ZDI-25-230: (Pwn2Own) Samsung Galaxy S24 Smart Switch Agent Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S24. User interaction is required to exploit this vulnerability in...
ZDI-25-229: (Pwn2Own) Samsung Galaxy S24 Quick Share Directory Traversal Arbitrary File Write Vulnerability
This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Samsung Galaxy S24. An attacker must first obtain the ability to perform...
ZDI-25-228: (Pwn2Own) Samsung Galaxy S24 Quick Share Insufficient UI Warning Arbitrary File Write Vulnerability
This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Samsung Galaxy S24. An attacker must first obtain the ability to perform...
ZDI-25-227: (Pwn2Own) Samsung Galaxy S24 Gaming Hub Exposed Dangerous Method Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Samsung Galaxy S24. An attacker must first obtain the ability to execute low-privileged...
ZDI-CAN-26916: MLflow
A CVSS score 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Peter Girnus (@gothburz) of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-04-09,...
ZDI-25-218: (Pwn2Own) Lexmark CX331adwe JPEG2000 Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability. The...
ZDI-25-219: (Pwn2Own) Lexmark CX331adwe JBIG2 File Parsing new_image Integer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability. The...
ZDI-25-220: (Pwn2Own) Lexmark CX331adwe basic_auth.cgi PATH_TRANSLATED Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability. The...
ZDI-25-221: (Pwn2Own) Lexmark CX331adwe httpd extract-trace Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Lexmark CX331adwe printers. An attacker must first obtain the ability to execute low-privileged...
ZDI-25-222: (Pwn2Own) Lexmark CX331adwe concatstrings Type Confusion Information Disclosure Vulnerability
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability. The...
