news.russia.network | Published Advisories

ZDI-25-809: (0Day) Microsoft Exchange PowerShell Exposed Dangerous Method NTLM Relay Vulnerability

This vulnerability allows remote attackers to relay NTLM credentials on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8...

ПОДРОБНЕЕ

ZDI-25-808: (0Day) AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of AOMEI Cyber Backup. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2025-8610...

ПОДРОБНЕЕ

ZDI-25-807: (0Day) AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability

ПОДРОБНЕЕ

ZDI-25-806: (0Day) AOMEI Backupper Workstation Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of AOMEI Backupper Workstation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. User interaction on the part of an administrator is needed additionally. The ZDI has assigned a CVSS rating of 7.3. The following CVEs are assigned: CVE-2025-8612...

ПОДРОБНЕЕ

ZDI-25-805: (0Day) Vacron Camera ping Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vacron Camera devices. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2025-8613...

ПОДРОБНЕЕ

ZDI-25-804: (0Day) (Pwn2Own) Kenwood DMX958XR Protection Mechanism Failure Software Downgrade Vulnerability

This vulnerability allows physically present attackers to downgrade software on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.8. The following CVEs are assigned: CVE-2025-8656...

ПОДРОБНЕЕ

ZDI-25-803: (0Day) (Pwn2Own) Kenwood DMX958XR libSystemLib Command injection Remote Code Execution Vulnerability

This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.8. The following CVEs are assigned: CVE-2025-8655...

ПОДРОБНЕЕ

ZDI-25-802: (0Day) (Pwn2Own) Kenwood DMX958XR ReadMVGImage Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-8654...

ПОДРОБНЕЕ

ZDI-25-801: (0Day) (Pwn2Own) Kenwood DMX958XR JKRadioService Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Kenwood DMX958XR. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-8653...

ПОДРОБНЕЕ

ZDI-25-809: (0Day) Microsoft Exchange PowerShell Exposed Dangerous Method NTLM Relay Vulnerability

ZDI-25-808: (0Day) AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability

ZDI-25-807: (0Day) AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability

ZDI-25-806: (0Day) AOMEI Backupper Workstation Link Following Local Privilege Escalation Vulnerability

ZDI-25-805: (0Day) Vacron Camera ping Command Injection Remote Code Execution Vulnerability

ZDI-25-804: (0Day) (Pwn2Own) Kenwood DMX958XR Protection Mechanism Failure Software Downgrade Vulnerability

ZDI-25-803: (0Day) (Pwn2Own) Kenwood DMX958XR libSystemLib Command injection Remote Code Execution Vulnerability

ZDI-25-802: (0Day) (Pwn2Own) Kenwood DMX958XR ReadMVGImage Command Injection Remote Code Execution Vulnerability

ZDI-25-801: (0Day) (Pwn2Own) Kenwood DMX958XR JKRadioService Stack-based Buffer Overflow Remote Code Execution Vulnerability

ZDI-25-800: (0Day) (Pwn2Own) Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability

ZDI-25-799: (0Day) (Pwn2Own) Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability

ZDI-25-798: (0Day) (Pwn2Own) Kenwood DMX958XR libSystemLib Command Injection Remote Code Execution Vulnerability