Secure Cyber Vulnerability Managament

ZDI-25-857: Ivanti Avalanche FileStoreConfig Arbitrary File Upload Remote Code Execution Vulnerability

21/08/2025

ZDI-25-856: Ivanti Avalanche getCountMuStatDevicePropResultsFromMuListAgentIds SQL Injection Remote Code Execution Vulnerability

21/08/2025

ZDI-25-855: (0Day) Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass Vulnerability

21/08/2025

ZDI-25-854: (0Day) Oxford Instruments Imaris Viewer IMS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

21/08/2025

2025

ZDI-25-857: Ivanti Avalanche FileStoreConfig Arbitrary File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit...

21/08/2025

Zero-Day Initiative

ZDI-25-856: Ivanti Avalanche getCountMuStatDevicePropResultsFromMuListAgentIds SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit...

21/08/2025

Zero-Day Initiative

ZDI-25-855: (0Day) Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass Vulnerability

This vulnerability could allow remote attackers to bypass authentication on systems that use the affected version of the Cockroach Labs...

21/08/2025

Zero-Day Initiative

ZDI-25-854: (0Day) Oxford Instruments Imaris Viewer IMS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oxford Instruments Imaris Viewer. User interaction is...

21/08/2025

Zero-Day Initiative

ZDI-25-853: (0Day) Oxford Instruments Imaris Viewer IMS File Parsing Uninitialized Pointer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oxford Instruments Imaris Viewer. User interaction is...

21/08/2025

Zero-Day Initiative

ZDI-25-852: (0Day) CData API Server MySQL Misconfiguration Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CData API Server. Authentication is required to...

21/08/2025

Zero-Day Initiative

ZDI-25-851: (Pwn2Own) NVIDIA Triton Inference Server IPC Push Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NVIDIA Triton Inference Server. Authentication is not...

21/08/2025

Zero-Day Initiative

ZDI-25-850: (Pwn2Own) NVIDIA Triton Inference Server LoadFromSharedMemory Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of NVIDIA Triton Inference Server. Authentication is not...

21/08/2025

Zero-Day Initiative

ZDI-25-849: (Pwn2Own) NVIDIA Triton Inference Server SharedMemoryManager Error Message Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of NVIDIA Triton Inference Server. Authentication is not...

21/08/2025

Zero-Day Initiative

ZDI-25-848: NVIDIA Isaac-GR00T secure_server Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of NVIDIA Isaac-GR00T. Authentication is not required to exploit...

21/08/2025

Zero-Day Initiative