Zero Day Initiative — Blog

Pwn2Own Automotive 2025 - Day Three and Final Results

Blog post

CVE-2022-35690: Unauthenticated RCE in Adobe ColdFusion

January 19, 2023
Adobe, ColdFusion, Research

Pwn2Own Automotive 2025 - Day Three and Final Results

Blog post

CVE-2022-40300: SQL Injection in ManageEngine Privileged Access Management

November 23, 2022
ManageEngine, Research

Pwn2Own Automotive 2025 - Day Three and Final Results

Blog post

CVE-2022-34715: More Microsoft Windows NFS v4 Remote Code Execution

September 06, 2022
Microsoft, NFS, Research

Pwn2Own Automotive 2025 - Day Three and Final Results

Blog post

CVE-2022-30136: Microsoft Windows Network File System v4 Remote Code Execution Vulnerability

July 14, 2022
NFS, Microsoft, Research

Pwn2Own Automotive 2025 - Day Three and Final Results

Blog post

CVE-2021-44790: Code Execution on Apache via an Integer Underflow

January 25, 2022
Apache, Research

Pwn2Own Automotive 2025 - Day Three and Final Results

Blog post

CVE-2021-45105: Denial of Service via Uncontrolled Recursion in Log4j StrSubstitutor

December 18, 2021
Log4j, Apache, Research

Pwn2Own Automotive 2025 - Day Three and Final Results

Blog post

CVE-2021-26084: Details on the Recently Exploited Atlassian Confluence OGNL Injection Bug

September 22, 2021
Atlassian, Research, Exploit

Pwn2Own Automotive 2025 - Day Three and Final Results

Blog post

CVE-2021-1497: Cisco HyperFlex HX Auth Handling Remote Command Execution

June 23, 2021
Cisco, HyperFlex, Research

Pwn2Own Automotive 2025 - Day Three and Final Results

Blog post

CVE-2021-31166: A Wormable Code Execution Bug in HTTP.sys

May 18, 2021
Microsoft, IIS, Research

Pwn2Own Automotive 2025 - Day Three and Final Results

Blog post

CVE-2021-25646: Getting Code Execution on Apache Druid

March 29, 2021
Apache, Druid, Research