ZDI-24-1049: (0Day) (Pwn2Own) ChargePoint Home Flex wlanapp Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this...
ZDI-24-1048: (0Day) (Pwn2Own) ChargePoint Home Flex onboardee Improper Access Control Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this...
ZDI-24-1047: (0Day) ChargePoint Home Flex Bluetooth Low Energy Denial-of-Service Vulnerability
This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of ChargePoint Home Flex charging devices. Authentication is not required to exploit...
ZDI-24-1046: (0Day) ChargePoint Home Flex Bluetooth Low Energy Information Disclosure Vulnerability
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging devices. User interaction is required to exploit this...
ZDI-24-1045: (0Day) (Pwn2Own) Pioneer DMH-WT7600NEX Telematics Improper Certificate Validation Vulnerability
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit...
ZDI-24-1044: (0Day) (Pwn2Own) Pioneer DMH-WT7600NEX Telematics Directory Traversal Arbitrary File Creation Vulnerability
This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Pioneer DMH-WT7600NEX devices. Although authentication is required to exploit this vulnerability, the...
ZDI-24-1043: (0Day) (Pwn2Own) Pioneer DMH-WT7600NEX Media Service Improper Handling of Exceptional Conditions Denial-of-Service Vulnerability
This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability....
ZDI-24-1042: NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on...
ZDI-24-1041: Google Chrome Updater DosDevices Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Google Chrome. An attacker must first obtain the ability to execute low-privileged code...
VMware ESXi Ransomware Attack (CVE-2024-37085)
What is the Attack?Threat actors are exploiting an authentication bypass vulnerability in ESXi hypervisors, known as CVE-2024-37085, to gain full administrative permissions on domain-joined ESXi...