jell.ie CVEs

Read at: 2026-07-09T18:01:29+00:00

CVE-2026-59227 - Open WebUI: POST /api/v1/images/edit bypasses the global image-edit switch and the per-user image-generation permission

CVE ID :CVE-2026-59227
Published : July 9, 2026, 5:17 p.m. | 42 minutes ago
Description :Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.11 before 0.10.0, POST /api/v1/images/edit required only a verified account and did not enforce the global image-edit switch or the per-user image-generation permission, allowing a non-admin user to invoke server-side image editing with administrator-configured provider credentials. This issue is fixed in version 0.10.0.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 Jul 2026 | 5:17 pm UTC

CVE-2026-59226 - Open WebUI: Scheduled automations continue after pending-user deactivation and stored model ACL revocation

CVE ID :CVE-2026-59226
Published : July 9, 2026, 5:17 p.m. | 42 minutes ago
Description :Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0, execute_automation rehydrated automation owners without rechecking that they were still active or still had features.automations, and check_model_access only enforced private-model grants for the exact user role, allowing deactivated pending users to continue scheduled model execution. This issue is fixed in version 0.10.0.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 Jul 2026 | 5:17 pm UTC

CVE-2026-59715 - Open WebUI: Unauthenticated WebSocket Access to Collaborative Document Handlers (ydoc:awareness:update, ydoc:document:leave)

CVE ID :CVE-2026-59715
Published : July 9, 2026, 5:17 p.m. | 42 minutes ago
Description :Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.16 before 0.10.0, the Socket.IO server is configured with always_connect=True. The ydoc:awareness:update and ydoc:document:leave Socket.IO handlers accepted collaborative-document events without requiring an authenticated user, allowing unauthorized manipulation of document collaboration state. This issue is fixed in version 0.10.0.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 Jul 2026 | 5:17 pm UTC

CVE-2026-59225 - Open WebUI: Arena task endpoints can bypass underlying model access controls

CVE ID :CVE-2026-59225
Published : July 9, 2026, 5:17 p.m. | 42 minutes ago
Description :Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.12 before 0.10.0, an authenticated non-admin user with read access to an arena wrapper model can reach a restricted underlying model through task endpoints such as /api/v1/tasks/moa/completions. The normal chat route resolves arena models before the final chat dispatch and therefore re-checks the selected underlying model. The task routes call utils.chat.generate_chat_completion() directly. In that direct path, arena fallback resolution happens after the wrapper access check and then recurses with bypass_filter=True, skipping the selected submodel's access check. This issue is fixed in version 0.10.0.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 Jul 2026 | 5:17 pm UTC

CVE-2026-59224 - Open WebUI: Terminal proxy forwards a spoofable, integrity-unbound user identity to the upstream (X-User-Id header and ws_terminal session_id query injection)

CVE ID :CVE-2026-59224
Published : July 9, 2026, 5:17 p.m. | 42 minutes ago
Description :Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, backend/open_webui/routers/terminals.py built the ws_terminal upstream URL from an unencoded session_id and appended user_id as a query parameter, allowing query injection to make the terminal backend resolve another user identity; the HTTP proxy path also forwarded X-User-Id as an integrity-unbound identity claim. This issue is fixed in version 0.10.0.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 Jul 2026 | 5:17 pm UTC

CVE-2026-59223 - Open WebUI: `WEB_FETCH_FILTER_LIST` host allow/block filter bypassable via URL path and non-label-boundary matching

CVE ID :CVE-2026-59223
Published : July 9, 2026, 5:17 p.m. | 42 minutes ago
Description :Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, WEB_FETCH_FILTER_LIST matching compared configured host entries against URL strings and non-label-boundary suffixes, allowing path-based blocklist bypasses such as !internal.example.com in a URL path and sibling-domain matches that did not reflect the intended hostname policy. This issue is fixed in version 0.10.0.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 Jul 2026 | 5:17 pm UTC

CVE-2026-59222 - Open WebUI: /api/v1/channels/{id}/members exposes full user model including sensitive credentials

CVE ID :CVE-2026-59222
Published : July 9, 2026, 5:17 p.m. | 42 minutes ago
Description :Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.7.0 before 0.10.0, GET /api/v1/channels//members returned full UserModelResponse objects for channel members, including settings.ui.toolServers[].key and webhook configuration, allowing a normal channel participant to retrieve other users’ sensitive settings. This issue is fixed in version 0.10.0.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 Jul 2026 | 5:17 pm UTC

CVE-2026-59220 - Open WebUI: ReDoS in skill-mention regexes causes whole-instance DoS on default config

CVE ID :CVE-2026-59220
Published : July 9, 2026, 5:17 p.m. | 42 minutes ago
Description :Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.2 before 0.10.0, the SKILL_MENTION_RE and strip_re regular expressions in backend/open_webui/utils/middleware.py parsed <$skillId|label> skill mentions with overlapping quantifiers, allowing an authenticated chat message containing <$ without a closing > to trigger quadratic backtracking and block the asyncio event loop. This issue is fixed in version 0.10.0.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 Jul 2026 | 5:17 pm UTC

CVE-2026-59215 - Open WebUI: Private channel messages can be disclosed through cross-channel thread parent_id binding

CVE ID :CVE-2026-59215
Published : July 9, 2026, 5:17 p.m. | 42 minutes ago
Description :Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, channel thread parent and reply handling did not bind parent_id to the channel in the URL, allowing an authenticated user to reference a message from another private or DM channel and disclose thread context across channels. This issue is fixed in version 0.10.0.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 Jul 2026 | 5:17 pm UTC

CVE-2026-59214 - Open WebUI: Stored web worker XSS via Pyodide

CVE ID :CVE-2026-59214
Published : July 9, 2026, 5:17 p.m. | 42 minutes ago
Description :Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, Open WebUI runs client-side Python with Pyodide in a same-origin web worker, allowing stored chat payloads that use pyodide.http.pyfetch or the js module fetch and XMLHttpRequest APIs to issue authenticated same-origin requests when a victim clicks Run, which can reach admin-only endpoints and execute server-side code through configured tools. This issue is fixed in version 0.10.0.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 Jul 2026 | 5:17 pm UTC

CVE-2026-59217 - Open WebUI: Upload `metadata.knowledge_id` bypasses the knowledge-base write-access check (read-only users can add files to KB)

CVE ID :CVE-2026-59217
Published : July 9, 2026, 5:17 p.m. | 42 minutes ago
Description :Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, the file upload path accepted metadata.knowledge_id and auto-linked uploaded files to a target knowledge base without applying the write-access check used by /api/v1/knowledge//file/add, allowing read-only knowledge-base users to add arbitrary files. This issue is fixed in version 0.10.0.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 Jul 2026 | 5:17 pm UTC

CVE-2026-59219 - Open WebUI: Realtime endpoints accept Redis-revoked JWTs after signout/backchannel logout

CVE ID :CVE-2026-59219
Published : July 9, 2026, 5:17 p.m. | 42 minutes ago
Description :Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0 with Redis configured, Socket.IO connect, user-join, join-channels, join-note, and the terminal websocket first-message authentication used decode_token without the Redis-backed is_valid_token revocation check, allowing revoked JWTs to continue authenticating realtime connections. This issue is fixed in version 0.10.0.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 Jul 2026 | 5:17 pm UTC

CVE-2026-59216 - Open WebUI: Cross-user code-interpreter and tool execution via unvalidated Socket.IO event-caller session_id

CVE ID :CVE-2026-59216
Published : July 9, 2026, 5:17 p.m. | 42 minutes ago
Description :Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, get_event_call delivered execute:python and execute:tool Socket.IO events to a client-supplied session_id after checking only that the session was connected, allowing authenticated users who learned another socket ID through ydoc:document:join to run code interpreter Python or tools in that user session. This issue is fixed in version 0.10.0.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 Jul 2026 | 5:17 pm UTC

CVE-2026-59218 - Open WebUI: Account enumeration via observable login timing discrepancy

CVE ID :CVE-2026-59218
Published : July 9, 2026, 5:17 p.m. | 42 minutes ago
Description :Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, the /api/v1/auths/signin endpoint looked users up by email and only ran bcrypt password verification when a credential existed, making registered-account attempts measurably slower than missing-email attempts and allowing unauthenticated account enumeration. This issue is fixed in version 0.10.0.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 Jul 2026 | 5:17 pm UTC

CVE-2026-59213 - Open WebUI: Cross-user model-list exposure via static cache key in get_all_models (aiocache key= vs key_builder= misuse)

CVE ID :CVE-2026-59213
Published : July 9, 2026, 5:17 p.m. | 42 minutes ago
Description :Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.27 before 0.10.0, get_all_models handlers in routers/openai.py and routers/ollama.py passed a lambda to aiocache key instead of key_builder, causing permission-filtered per-user model lists to share a static cache entry and exposing one user’s model list to another caller during the TTL window. This issue is fixed in version 0.10.0.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 Jul 2026 | 5:17 pm UTC

CVE-2026-59212 - Open WebUI: Model meta.knowledge read-only file access can be upgraded to file write/delete

CVE ID :CVE-2026-59212
Published : July 9, 2026, 5:17 p.m. | 42 minutes ago
Description :Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.6 before 0.10.0, _verify_knowledge_file_access only checked read access while file write and delete routes later trusted object-derived access through writable model meta.knowledge entries, allowing a user with read-only knowledge file access to upgrade to file write or delete operations. This issue is fixed in version 0.10.0.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 Jul 2026 | 5:17 pm UTC

CVE-2026-59209 - n8n: Shared Credential Header Leak via HTTP Request Pagination Expression

CVE ID :CVE-2026-59209
Published : July 9, 2026, 5:17 p.m. | 42 minutes ago
Description :n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated member with use-only editor access to a shared workflow could read credential-populated headers exposed via the $request object inside an HTTP Request node's pagination expression and exfiltrate the secret through item data. This issue is fixed in versions 1.123.61, 2.27.4, and 2.28.1.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 Jul 2026 | 5:17 pm UTC

CVE-2026-58459 - gpsd gpsprof Command Injection via gnuplot plot title subtype field

CVE ID :CVE-2026-58459
Published : July 9, 2026, 5:17 p.m. | 42 minutes ago
Description :gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability in gpsprof that allows attackers who control the GPS device subtype value to execute arbitrary shell commands by embedding backtick payloads in the gnuplot plot title without proper escaping. The subtype field sourced from a DEVICES JSON log entry or NMEA PGRMT sentence is written into a generated gnuplot program via a set title statement with only double-quote characters escaped, enabling arbitrary shell command execution as the user running gnuplot when the victim renders the generated plot through the gpsprof and gnuplot workflow.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 Jul 2026 | 5:17 pm UTC

CVE-2026-51605 - Tenda CP3 RTSP Stack-Based Buffer Overflow

CVE ID :CVE-2026-51605
Published : July 9, 2026, 5:17 p.m. | 42 minutes ago
Description :A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.991) allows an unauthenticated remote attacker to cause a denial of service via a crafted TEARDOWN request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 Jul 2026 | 5:17 pm UTC

CVE-2026-51606 - Tenda CP3 RTSP Service Improper Input Handling Denial of Service Vulnerability

CVE ID :CVE-2026-51606
Published : July 9, 2026, 5:17 p.m. | 42 minutes ago
Description :An improper input handling vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.91) causes the device to abruptly terminate the TCP connection with a RST packet when a request containing an oversized field value is received, without returning any RFC 2326-compliant error response. This behavior affects the request-line URL field and header field values across multiple RTSP request types.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 Jul 2026 | 5:17 pm UTC

CVE-2026-53987 - GLPI 11 < 2.14.4 Tag Plugin Stored Cross-Site Scripting in Kanban Badge Rendering

CVE ID :CVE-2026-53987
Published : July 9, 2026, 5:17 p.m. | 42 minutes ago
Description :The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent() without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update rights can set a tag name containing HTML, which then executes in the browser of any user who opens the Kanban view of a ticket, problem, change, or project the tag is attached to.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 Jul 2026 | 5:17 pm UTC

CVE-2026-51604 - Tenda CP3 RTSP Stack-Based Buffer Overflow

CVE ID :CVE-2026-51604
Published : July 9, 2026, 5:17 p.m. | 42 minutes ago
Description :A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.91) allows an unauthenticated remote attacker to cause a denial of service via a crafted PLAY request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 Jul 2026 | 5:17 pm UTC

CVE-2026-51603 - Tenda CP3 RTSP Service Stack-Based Buffer Overflow

CVE ID :CVE-2026-51603
Published : July 9, 2026, 5:17 p.m. | 42 minutes ago
Description :A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.91) allows an unauthenticated remote attacker to cause a denial of service via a crafted second SETUP request. After completing the OPTIONS, DESCRIBE, and a legitimate first SETUP request to obtain a valid session ID, the RTSP service's second-stage URL routing parser fails to validate the length of the URL field in the subsequent SETUP request. By supplying a URL consisting of exactly four consecutive repetitions of a valid RTSP URL, an attacker can bypass first-stage format validation and trigger a stack buffer overflow, causing an immediate crash of the RTSP service process and rendering the device inaccessible to all clients on the local network.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 Jul 2026 | 5:17 pm UTC

CVE-2026-51601 - Tenda CP3 RTSP Service Stack-Based Buffer Overflow

CVE ID :CVE-2026-51601
Published : July 9, 2026, 5:16 p.m. | 42 minutes ago
Description :Tenda CP3 V3.0 firmware V31.1.9.91 contains a stack-based buffer overflow in the RTSP service. The device fails to validate the length of the clock= value in the Range header field when processing a PLAY request. An unauthenticated remote attacker who has completed a standard RTSP session handshake can send a PLAY request with an excessively long clock= value to cause the RTSP service to crash.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 Jul 2026 | 5:16 pm UTC

CVE-2026-51602 - Tenda CP3 RTSP Service Stack-Based Buffer Overflow

CVE ID :CVE-2026-51602
Published : July 9, 2026, 5:16 p.m. | 42 minutes ago
Description :A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.91) allows an unauthenticated remote attacker to cause a denial of service via a crafted SETUP request. The RTSP service's second-stage URL routing parser fails to validate the length of the URL field in the first SETUP request. By supplying a URL consisting of exactly four consecutive repetitions of a valid RTSP URL, an attacker can bypass first-stage format validation and trigger a stack buffer overflow, causing an immediate crash of the RTSP service process and rendering the device inaccessible to all clients on the local network.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Latest Vulnerabilities | 9 Jul 2026 | 5:16 pm UTC

ZDI-26-399: (0Day) (Pwn2Own) Lorex 2K Indoor Wi-Fi Security Camera Device Management Server Improper Certificate Validation Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. User interaction is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5.

Source: ZDI: Published Advisories | 8 Jul 2026 | 5:00 am UTC

ZDI-26-398: (0Day) (Pwn2Own) Lorex 2K Indoor Wi-Fi Security Camera CDeviceOperator Format String Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5.

Source: ZDI: Published Advisories | 8 Jul 2026 | 5:00 am UTC

ZDI-26-400: (0Day) AnyDesk Screen Recording Link Following Denial-of-Service Vulnerability

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.7.

Source: ZDI: Published Advisories | 8 Jul 2026 | 5:00 am UTC

ZDI-26-401: (0Day) AnyDesk Support Information Link Following Denial-of-Service Vulnerability

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.7.

Source: ZDI: Published Advisories | 8 Jul 2026 | 5:00 am UTC

ZDI-26-403: (0Day) Ollama downloadBlob Improper Validation of Array Index Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ollama. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5.

Source: ZDI: Published Advisories | 8 Jul 2026 | 5:00 am UTC

ZDI-26-402: (0Day) Glarysoft Glary Utilities Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Glarysoft Glary Utilities. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.3.

Source: ZDI: Published Advisories | 8 Jul 2026 | 5:00 am UTC

ZDI-CAN-31121: Oracle

A CVSS score 7.5 AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Xiaobye(@xiaobye_tw) of DEVCORE Research Team' was reported to the affected vendor on: 2026-07-07, 2 days ago. The vendor is given until 2026-11-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 7 Jul 2026 | 5:00 am UTC

ZDI-CAN-31451: VMware

A CVSS score 8.8 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Gwangun Jung (@pr0ln) of Theori, with Xint Code' was reported to the affected vendor on: 2026-07-07, 2 days ago. The vendor is given until 2026-11-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 7 Jul 2026 | 5:00 am UTC

ZDI-CAN-31739: Linux

A CVSS score 7.8 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'YingMuo (@YingMuo) of DEVCORE Research Team' was reported to the affected vendor on: 2026-07-07, 2 days ago. The vendor is given until 2026-11-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 7 Jul 2026 | 5:00 am UTC

ZDI-CAN-31523: Linux

A CVSS score 7.5 AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'elden, Brayn Mbeumo' was reported to the affected vendor on: 2026-07-03, 6 days ago. The vendor is given until 2026-10-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 3 Jul 2026 | 5:00 am UTC

ZDI-CAN-30609: LibreOffice

A CVSS score 3.3 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-07-03, 6 days ago. The vendor is given until 2026-10-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 3 Jul 2026 | 5:00 am UTC

ZDI-CAN-31036: libwebsockets

A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Maher Azzouzi' was reported to the affected vendor on: 2026-07-03, 6 days ago. The vendor is given until 2026-10-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 3 Jul 2026 | 5:00 am UTC

ZDI-CAN-31764: Linux

A CVSS score 7.8 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Nico Yip (@_cyeaa_)' was reported to the affected vendor on: 2026-07-03, 6 days ago. The vendor is given until 2026-10-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 3 Jul 2026 | 5:00 am UTC

ZDI-CAN-31517: Linux

A CVSS score 7.8 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-07-03, 6 days ago. The vendor is given until 2026-10-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 3 Jul 2026 | 5:00 am UTC

ZDI-CAN-30656: Microsoft

A CVSS score 8.8 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-07-03, 6 days ago. The vendor is given until 2026-10-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 3 Jul 2026 | 5:00 am UTC

ZDI-CAN-31014: oFono

A CVSS score 8.4 AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-07-03, 6 days ago. The vendor is given until 2026-10-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 3 Jul 2026 | 5:00 am UTC

ZDI-CAN-31610: Linux

A CVSS score 7.8 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-07-03, 6 days ago. The vendor is given until 2026-10-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 3 Jul 2026 | 5:00 am UTC

ZDI-CAN-31063: Linux

A CVSS score 9.3 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L severity vulnerability discovered by 'p2gone' was reported to the affected vendor on: 2026-07-03, 6 days ago. The vendor is given until 2026-10-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 3 Jul 2026 | 5:00 am UTC

ZDI-CAN-31151: LibreOffice

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'truff' was reported to the affected vendor on: 2026-07-03, 6 days ago. The vendor is given until 2026-10-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 3 Jul 2026 | 5:00 am UTC

ZDI-CAN-31149: Linux

A CVSS score 7.5 AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-07-03, 6 days ago. The vendor is given until 2026-10-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 3 Jul 2026 | 5:00 am UTC

ZDI-CAN-31604: Linux

A CVSS score 7.8 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-07-03, 6 days ago. The vendor is given until 2026-10-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 3 Jul 2026 | 5:00 am UTC

ZDI-CAN-31075: LibreOffice

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-07-03, 6 days ago. The vendor is given until 2026-10-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 3 Jul 2026 | 5:00 am UTC

ZDI-CAN-30625: Langflow

A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Nicholas Zubrisky (@NZubrisky) of TrendAI Zero Day Initiative' was reported to the affected vendor on: 2026-07-03, 6 days ago. The vendor is given until 2026-10-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 3 Jul 2026 | 5:00 am UTC

ZDI-CAN-28837: Hinemos

A CVSS score 7.5 AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'hrk' was reported to the affected vendor on: 2026-07-02, 7 days ago. The vendor is given until 2026-10-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 2 Jul 2026 | 5:00 am UTC

ZDI-CAN-31369: Cisco

A CVSS score 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by '@TristanInSec' was reported to the affected vendor on: 2026-06-30, 9 days ago. The vendor is given until 2026-10-28 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 30 Jun 2026 | 5:00 am UTC

ZDI-CAN-31897: Langflow

A CVSS score 5.0 AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-06-30, 9 days ago. The vendor is given until 2026-10-28 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 30 Jun 2026 | 5:00 am UTC

ZDI-CAN-31386: Adobe

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-06-30, 9 days ago. The vendor is given until 2026-10-28 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 30 Jun 2026 | 5:00 am UTC

ZDI-CAN-30998: Adobe

A CVSS score 3.3 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-06-30, 9 days ago. The vendor is given until 2026-10-28 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 30 Jun 2026 | 5:00 am UTC

ZDI-CAN-31794: pdfforge

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'chwrld (@chwrld24)' was reported to the affected vendor on: 2026-06-30, 9 days ago. The vendor is given until 2026-10-28 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 30 Jun 2026 | 5:00 am UTC

ZDI-CAN-29955: NI

A CVSS score 3.3 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by 'Grigory Dorodnov of TrendAI Research' was reported to the affected vendor on: 2026-06-30, 9 days ago. The vendor is given until 2026-10-28 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 30 Jun 2026 | 5:00 am UTC

ZDI-CAN-32107: MLflow

A CVSS score 6.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L severity vulnerability discovered by 'Grigory Dorodnov of TrendAI Research' was reported to the affected vendor on: 2026-06-30, 9 days ago. The vendor is given until 2026-10-28 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 30 Jun 2026 | 5:00 am UTC

ZDI-CAN-31150: Adobe

A CVSS score 3.3 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by 'NURIHAN KIM (HanTul)' was reported to the affected vendor on: 2026-06-30, 9 days ago. The vendor is given until 2026-10-28 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 30 Jun 2026 | 5:00 am UTC

ZDI-CAN-31895: MLflow

A CVSS score 7.7 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N severity vulnerability discovered by 's3zer0' was reported to the affected vendor on: 2026-06-30, 9 days ago. The vendor is given until 2026-10-28 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 30 Jun 2026 | 5:00 am UTC

ZDI-CAN-31374: Adobe

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-06-30, 9 days ago. The vendor is given until 2026-10-28 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 30 Jun 2026 | 5:00 am UTC

ZDI-CAN-32169: Oracle

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mat Powell of TrendAI Zero Day Initiative' was reported to the affected vendor on: 2026-06-30, 9 days ago. The vendor is given until 2026-10-28 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 30 Jun 2026 | 5:00 am UTC

ZDI-CAN-29954: NI

A CVSS score 3.3 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by 'Grigory Dorodnov of TrendAI Research' was reported to the affected vendor on: 2026-06-30, 9 days ago. The vendor is given until 2026-10-28 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 30 Jun 2026 | 5:00 am UTC

ZDI-CAN-32108: MLflow

A CVSS score 5.4 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N severity vulnerability discovered by 'Grigory Dorodnov of TrendAI Research' was reported to the affected vendor on: 2026-06-30, 9 days ago. The vendor is given until 2026-10-28 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 30 Jun 2026 | 5:00 am UTC

ZDI-CAN-32110: RAGFlow

A CVSS score 6.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L severity vulnerability discovered by 'Taha Siddiqi (@_atomiz_) of TrendAI Research' was reported to the affected vendor on: 2026-06-26, 13 days ago. The vendor is given until 2026-10-24 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 26 Jun 2026 | 5:00 am UTC

ZDI-CAN-30087: Wibu-Systems

A CVSS score 3.8 AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N severity vulnerability discovered by 'haro001' was reported to the affected vendor on: 2026-06-26, 13 days ago. The vendor is given until 2026-10-24 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 26 Jun 2026 | 5:00 am UTC

ZDI-CAN-32109: RAGFlow

A CVSS score 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L severity vulnerability discovered by 'Taha Siddiqi (@_atomiz_) of TrendAI Research' was reported to the affected vendor on: 2026-06-26, 13 days ago. The vendor is given until 2026-10-24 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 26 Jun 2026 | 5:00 am UTC

ZDI-CAN-29934: Quest

A CVSS score 8.2 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L severity vulnerability discovered by '06fe5fd2bc53027c4a3b7e395af0b850e7b8a044' was reported to the affected vendor on: 2026-06-26, 13 days ago. The vendor is given until 2026-10-24 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 26 Jun 2026 | 5:00 am UTC

ZDI-CAN-31152: LibreOffice

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'truff' was reported to the affected vendor on: 2026-06-26, 13 days ago. The vendor is given until 2026-10-24 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 26 Jun 2026 | 5:00 am UTC

ZDI-CAN-32112: RAGFlow

A CVSS score 6.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L severity vulnerability discovered by 'Taha Siddiqi (@_atomiz_) of TrendAI Research' was reported to the affected vendor on: 2026-06-26, 13 days ago. The vendor is given until 2026-10-24 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 26 Jun 2026 | 5:00 am UTC

ZDI-CAN-32111: RAGFlow

A CVSS score 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Taha Siddiqi (@_atomiz_) of TrendAI Research' was reported to the affected vendor on: 2026-06-26, 13 days ago. The vendor is given until 2026-10-24 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 26 Jun 2026 | 5:00 am UTC

ZDI-CAN-32027: Adobe

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Brandon Evans of TrendAI Zero Day Initiative' was reported to the affected vendor on: 2026-06-26, 13 days ago. The vendor is given until 2026-10-24 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 26 Jun 2026 | 5:00 am UTC

ZDI-CAN-31973: Adobe

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Brandon Evans of TrendAI Zero Day Initiative' was reported to the affected vendor on: 2026-06-26, 13 days ago. The vendor is given until 2026-10-24 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 26 Jun 2026 | 5:00 am UTC

ZDI-CAN-30236: Samsung

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Michael DePlante (@izobashi) of TrendAI Zero Day Initiative' was reported to the affected vendor on: 2026-06-26, 13 days ago. The vendor is given until 2026-10-24 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 26 Jun 2026 | 5:00 am UTC

ZDI-CAN-30083: Oracle

A CVSS score 7.5 AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'crixer(@pwning_me)' was reported to the affected vendor on: 2026-06-25, 14 days ago. The vendor is given until 2026-10-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 25 Jun 2026 | 5:00 am UTC

ZDI-CAN-31139: Linux

A CVSS score 8.2 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Eldudareeno' was reported to the affected vendor on: 2026-06-25, 14 days ago. The vendor is given until 2026-10-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 25 Jun 2026 | 5:00 am UTC

ZDI-CAN-31527: Linux

A CVSS score 8.8 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Sajeeb Lohani' was reported to the affected vendor on: 2026-06-25, 14 days ago. The vendor is given until 2026-10-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 25 Jun 2026 | 5:00 am UTC

ZDI-CAN-31419: Linux

A CVSS score 7.5 AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by '@TristanInSec' was reported to the affected vendor on: 2026-06-25, 14 days ago. The vendor is given until 2026-10-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 25 Jun 2026 | 5:00 am UTC

ZDI-CAN-29751: Oracle

A CVSS score 7.5 AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Team Amazone@229' was reported to the affected vendor on: 2026-06-25, 14 days ago. The vendor is given until 2026-10-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 25 Jun 2026 | 5:00 am UTC

ZDI-CAN-32035: Apache

A CVSS score 5.8 AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L severity vulnerability discovered by 'Minh Giang (@itscysamu) and Nicholas Zubrisky (@NZubrisky) of TrendAI Zero Day Initiative' was reported to the affected vendor on: 2026-06-25, 14 days ago. The vendor is given until 2026-10-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 25 Jun 2026 | 5:00 am UTC

ZDI-CAN-31133: Linux

A CVSS score 8.2 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Mark H' was reported to the affected vendor on: 2026-06-25, 14 days ago. The vendor is given until 2026-10-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 25 Jun 2026 | 5:00 am UTC

ZDI-CAN-31417: Linux

A CVSS score 7.5 AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'GangMin Kim' was reported to the affected vendor on: 2026-06-25, 14 days ago. The vendor is given until 2026-10-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 25 Jun 2026 | 5:00 am UTC

ZDI-CAN-31587: OriginLab

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'chwrld (@chwrld24)' was reported to the affected vendor on: 2026-06-24, 15 days ago. The vendor is given until 2026-10-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 24 Jun 2026 | 5:00 am UTC

ZDI-CAN-32004: Microsoft

A CVSS score 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N severity vulnerability discovered by 'Nitesh Surana (niteshsurana.com) of TrendAI Research' was reported to the affected vendor on: 2026-06-24, 15 days ago. The vendor is given until 2026-10-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Source: ZDI: Upcoming Advisories | 24 Jun 2026 | 5:00 am UTC

ZDI-26-395: X.Org Server SyncChangeCounter Use-After-Free Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-50261.

Source: ZDI: Published Advisories | 24 Jun 2026 | 5:00 am UTC

ZDI-26-371: Quest NetVault Backup NVBUDeviceDrive SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-9782.

Source: ZDI: Published Advisories | 24 Jun 2026 | 5:00 am UTC

ZDI-26-388: Oracle PeopleSoft HubMBeanPersistance Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle PeopleSoft. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2026-35273.

Source: ZDI: Published Advisories | 24 Jun 2026 | 5:00 am UTC

ZDI-26-382: ATEN Unizon ImportDeviceList Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2026-9778.

Source: ZDI: Published Advisories | 24 Jun 2026 | 5:00 am UTC

ZDI-26-367: Fuji Electric Tellus pcid64 Driver Registry APIs Exposed Dangerous Method Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Fuji Electric Tellus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-8108.

Source: ZDI: Published Advisories | 24 Jun 2026 | 5:00 am UTC

ZDI-26-377: Quest NetVault Backup viewclient Cross-Site Scripting Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-7569.

Source: ZDI: Published Advisories | 24 Jun 2026 | 5:00 am UTC

ZDI-26-372: Quest NetVault Backup NVBURemovableMedia SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-9783.

Source: ZDI: Published Advisories | 24 Jun 2026 | 5:00 am UTC

ZDI-26-381: ATEN Unizon restoreDB Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2026-9777.

Source: ZDI: Published Advisories | 24 Jun 2026 | 5:00 am UTC

ZDI-26-369: Quest NetVault Backup addclient3 Cross-Site Scripting Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-9780.

Source: ZDI: Published Advisories | 24 Jun 2026 | 5:00 am UTC

ZDI-26-379: ATEN Unizon uploadSSL Directory Traversal Arbitrary File Deletion Vulnerability

This vulnerability allows remote attackers to delete arbitrary files on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.5. The following CVEs are assigned: CVE-2026-9775.

Source: ZDI: Published Advisories | 24 Jun 2026 | 5:00 am UTC

ZDI-26-376: Quest NetVault Backup NVBULogDaemon Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-9787.

Source: ZDI: Published Advisories | 24 Jun 2026 | 5:00 am UTC

ZDI-26-389: Oracle PeopleSoft ExecuteProcessActivityCommand External Control of File Path Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle PeopleSoft. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-35273.

Source: ZDI: Published Advisories | 24 Jun 2026 | 5:00 am UTC

ZDI-26-378: ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion Vulnerability

This vulnerability allows remote attackers to delete arbitrary files on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.5. The following CVEs are assigned: CVE-2026-9774.

Source: ZDI: Published Advisories | 24 Jun 2026 | 5:00 am UTC

ZDI-26-390: X.Org Server Font Alias Stack-based Buffer Overflow Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-50256.

Source: ZDI: Published Advisories | 24 Jun 2026 | 5:00 am UTC

ZDI-26-380: ATEN Unizon writeFileToHttpServletResponse Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of ATEN Unizon. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2026-9776.

Source: ZDI: Published Advisories | 24 Jun 2026 | 5:00 am UTC

ZDI-26-387: Oracle PeopleSoft HttpListeningConnector Server-Side Request Forgery Vulnerability

This vulnerability allows remote attackers to initiate arbitrary server-side requests on affected installations of Oracle PeopleSoft. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.3. The following CVEs are assigned: CVE-2026-35273.

Source: ZDI: Published Advisories | 24 Jun 2026 | 5:00 am UTC

ZDI-26-373: Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-9784.

Source: ZDI: Published Advisories | 24 Jun 2026 | 5:00 am UTC

ZDI-26-375: Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-9786.

Source: ZDI: Published Advisories | 24 Jun 2026 | 5:00 am UTC

count: 100