ZDI-25-235: Ivanti Endpoint Manager OpenRecordSet SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The ZDI...
ZDI-25-234: Microsoft Windows dxkrnl Untrusted Pointer Dereference Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code...
ZDI-25-233: Luxion KeyShot Viewer KSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in...
ZDI-25-232: Luxion KeyShot PVS File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that...
ZDI-25-231: Luxion KeyShot SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that...
ZDI-25-230: (Pwn2Own) Samsung Galaxy S24 Smart Switch Agent Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S24. User interaction is required to exploit this vulnerability in...
ZDI-25-229: (Pwn2Own) Samsung Galaxy S24 Quick Share Directory Traversal Arbitrary File Write Vulnerability
This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Samsung Galaxy S24. An attacker must first obtain the ability to perform...
ZDI-25-228: (Pwn2Own) Samsung Galaxy S24 Quick Share Insufficient UI Warning Arbitrary File Write Vulnerability
This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Samsung Galaxy S24. An attacker must first obtain the ability to perform...
ZDI-25-227: (Pwn2Own) Samsung Galaxy S24 Gaming Hub Exposed Dangerous Method Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Samsung Galaxy S24. An attacker must first obtain the ability to execute low-privileged...
CrushFTP Authentication Bypass
What is the Vulnerability?FortiGuard Labs has observed in-the-wild attack attempts targeting CVE-2025-31161, an authentication bypass vulnerability in CrushFTP managed file transfer (MFT) software. Successful exploitation...
