news.russia.network | Published Advisories

ZDI-25-912: GIMP WBMP File Parsing Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-10923...

ПОДРОБНЕЕ

ZDI-25-911: GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

ПОДРОБНЕЕ

ZDI-25-910: GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

ПОДРОБНЕЕ

ZDI-25-909: GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ПОДРОБНЕЕ

ZDI-25-908: Autodesk AutoCAD PRT File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-8892...

ПОДРОБНЕЕ

ZDI-25-907: Autodesk Revit RFA File Parsing Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Revit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-8354...

ПОДРОБНЕЕ

ZDI-25-906: SolarWinds Web Help Desk AjaxProxy Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Web Help Desk. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2025-26399...

ПОДРОБНЕЕ

ZDI-25-905: Gen Digital CCleaner Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Gen Digital CCleaner. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Some interaction on the part of an administrator is additionally required. The ZDI has assigned a CVSS rating of 7.3. The following CVEs are assigned: CVE-2025-3025...

ПОДРОБНЕЕ

ZDI-25-904: Dassault Systèmes eDrawings Viewer PAR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-9447...

ПОДРОБНЕЕ

ZDI-25-903: Dassault Systèmes eDrawings Viewer PAR File Parsing Use-After-Free Remote Code Execution Vulnerability

ПОДРОБНЕЕ

ZDI-25-902: Dassault Systèmes eDrawings Viewer JT File Parsing Uninitialized Variable Remote Code Execution Vulnerability

ПОДРОБНЕЕ

ZDI-25-901: Apple Safari IPC Connection Invalidation Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2025-43368...

ПОДРОБНЕЕ