl Server Basic UpdateBufferingSettings SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens TeleControl Server Basic. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

6.5CVSS6.8AI score0.00732EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/16 12:0 a.m.•3 views

Siemens TeleControl Server Basic UpdateGateways SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens TeleControl Server Basic. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

6.5CVSS6.8AI score0.00683EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/16 12:0 a.m.•5 views

Siemens TeleControl Server Basic CreateProject SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens TeleControl Server Basic. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

6.5CVSS6.8AI score0.00732EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/16 12:0 a.m.•3 views

Siemens TeleControl Server Basic UpdateTcmSettings SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens TeleControl Server Basic. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

6.5CVSS6.8AI score0.00732EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/16 12:0 a.m.•4 views

Siemens TeleControl Server Basic UpdateProjectConnections SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens TeleControl Server Basic. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

6.5CVSS6.8AI score0.00732EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/16 12:0 a.m.•4 views

Siemens TeleControl Server Basic UpdateSmtpSettings SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens TeleControl Server Basic. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

6.5CVSS6.8AI score0.00732EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/16 12:0 a.m.•3 views

Siemens TeleControl Server Basic ImportDatabase SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens TeleControl Server Basic. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

6.5CVSS6.8AI score0.00732EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/16 12:0 a.m.•7 views

Siemens TeleControl Server Basic UpdateConnectionVariables SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens TeleControl Server Basic. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

6.5CVSS6.8AI score0.00732EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/16 12:0 a.m.•2 views

Siemens TeleControl Server Basic UpdateOpcSettings SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens TeleControl Server Basic. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

6.5CVSS6.8AI score0.00683EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/16 12:0 a.m.•5 views

Siemens TeleControl Server Basic UpdateProject SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens TeleControl Server Basic. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

6.5CVSS6.8AI score0.00683EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/16 12:0 a.m.•3 views

Siemens TeleControl Server Basic CreateTrace SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens TeleControl Server Basic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the CreateTrace method. The issue results from th...

9.8CVSS8.1AI score0.00912EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/16 12:0 a.m.•3 views

Siemens TeleControl Server Basic VerifyUser SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens TeleControl Server Basic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the VerifyUser method. The issue results from the...

9.8CVSS8.1AI score0.00912EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/16 12:0 a.m.•6 views

Siemens TeleControl Server Basic RestoreFromBackup SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens TeleControl Server Basic. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

8.8CVSS8.2AI score0.00805EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/13 12:0 a.m.•5 views

Trend Micro Maximum Security Platinum Host Service Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

7.8CVSS7.5AI score0.00146EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/11 12:0 a.m.•11 views

Trend Micro Worry-Free Business Security Uncontrolled Search Path Element Arbitrary Code Execution Vulnerability

This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Trend Micro Worry-Free Business Security. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The process loads an...

6.8CVSS7.5AI score0.00244EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/11 12:0 a.m.•5 views

Pioneer DMH-WT7600NEX Root Filesystem Insufficient Verification of Data Authenticity Vulnerability

This vulnerability allows physically present attackers to bypass authentication on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the operating system. The issue results fr...

4.6CVSS7.2AI score0.00221EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/11 12:0 a.m.•10 views

(Pwn2Own) Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of ACL-U links. The issue results from the lack of L2CAP channel...

6.3CVSS7.1AI score0.00311EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/11 12:0 a.m.•8 views

(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial Technician API Incorrect Authorization Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. An attacker must first obtain a low-privileged authorization token in order to exploit this vulnerability. The specific flaw exists within the...

7.1CVSS7AI score0.00322EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2025/06/11 12:0 a.m.•7 views

Trend Micro Apex One Data Loss Prevention Uncontrolled Search Path Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One Security Agent. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi...

8.8CVSS7.2AI score0.0079EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/11 12:0 a.m.•14 views

(Pwn2Own) Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of Bluetooth ERTM channel communication. The issue results from...

6.3CVSS7.1AI score0.00306EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/11 12:0 a.m.•5 views

Trend Micro Endpoint Encryption GetGroupFilteredUsers SQL Injection Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro Endpoint Encryption. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

8.8CVSS7.8AI score0.00347EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/11 12:0 a.m.•8 views

(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the bleprocessesp32msg function. The issue...

8.8CVSS7.5AI score0.00326EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2025/06/11 12:0 a.m.•5 views

Trend Micro Apex Central ConvertFromJson Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the ConvertFromJson method. The issue results from the la...

9.8CVSS7.8AI score0.01944EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/11 12:0 a.m.•10 views

(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial wLength Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of USB frame packets. The...

6.8CVSS7.5AI score0.00295EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2025/06/11 12:0 a.m.•5 views

(Pwn2Own) Ubiquiti Networks AI Bullet Improper Certificate Validation Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected Ubiquiti Networks AI Bullet cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ubntavclient component. The issue results from the lack of proper...

7.5CVSS7.1AI score0.0016EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/11 12:0 a.m.•9 views

(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial Firmware Downgrade Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this...

7.5CVSS7.2AI score0.00233EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2025/06/11 12:0 a.m.•6 views

(Pwn2Own) Sony XAV-AX8500 Bluetooth Packet Handling Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sony XAV-AX8500 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The specific flaw exists within the...

7.5CVSS7.8AI score0.00295EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/11 12:0 a.m.•5 views

(Pwn2Own) Ubiquiti Networks UniFi Console Missing Authentication for Critical Function Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected Ubiquiti Networks UniFi Console devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of bridge device adoption requests. The issue results from...

9.6CVSS7.2AI score0.00499EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/11 12:0 a.m.•5 views

Pioneer DMH-WT7600NEX Software Update Signing Insufficient Verification of Data Authenticity Vulnerability

This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the software update verification process. The issue results fr...

6.8CVSS7.5AI score0.00222EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/11 12:0 a.m.•6 views

(Pwn2Own) Sony XAV-AX8500 Bluetooth AVCTP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sony XAV-AX8500 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The specific flaw exis...

7.5CVSS7.4AI score0.00325EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/11 12:0 a.m.•8 views

(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Misinterpretation of Input Vulnerability

This vulnerability allows network-adjacent attackers to inject arbitrary AT commands on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the bleprocessesp32msg functio...

6.3CVSS7.3AI score0.00227EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2025/06/11 12:0 a.m.•5 views

Trend Micro Apex Central GetReportDetailView Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the GetReportDetailView method. The issue results from th...

9.8CVSS7.8AI score0.01327EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/11 12:0 a.m.•6 views

Trend Micro Endpoint Encryption DbAppDomain Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Trend Micro Endpoint Encryption. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DbAppDomain service. The issue results from an improper implementatio...

9.8CVSS7.3AI score0.00489EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/11 12:0 a.m.•7 views

(Pwn2Own) Sony XAV-AX8500 Bluetooth L2CAP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sony XAV-AX8500 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The specific flaw exists within the...

7.5CVSS7.5AI score0.00325EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/11 12:0 a.m.•5 views

Trend Micro Endpoint Encryption ValidateToken Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Endpoint Encryption. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the ValidateToken method. The issue results from t...

8.1CVSS7.8AI score0.01024EPSS
Exploits0References1
Total number of security vulnerabilities16763