Zero Day Initiative — FreeIntelHub

Zero Day Initiative CVE Feb 12

ZDI-26-077: GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this...

T1556 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 12

ZDI-26-076: GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Although authentication is required to exploi...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 12

ZDI-26-075: GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this...

T1556 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 12

ZDI-26-074: GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Although authentication is required to exploi...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apple Feb 12

ZDI-26-073: Nagios Host zabbixagent_configwizard_func Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vul...

T1190 T1059 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apple Feb 12

ZDI-26-072: Nagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vul...

T1190 T1059 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apple Feb 12

ZDI-26-071: Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vul...

T1190 T1059 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Adobe Feb 6

ZDI-26-070: Adobe ColdFusion CAR File Parsing Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe ColdFusion. Authentication is required to exploit thi...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 6

ZDI-26-069: (0Day) Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xmind. User interaction is required to exploit this vulnera...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Microsoft Docker Feb 5

ZDI-26-068: Docker Desktop for Windows Incorrect Permission Assignment Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop for Windows. User interaction on the part of an ...

T1548 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Microsoft Docker Feb 5

ZDI-26-067: Docker Desktop for Windows Incorrect Permission Assignment Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop for Windows. User interaction on the part of an ...

T1548 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 5

ZDI-26-066: (Pwn2Own) Lexmark CX532adwe getCFFNames Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX532adwe printers. Authentication is not...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 5

ZDI-26-065: (Pwn2Own) Lexmark CX532adwe usecmap Type Confusion Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX532adwe printers. Authentication is not...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 5

ZDI-26-064: (Pwn2Own) Lexmark CX532adwe execuserobject Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX532adwe printers. Authentication is not...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 5

ZDI-26-063: (Pwn2Own) Lexmark CX532adwe libesffls Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX532adwe printers. Authentication is not...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 5

ZDI-26-062: (Pwn2Own) Lexmark CX532adwe esfhelper Untrusted Search Path Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Lexmark CX532adwe printers. An attacker must first obtain the a...

T1548 T1068 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE NVIDIA Feb 4

ZDI-26-061: NVIDIA Triton Inference Server EVBufferToJson Uncaught Exception Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of NVIDIA Triton Inference Server. Authenticatio...

1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Check Point NVIDIA Feb 4

ZDI-26-060: NVIDIA Megatron-LM load_base_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NVIDIA Megatron-LM. User interaction is required to exploit...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 3

ZDI-26-059: CyberArk Endpoint Privilege Management Improper Privilege Management Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of CyberArk Endpoint Privilege Management. An attacker must first ...

T1548 T1068 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Feb 3

ZDI-26-058: AzeoTech DAQFactory Pro CTL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of AzeoTech DAQFactory. User interaction is required to exploi...

T1190 1 IOC

Zero Day Initiative →