Lucene search
K

16763 matches found

Zero Day Initiative
Zero Day Initiative
•added 2025/06/11 12:0 a.m.•6 views

(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial PIN Missing Authentication Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Pile API. The issue results from t...

7.5CVSS6.7AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2025/06/11 12:0 a.m.•10 views

(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial DLB_SlaveRegister Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DLBSlaveRegister messages...

8.8CVSS7.5AI score0.00326EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2025/06/11 12:0 a.m.•9 views

(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial autocharge Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows physically present attackers to execute arbitrary code on affected affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of JSON messages...

6.8CVSS7.5AI score0.00295EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2025/06/11 12:0 a.m.•7 views

(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial Serial Number Exposed Dangerous Method Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the Autel Technician API...

4.9CVSS6.5AI score0.00453EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2025/06/11 12:0 a.m.•10 views

(Pwn2Own) Sony XAV-AX8500 Bluetooth SDP Protocol Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the Bluetooth SDP protocol. The issue results fr...

8.8CVSS7.7AI score0.00377EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/11 12:0 a.m.•6 views

(Pwn2Own) Ubiquiti Networks AI Bullet Improper Neutralization of Escape Sequences Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected Ubiquiti Networks AI Bullet cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of DHCP packet options. The issue results from insufficient...

7.5CVSS7.1AI score0.00722EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/11 12:0 a.m.•5 views

Trend Micro Endpoint Encryption BuildEnterpriseSearchString SQL Injection Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro Endpoint Encryption. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

8.8CVSS7.8AI score0.00113EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/11 12:0 a.m.•3 views

Trend Micro Endpoint Encryption PolicyValueTableSerializationBinder Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Endpoint Encryption. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PolicyValueTableSerializationBinder class. The issue results from th...

9.8CVSS7.8AI score0.08324EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/11 12:0 a.m.•4 views

Trend Micro Apex One Security Agent ntrmv Uncontrolled Search Path Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Furthermore, privilege escalatio...

6.7CVSS7.7AI score0.00133EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/11 12:0 a.m.•16 views

Trend Micro Endpoint Encryption PolicyServerWindowsService Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Endpoint Encryption. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PolicyServerWindowsService class. The issue results from the lack of...

9.8CVSS7.8AI score0.08324EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/11 12:0 a.m.•3 views

Trend Micro Apex One Virus Scan Engine Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Furthermore, the product is...

7CVSS7.4AI score0.00125EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/11 12:0 a.m.•5 views

Trend Micro Apex One Damage Cleanup Engine Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

7.8CVSS7.5AI score0.00159EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/11 12:0 a.m.•5 views

Trend Micro Endpoint Encryption ProcessWhereClause SQL Injection Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro Endpoint Encryption. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

8.8CVSS7.8AI score0.00113EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/11 12:0 a.m.•7 views

(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial Origin Validation Error Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Autel MaxiCharger AC Wallbox Commercial. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The...

5CVSS7AI score0.00146EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2025/06/11 12:0 a.m.•7 views

Trend Micro Endpoint Encryption DeserializeFromBase64String Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Endpoint Encryption. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

8.8CVSS7.9AI score0.08324EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/11 12:0 a.m.•7 views

(Pwn2Own) Ubiquiti Networks AI Bullet Insufficient Firmware Update Validation Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Ubiquiti Networks AI Bullet Cameras. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of...

6.8CVSS7.9AI score0.00223EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/11 12:0 a.m.•8 views

Pioneer DMH-WT7600NEX Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to bypass authentication on affected installations of Pioneer DMH-WT7600NEX devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the configuratio...

4.4CVSS7.7AI score0.00237EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/11 12:0 a.m.•7 views

Trend Micro Password Manager Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Password Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Additionally, the vulnerability is...

6.7CVSS7.5AI score0.00182EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/10 12:0 a.m.•5 views

Microsoft Windows Remote Desktop Gateway Service Null Pointer Dereference Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft Windows. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Remote Desktop Gateway service. The issue results from dereferencing...

8.6CVSS7AI score0.20634EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/10 12:0 a.m.•4 views

Adobe Acrobat Reader DC Collab Object Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

7.8CVSS7.1AI score0.00365EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/10 12:0 a.m.•8 views

Adobe Acrobat Reader DC Doc Object Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

7.8CVSS7.2AI score0.00305EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/10 12:0 a.m.•8 views

Microsoft Windows Installer Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windows...

7.8CVSS7.4AI score0.01165EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/10 12:0 a.m.•10 views

Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windows...

7.8CVSS7.5AI score0.0053EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/10 12:0 a.m.•6 views

Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

3.3CVSS6.3AI score0.00339EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/10 12:0 a.m.•6 views

Microsoft Visual Studio initializeCommand Insufficient UI Warning Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

7.8CVSS7.2AI score0.05806EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/10 12:0 a.m.•8 views

JupyterLab Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of JupyterLab. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Additionally, the vulnerability is triggered only when a...

7.3CVSS7.5AI score0.00154EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/10 12:0 a.m.•7 views

Adobe Acrobat Reader DC Collab Object Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

7.8CVSS7.1AI score0.00365EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/06 12:0 a.m.•8 views

(0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger BLE Encryption Keys Uninitialized Variable Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of WOLFBOX Level 2 EV Charger devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of cryptographic keys used in vendor-specific...

6.3CVSS7AI score0.00171EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2025/06/06 12:0 a.m.•8 views

(0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Authentication Bypass Vulnerability

This vulnerability allows physically present attackers to bypass authentication on affected installations of WOLFBOX Level 2 EV Charger. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of management cards. The issue results from the lack ...

4.6CVSS7.1AI score0.00252EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2025/06/06 12:0 a.m.•12 views

Autodesk Revit RFA File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Revit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of RFA...

7.8CVSS7.2AI score0.00169EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/06 12:0 a.m.•6 views

(0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installatons of WOLFBOX Level 2 EV Charger devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of command frames received by the MCU. When parsing...

8CVSS7.5AI score0.0036EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2025/06/06 12:0 a.m.•10 views

(0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger tuya_svc_devos_activate_result_parse Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WOLFBOX Level 2 EV Charger. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the secKey, localKey, stdTimeZone and devId...

8.8CVSS7.5AI score0.00333EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2025/06/06 12:0 a.m.•13 views

(0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger LAN OTA Exposed Dangerous Method Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WOLFBOX Level 2 EV Charger. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Tuy...

8CVSS7.7AI score0.00382EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2025/06/05 12:0 a.m.•6 views

Hewlett Packard Enterprise Insight Remote Support processAttachmentDataStream Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Insight Remote Support. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the processAttachmentDataStream...

9.8CVSS7.5AI score0.00617EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/03 12:0 a.m.•5 views

GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICO files. The...

7.8CVSS7.2AI score0.10561EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/03 12:0 a.m.•12 views

2BrightSparks SyncBackFree Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of 2BrightSparks SyncBackFree. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. User interaction on the part of an...

7.3CVSS7.2AI score0.00269EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/03 12:0 a.m.•7 views

Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing...

7.8CVSS7AI score0.00191EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2025/06/03 12:0 a.m.•7 views

Action1 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Action1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL...

7.8CVSS7.3AI score0.00257EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/02 12:0 a.m.•8 views

Hewlett Packard Enterprise StoreOnce VSA Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Hewlett Packard Enterprise StoreOnce VSA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the machineAccountCheck method. The issue...

9.8CVSS7AI score0.01007EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/02 12:0 a.m.•7 views

SolarWinds DameWare Mini Remote Control Service Incorrect Permissions Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds DameWare Mini Remote Control Service. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...

7.8CVSS7.2AI score0.00187EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/02 12:0 a.m.•3 views

Hewlett Packard Enterprise StoreOnce VSA getServerPayload Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Hewlett Packard Enterprise StoreOnce VSA. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...

4.9CVSS6.2AI score0.01058EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/02 12:0 a.m.•6 views

Hewlett Packard Enterprise StoreOnce VSA deletePackages Directory Traversal Arbitrary File Deletion Vulnerability

This vulnerability allows remote attackers to delete arbitrary files on affected installations of Hewlett Packard Enterprise StoreOnce VSA. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

5.5CVSS6.8AI score0.0076EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/02 12:0 a.m.•4 views

Hewlett Packard Enterprise StoreOnce VSA queryHardwareReportLocally Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise StoreOnce VSA. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

7.2CVSS7.5AI score0.01291EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/02 12:0 a.m.•5 views

Hewlett Packard Enterprise StoreOnce VSA determineInclusionAndExtract Server-Side Request Forgery Vulnerability

This vulnerability allows remote attackers to initiate arbitrary server-side requests on affected installations of Hewlett Packard Enterprise StoreOnce VSA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the...

5.3CVSS6.4AI score0.00556EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/02 12:0 a.m.•4 views

Hewlett Packard Enterprise StoreOnce VSA setLocateBeaconOnHardware Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise StoreOnce VSA. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

7.2CVSS7.5AI score0.01291EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/02 12:0 a.m.•8 views

Hewlett Packard Enterprise StoreOnce VSA doExecute Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise StoreOnce VSA. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

7.2CVSS7.5AI score0.01235EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/06/02 12:0 a.m.•9 views

Hewlett Packard Enterprise StoreOnce VSA getServerCertificate Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise StoreOnce VSA. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

7.2CVSS7.5AI score0.01289EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/05/29 12:0 a.m.•6 views

(Pwn2Own) Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of ALAC data. The issue results from the lack of proper validation of the...

8.8CVSS7.4AI score0.00326EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2025/05/29 12:0 a.m.•4 views

Linux Kernel ksmbd Session Setup Null Pointer Dereference Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. The specific flaw exists within the handling of preauth...

6.8CVSS6.9AI score0.28222EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2025/05/28 12:0 a.m.•13 views

(Pwn2Own) Canon imageCLASS MF656Cdw sfpcmAuthenticateSecAdmin Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF656Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the sfpcmAuthenticateSecAdmin function. The issue results...

8.8CVSS7.2AI score0.00758EPSS
Exploits0References1
Total number of security vulnerabilities16763