Published Advisories

PUBLISHED ADVISORIES

The following is a list of all publicly disclosed vulnerabilities discovered by Zero Day Initiative researchers. While the affected vendor is working on a patch for these vulnerabilities, Trend Micro customers are protected from exploitation by security filters delivered ahead of public disclosure.

All security vulnerabilities that are acquired by the Zero Day Initiative are handled according to the ZDI Disclosure Policy. Once the affected vendor patches the vulnerability, we publish an accompanying security advisory which describes the issue, including links to the vendor's fixes.

Available in RSS Format
ZDI ID ZDI CAN AFFECTED VENDOR(S) CVE CVSS v3.0 PUBLISHED UPDATED TITLE
ZDI-25-089 ZDI-CAN-24785 mySCADA CVE-2025-20014 9.8 2025-02-19 2025-02-19 mySCADA myPRO Command Injection Remote Code Execution Vulnerability
ZDI-25-088 ZDI-CAN-24784 mySCADA CVE-2025-20061 9.8 2025-02-19 2025-02-19 mySCADA myPRO Command Injection Remote Code Execution Vulnerability
ZDI-25-087 ZDI-CAN-26525 NVIDIA CVE-2025-23359 9.0 2025-02-19 2025-02-19 NVIDIA Container Toolkit mount_files Time-Of-Check Time-Of-Use Race Condition Privilege Escalation Vulnerability
ZDI-25-086 ZDI-CAN-25368 PDF-XChange CVE-2025-0900 3.3 2025-02-11 2025-02-11 PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-25-085 ZDI-CAN-25336 Logsign CVE-2025-1044 9.8 2025-02-05 2025-02-05 Logsign Unified SecOps Platform Authentication Bypass Vulnerability
ZDI-25-084 ZDI-CAN-23382 Mintty CVE-2025-1052 8.8 2025-02-05 2025-02-05 Mintty Sixel Image Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-25-083 ZDI-CAN-24690 Microsoft   7.5 2025-02-04 2025-02-04 Microsoft Edge ms-its: Scheme Remote Code Execution Vulnerability
ZDI-25-082 ZDI-CAN-25014 Parallels CVE-2025-0413 7.8 2025-02-04 2025-02-04 Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability
ZDI-25-081 ZDI-CAN-25816 TeamViewer CVE-2025-0065 7.8 2025-02-03 2025-02-03 TeamViewer Improper Neutralization of Argument Delimiters Local Privilege Escalation Vulnerability
ZDI-25-080 ZDI-CAN-22834 NI CVE-2024-12740 7.8 2025-02-03 2025-02-03 NI Vision Builder AI JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-25-079 ZDI-CAN-22611 NI CVE-2024-12740 7.8 2025-02-03 2025-02-03 NI Vision Development Module Vision Assistant JPG File Parsing Out-of-Bounds Write Remote Code Execution Vulnerability
ZDI-25-078 ZDI-CAN-22884 NI CVE-2024-12740 7.8 2025-02-03 2025-02-03 NI Vision Builder AI JPG File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-25-077 ZDI-CAN-22663 NI CVE-2024-12740 7.8 2025-02-03 2025-02-03 NI Vision Development Module Vision Assistant JPG File Parsing Out-of-Bounds Write Remote Code Execution Vulnerability
ZDI-25-076 ZDI-CAN-25094 NoMachine CVE-2024-9632 6.7 2025-02-03 2025-02-03 NoMachine Incorrect Permission Assignment Local Privilege Escalation Vulnerability
ZDI-25-075 ZDI-CAN-25622 Canon CVE-2024-12649 8.8 2025-01-31 2025-01-31 (Pwn2Own) Canon imageCLASS MF656Cdw TTF Parsing Write-What-Where Condition Remote Code Execution Vulnerability
ZDI-25-074 ZDI-CAN-25592 Canon CVE-2024-12648 8.8 2025-01-31 2025-01-31 (Pwn2Own) Canon imageCLASS MF656Cdw TIF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-25-073 ZDI-CAN-25490 Canon CVE-2024-12647 8.8 2025-01-31 2025-01-31 (Pwn2Own) Canon imageCLASS MF656Cdw listObjects2 Buffer Overflow Remote Code Execution Vulnerability
ZDI-25-072 ZDI-CAN-25405 PDF-XChange CVE-2025-0902 3.3 2025-01-31 2025-01-31 PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-25-071 ZDI-CAN-25422 PDF-XChange CVE-2025-0904 3.3 2025-01-31 2025-01-31 PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-25-070 ZDI-CAN-25421 PDF-XChange CVE-2025-0903 7.8 2025-01-31 2025-01-31 PDF-XChange Editor RTF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-25-069 ZDI-CAN-25435 PDF-XChange CVE-2025-0907 3.3 2025-01-31 2025-01-31 PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-25-068 ZDI-CAN-25434 PDF-XChange CVE-2025-0906 3.3 2025-01-31 2025-01-31 PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-25-067 ZDI-CAN-25433 PDF-XChange CVE-2025-0905 3.3 2025-01-31 2025-01-31 PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-25-066 ZDI-CAN-25957 PDF-XChange CVE-2025-0911 3.3 2025-01-31 2025-01-31 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-25-065 ZDI-CAN-25748 PDF-XChange CVE-2025-0910 7.8 2025-01-31 2025-01-31 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-25-064 ZDI-CAN-25678 PDF-XChange CVE-2025-0909 3.3 2025-01-31 2025-01-31 PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-25-063 ZDI-CAN-25557 PDF-XChange CVE-2025-0908 3.3 2025-01-31 2025-02-05 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-25-062 ZDI-CAN-25372 PDF-XChange CVE-2025-0901 7.8 2025-01-31 2025-01-31 PDF-XChange Editor Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability
ZDI-25-061 ZDI-CAN-25349 PDF-XChange CVE-2025-0899 7.8 2025-01-31 2025-01-31 PDF-XChange Editor AcroForm Use-After-Free Remote Code Execution Vulnerability
ZDI-25-060 ZDI-CAN-25396 Google CVE-2024-9954 7.5 2025-01-30 2025-01-30 Google Chrome AI Manager Use-After-Free Remote Code Execution Vulnerability
ZDI-25-059 ZDI-CAN-25000 Siemens CVE-2024-53041 7.8 2025-01-22 2025-01-22 Siemens Tecnomatix Plant Simulation WRL File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-25-058 ZDI-CAN-25206 Siemens CVE-2024-53242 7.8 2025-01-22 2025-01-22 Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
ZDI-25-057 ZDI-CAN-25205 Siemens CVE-2024-45471 7.8 2025-01-22 2025-01-22 Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-25-056 ZDI-CAN-25202 Siemens CVE-2024-45469 7.8 2025-01-22 2025-01-22 Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-25-055 ZDI-CAN-25318 Sante CVE-2025-0574 8.2 2025-01-20 2025-01-20 Sante PACS Server URL path Memory Corruption Denial-of-Service Vulnerability
ZDI-25-054 ZDI-CAN-25308 Sante CVE-2025-0572 4.3 2025-01-20 2025-01-20 Sante PACS Server Web Portal DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability
ZDI-25-053 ZDI-CAN-25309 Sante CVE-2025-0573 5.3 2025-01-20 2025-01-20 Sante PACS Server DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability
ZDI-25-052 ZDI-CAN-25303 Sante CVE-2025-0569 7.5 2025-01-20 2025-01-20 Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability
ZDI-25-051 ZDI-CAN-25305 Sante CVE-2025-0571 6.5 2025-01-20 2025-01-20 Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability
ZDI-25-050 ZDI-CAN-25304 Sante CVE-2025-0570 6.5 2025-01-20 2025-01-20 Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability
ZDI-25-049 ZDI-CAN-25302 Sante CVE-2025-0568 7.5 2025-01-20 2025-01-20 Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability
ZDI-25-048 ZDI-CAN-24012 Apple CVE-2024-27856 8.8 2025-01-20 2025-01-20 Apple WebKit WebCore ContainerNode Use-After-Free Remote Code Execution Vulnerability
ZDI-25-047 ZDI-CAN-24986 WinZip Computing CVE-2025-1240 7.8 2025-01-20 2025-02-11 WinZip 7Z File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-25-046 ZDI-CAN-25333 Adobe CVE-2025-21127 7.3 2025-01-20 2025-01-20 Adobe Photoshop node_modules Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
ZDI-25-045 ZDI-CAN-25456 7-Zip CVE-2025-0411 7.0 2025-01-19 2025-01-19 7-Zip Mark-of-the-Web Bypass Vulnerability
ZDI-25-044 ZDI-CAN-25713 Ivanti CVE-2024-13179 7.3 2025-01-19 2025-01-19 Ivanti Avalanche SecureFilter Authentication Bypass Vulnerability
ZDI-25-043 ZDI-CAN-25712 Ivanti CVE-2024-13180 7.5 2025-01-19 2025-01-19 Ivanti Avalanche Faces ResourceManager Information Disclosure Vulnerability
ZDI-25-042 ZDI-CAN-25711 Ivanti CVE-2024-13181 7.3 2025-01-19 2025-01-19 Ivanti Avalanche SecureFilter allowPassThrough Authentication Bypass Vulnerability
ZDI-25-041 ZDI-CAN-25929 Ivanti CVE-2024-13162 7.2 2025-01-19 2025-01-19 Ivanti Endpoint Manager updateAssetInfo SQL Injection Remote Code Execution Vulnerability
ZDI-25-040 ZDI-CAN-25432 Ivanti CVE-2024-13163 7.8 2025-01-19 2025-01-19 Ivanti Endpoint Manager DecodeBase64Object Deserialization of Untrusted Data Remote Code Execution Vulnerability
ZDI-25-039 ZDI-CAN-25431 Ivanti CVE-2024-13164 6.2 2025-01-19 2025-01-19 Ivanti Endpoint Manager AlertService Uninitialized Memory Information Disclosure Vulnerability
ZDI-25-038 ZDI-CAN-25420 Ivanti CVE-2024-13165 7.5 2025-01-19 2025-01-19 Ivanti Endpoint Manager Improper Input Validation AlertService Denial-of-Service Vulnerability
ZDI-25-037 ZDI-CAN-25419 Ivanti CVE-2024-13166 7.5 2025-01-19 2025-01-19 Ivanti Endpoint Manager AlertService Improper Input Validation Denial-of-Service Vulnerability
ZDI-25-036 ZDI-CAN-25418 Ivanti CVE-2024-13167 7.5 2025-01-19 2025-01-19 Ivanti Endpoint Manager AlertService Improper Input Validation Denial-of-Service Vulnerability
ZDI-25-035 ZDI-CAN-25417 Ivanti CVE-2024-13168 7.5 2025-01-19 2025-01-19 Ivanti Endpoint Manager AlertService Improper Input Validation Denial-of-Service Vulnerability
ZDI-25-034 ZDI-CAN-25416 Ivanti CVE-2024-13169 5.5 2025-01-19 2025-01-19 Ivanti Endpoint Manager AlertService Type Confusion Information Disclosure Vulnerability
ZDI-25-033 ZDI-CAN-25415 Ivanti CVE-2024-13170 7.5 2025-01-19 2025-01-19 Ivanti Endpoint Manager AlertService Improper Input Validation Denial-of-Service Vulnerability
ZDI-25-032 ZDI-CAN-25249 Ivanti CVE-2024-13172 7.8 2025-01-19 2025-01-19 Ivanti Endpoint Manager HIIDriver Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability
ZDI-25-031 ZDI-CAN-25209 Ivanti CVE-2024-13158 7.2 2025-01-19 2025-01-19 Ivanti Endpoint Manager MyResolveEventHandler Untrusted Search Path Remote Code Execution Vulnerability
ZDI-25-030 ZDI-CAN-25187 Microsoft CVE-2025-21363 7.8 2025-01-15 2025-01-15 Microsoft Office Word DOCX File Parsing Uninitialized Pointer Remote Code Execution Vulnerability
ZDI-25-029 ZDI-CAN-25332 Microsoft CVE-2025-21331 7.8 2025-01-15 2025-01-15 Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability
ZDI-25-028 ZDI-CAN-25188 Microsoft CVE-2025-21298 7.8 2025-01-15 2025-01-15 Microsoft Office Word RTF File Parsing Memory Corruption Remote Code Execution Vulnerability
ZDI-25-027 ZDI-CAN-23793 Google CVE-2024-2886 5.4 2025-01-12 2025-01-12 (Pwn2Own) Google Chrome VideoFrame Use-After-Free Remote Code Execution Vulnerability
ZDI-25-026 ZDI-CAN-24744 Mintty CVE-2024-45301 5.3 2025-01-10 2025-01-10 Mintty Path Conversion Improper Input Validation Information Disclosure Vulnerability
ZDI-25-025 ZDI-CAN-22247 Avira CVE-2024-9525 7.8 2025-01-09 2025-01-09 Avira Prime System Speedup Service Link Following Local Privilege Escalation Vulnerability
ZDI-25-024 ZDI-CAN-22246 Avira CVE-2024-9524 7.8 2025-01-09 2025-01-09 Avira Prime System Speedup Service Link Following Local Privilege Escalation Vulnerability
ZDI-25-023 ZDI-CAN-22245 Avira CVE-2024-9523 7.8 2025-01-09 2025-01-09 Avira Prime System Speedup Service Link Following Local Privilege Escalation Vulnerability
ZDI-25-022 ZDI-CAN-25404 Apple   3.3 2025-01-09 2025-01-09 Apple macOS libFontValidation Font Glyph YCoordinate Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-25-021 ZDI-CAN-25364 Apple   3.3 2025-01-09 2025-01-09 Apple macOS libFontValidation Font Glyph Flags Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-25-020 ZDI-CAN-25366 Apple   3.3 2025-01-09 2025-01-09 Apple macOS libFontValidation post Table Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-25-019 ZDI-CAN-25339 Apple   3.3 2025-01-09 2025-01-09 Apple macOS libFontValidation loca Table Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-25-018 ZDI-CAN-25341 Apple   3.3 2025-01-09 2025-01-09 Apple macOS libFontValidation Font Header Name Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-25-017 ZDI-CAN-25340 Apple   3.3 2025-01-09 2025-01-09 Apple macOS libFontValidation kern Table Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-25-016 ZDI-CAN-25263 Apple CVE-2024-44240, CVE-2024-44302 3.3 2025-01-09 2025-01-09 Apple macOS CoreText Font Ligature Caret List Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-25-015 ZDI-CAN-25213 Apple CVE-2024-44240, CVE-2024-44302 3.3 2025-01-09 2025-01-09 Apple macOS CoreText Font Ligature Caret List Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-25-014 ZDI-CAN-24821 SonicWALL CVE-2024-53706 7.8 2025-01-09 2025-01-09 SonicWALL NSv setSshdConfig Exposed Dangerous Function Local Privilege Escalation Vulnerability
ZDI-25-013 ZDI-CAN-24820 SonicWALL CVE-2024-53705 8.1 2025-01-09 2025-01-09 SonicWALL NSv SSH Management Server-Side Request Forgery Vulnerability
ZDI-25-012 ZDI-CAN-24819 SonicWALL CVE-2024-53704 9.8 2025-01-09 2025-01-09 SonicWALL NSv Authentication Bypass Vulnerability
ZDI-25-011 ZDI-CAN-24818 SonicWALL CVE-2024-40762 8.8 2025-01-09 2025-01-09 SonicWALL NSv Cryptographically Weak PRNG Authentication Bypass Vulnerability
ZDI-25-010 ZDI-CAN-24487 Redis CVE-2024-46981 7.2 2025-01-09 2025-01-09 Redis Stack Lua Use-After-Free Remote Code Execution Vulnerability
ZDI-25-009 ZDI-CAN-24143 Redis CVE-2024-55656 8.8 2025-01-09 2025-01-09 Redis Stack RedisBloom Integer Overflow Remote Code Execution Vulnerability
ZDI-25-008 ZDI-CAN-24932 Trend Micro CVE-2024-55955 6.7 2025-01-08 2025-01-08 Trend Micro Deep Security Agent Incorrect Permissions Local Privilege Escalation Vulnerability
ZDI-25-007 ZDI-CAN-23401 Trend Micro CVE-2024-52047 7.5 2025-01-08 2025-01-08 Trend Micro Apex One widget getWidgetPoolManager Local File Inclusion Remote Code Execution Vulnerability
ZDI-25-006 ZDI-CAN-24674 Trend Micro CVE-2024-52049 7.8 2025-01-08 2025-01-08 Trend Micro Apex One LogServer Link Following Local Privilege Escalation Vulnerability
ZDI-25-005 ZDI-CAN-24675 Trend Micro CVE-2024-52048 7.8 2025-01-08 2025-01-08 Trend Micro Apex One LogServer Link Following Local Privilege Escalation Vulnerability
ZDI-25-004 ZDI-CAN-24566 Trend Micro CVE-2024-55917 7.8 2025-01-08 2025-01-08 Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability
ZDI-25-003 ZDI-CAN-24557 Trend Micro CVE-2024-55632 7.8 2025-01-08 2025-01-08 Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability
ZDI-25-002 ZDI-CAN-24609 Trend Micro CVE-2024-52050 7.8 2025-01-08 2025-01-08 Trend Micro Apex One LogServer Link Following Local Privilege Escalation Vulnerability
ZDI-25-001 ZDI-CAN-23995 Trend Micro CVE-2024-55631 7.8 2025-01-08 2025-01-08 Trend Micro Apex One Damage Cleanup Engine Link Following Local Privilege Escalation Vulnerability