Radar
A personal hobby project. Radar aggregates security advisories from CISA, Zero Day Initiative and CERT-EU and adds short editorial highlights on what I find notable from a European infrastructure perspective — not a threat-intel service, not exhaustive, just what catches my eye.
-
ZDI-26-329: (Pwn2Own) Microsoft Edge Origin Validation Error Security Bypass Vulnerability
The vulnerability requires user interaction, such as visiting a malicious page, to exploit a security bypass in Microsoft Edge.
Read more → -
ZDI-26-330: (Pwn2Own) Microsoft Edge Navigation Handling Universal Cross-Site Scripting Vulnerability
The vulnerability requires user interaction to visit a malicious page or open a malicious file, indicating execution depends on social engineering.
Read more → -
ZDI-26-331: (Pwn2Own) Microsoft Edge Feedback Log File Handling Directory Traversal Remote Code Execution Vulnerability
The vulnerability involves directory traversal in Microsoft Edge's feedback log file handling, potentially enabling remote code execution with user interaction.
Read more → -
ZDI-26-328: ASUS Business Manager Service Client-Side Authentication Local Privilege Escalation Vulnerability
The vulnerability involves client-side authentication in the ASUS Business Manager Service, which may allow local privilege escalation if exploited.
Read more → -
ZDI-26-327: Docker Desktop grpcfuse Kernel Module Uncontrolled Recursion Denial-of-Service Vulnerability
The vulnerability resides in the Docker Desktop grpcfuse kernel module, which can be triggered by low-privileged code running inside a container.
Read more → -
ZDI-26-320: TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
The vulnerability requires an attacker to already have the ability to execute low-privileged code on the system.
Read more → -
ZDI-26-321: TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
The vulnerability requires prior execution of low-privileged code to enable local privilege escalation within TrendAI Vision One Security Agent.
Read more → -
ZDI-26-322: TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
The vulnerability requires prior execution of low-privileged code to enable local privilege escalation.
Read more → -
ZDI-26-323: TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
The vulnerability requires prior execution of low-privileged code to enable local privilege escalation.
Read more → -
ZDI-26-324: TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
The vulnerability is a local privilege escalation in TrendAI Vision One Security Agent due to origin validation error.
Read more → -
ZDI-26-325: TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
The vulnerability requires prior execution of low-privileged code to enable local privilege escalation in TrendAI Vision One Security Agent.
Read more → -
ZDI-26-326: TrendAI Vision One Security Agent Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
The vulnerability is a time-of-check to time-of-use (TOCTOU) issue in the TrendAI Vision One Security Agent that can be exploited by local attackers to escalate privileges.
Read more → -
ZDI-26-318: Progress Software Kemp LoadMaster ssodomain_killsession Command Injection Remote Code Execution Vulnerability
Authentication is required to exploit the command injection vulnerability in Kemp LoadMaster's ssodomain_killsession function.
Read more → -
ZDI-26-319: Progress Software Kemp LoadMaster addcountry Command Injection Remote Code Execution Vulnerability
Authentication is required to exploit the command injection vulnerability in Kemp LoadMaster's addcountry function.
Read more → -
ZDI-26-311: Apple macOS CoreSymbolication Out-Of-Bounds Read Information Disclosure Vulnerability
The vulnerability involves an out-of-bounds read in the CoreSymbolication framework, potentially disclosing sensitive information.
Read more → -
ZDI-26-312: Apple Safari Web Inspector WebCore Style Resolver Use-After-Free Remote Code Execution Vulnerability
The vulnerability affects WebCore Style Resolver in Safari's Web Inspector. Exploitation requires user interaction through a malicious page or file.
Read more → -
ZDI-26-313: Apple Safari Regular Expression Duplicate Named Groups Heap-based Buffer Overflow Remote Code Execution Vulnerability
The vulnerability involves a heap-based buffer overflow in Apple Safari due to improper handling of duplicate named groups in regular expressions.
Read more → -
ZDI-26-314: Apple macOS USD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
A vulnerability in Apple macOS's USD library enables remote code execution via an out-of-bounds write.
Read more → -
ZDI-26-315: Apple macOS USD Out-Of-Bounds Read Information Disclosure Vulnerability
A remote out-of-bounds read vulnerability exists in Apple macOS USD library. Attack vectors depend on implementation.
Read more → -
ZDI-26-316: Siemens Simcenter Femap IPT File Parsing Memory Corruption Remote Code Execution Vulnerability
The vulnerability stems from memory corruption during IPT file parsing in Siemens Simcenter Femap, requiring user interaction for exploitation.
Read more → -
ZDI-26-317: Siemens Simcenter Femap IPT File Parsing Memory Corruption Remote Code Execution Vulnerability
The vulnerability stems from memory corruption during IPT file parsing in Siemens Simcenter Femap, requiring user interaction for exploitation.
Read more → -
ZDI-26-309: Microsoft Windows Message Queueing Double Free Local Privilege Escalation Vulnerability
This vulnerability requires a local attacker to first execute low-privileged code. The ZDI has assigned a CVSS rating of 7.8.
Read more → -
ZDI-26-310: Microsoft Windows splwow64 Race Condition Local Privilege Escalation Vulnerability
A race condition in splwow64 enables local privilege escalation when an attacker already has code execution. The vulnerability requires pre-existing access on the target system.
Read more → -
ZDI-26-308: Ivanti Endpoint Manager RemoteControlAuth Exposed Dangerous Method Information Disclosure Vulnerability
The vulnerability involves a method in Ivanti Endpoint Manager's RemoteControlAuth that exposes sensitive information, with authentication normally required but bypassable.
Read more → -
ZDI-26-307: FlowiseAI Flowise Airtable_Agent Code Injection Remote Code Execution Vulnerability
The vulnerability allows remote code execution without authentication. The CVSS rating of 9.8 indicates a high severity.
Read more → -
ZDI-26-306: Oracle VirtualBox SoundBlaster 16 Race Condition Local Privilege Escalation Vulnerability
The vulnerability requires a local attacker to already have high-privileged code execution on the guest system. The ZDI assigned a CVSS rating of 7.5 for this issue.
Read more → -
ZDI-26-305: (0Day) OpenAI Codex Sandbox Escape Vulnerability
OpenAI Codex sandbox escape vulnerability requires user interaction via malicious JavaScript in a repository. The ZDI assigned a CVSS rating of 8.6.
Read more → -
ZDI-26-301: Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability
The vulnerability is a use-after-free in Foxit PDF Reader triggered by handling annotations, requiring user interaction to exploit.
Read more → -
ZDI-26-302: Foxit PDF Reader AcroForm Signature Use-After-Free Remote Code Execution Vulnerability
A use-after-free in Foxit PDF Reader's AcroForm signature handling can lead to remote code execution when a malicious file is opened.
Read more → -
ZDI-26-303: Foxit PDF Reader AcroForm Signature Use-After-Free Information Disclosure Vulnerability
This vulnerability enables information disclosure via a malicious PDF file. The assigned CVSS score of 3.3 indicates a low severity rating.
Read more → -
ZDI-26-304: Foxit PDF Reader AcroForm Annotation Use-After-Free Remote Code Execution Vulnerability
Foxit PDF Reader AcroForm Annotation contains a use-after-free vulnerability. The ZDI has assigned a CVSS rating of 7.8.
Read more → -
ZDI-26-300: Flowise AccountService resetPassword Authentication Bypass Vulnerability
The vulnerability enables remote authentication bypass via the AccountService resetPassword function in Flowise without requiring prior authentication.
Read more → -
ZDI-26-296: Delta Electronics ASDA-Soft PAR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
The vulnerability involves a stack-based buffer overflow triggered by parsing a malicious PAR file in Delta Electronics ASDA-Soft.
Read more → -
ZDI-26-297: Siemens SINEC NMS Improper Authentication Privilege Escalation Vulnerability
The vulnerability requires authentication but allows remote privilege escalation in Siemens SINEC NMS.
Read more → -
ZDI-26-298: Siemens SINEC NMS Authentication Bypass Vulnerability
The advisory notes that authentication is not required to exploit this vulnerability, indicating a full bypass of login requirements.
Read more → -
ZDI-26-299: Docker Desktop Enhanced Container Isolation Exposed Dangerous Function Local Privilege Escalation Vulnerability
The vulnerability requires initial code execution within a container to escalate privileges on Docker Desktop.
Read more → -
ZDI-26-245: (0Day) aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability
This is an unauthenticated command injection vulnerability in AWS CLI's MCP server. It carries a CVSS score of 9.8 and is marked as a 0-day.
Read more → -
ZDI-26-293: (0Day) Microsoft Office URI Handler NTLM Response Information Disclosure Vulnerability
A Microsoft Office URI handler vulnerability enables remote disclosure of NTLM responses. Exploitation requires user interaction via a malicious page or file.
Read more → -
ZDI-26-294: (0Day) Microsoft Windows library-ms NTLM Response Information Disclosure Vulnerability
The vulnerability requires user interaction through viewing a folder with malicious content, which may limit exposure to network-adjacent attackers.
Read more → -
ZDI-26-295: (0Day) PublicCMS getXml Server-Side Request Forgery Information Disclosure Vulnerability
The vulnerability allows unauthenticated remote attackers to disclose sensitive information via SSRF. The advisory notes a CVSS rating of 8.2.
Read more → -
ZDI-26-258: (0Day) Docker Desktop extension-manager Exposed Dangerous Function Local Privilege Escalation Vulnerability
The vulnerability requires prior execution of high-privileged container code to exploit. The advisory assigns a CVSS rating of 8.2.
Read more → -
ZDI-26-259: (0Day) Docker Desktop cli-plugins Incorrect Permission Assignment Local Privilege Escalation Vulnerability
Local privilege escalation vulnerability in Docker Desktop for Windows requires escaping the container first. The ZDI assigned a CVSS score of 7.8.
Read more → -
ZDI-26-260: (0Day) Docker Desktop System Editor Uncontrolled Search Path Element Privilege Escalation Vulnerability
The vulnerability requires escaping a container and executing code in the Docker Hyper-V VM to escalate privileges.
Read more → -
ZDI-26-261: (0Day) Docker Desktop credentialHelper Directory Traversal Privilege Escalation Vulnerability
The vulnerability requires prior container escape to the Hyper-V VM for exploitation. The advisory assigns a CVSS score of 7.5.
Read more → -
ZDI-26-262: Adobe ColdFusion deleteVersion Directory Traversal Arbitrary File Deletion Vulnerability
The advisory notes authentication is required but can be bypassed, which may expand the pool of potential attackers despite the access control requirement.
Read more → -
ZDI-26-263: Adobe ColdFusion subscribeToEndpoints Authentication Bypass Vulnerability
The vulnerability allows authentication bypass without requiring authentication to exploit. The ZDI has assigned a CVSS rating of 6.5.
Read more → -
ZDI-26-264: Adobe ColdFusion fetchCFSettingFile Directory Traversal Information Disclosure Vulnerability
The vulnerability allows remote attackers to disclose sensitive information without authentication. The ZDI has assigned a CVSS rating of 7.5.
Read more → -
ZDI-26-265: Fortinet FortiWeb cgi_buf_alloc Integer Overflow Denial-of-Service Vulnerability
Authentication is required to exploit this denial-of-service vulnerability in Fortinet FortiWeb.
Read more → -
ZDI-26-266: Fortinet FortiWeb cat_cgi_paths Out-Of-Bounds Write Remote Code Execution Vulnerability
The vulnerability requires authentication for exploitation. The ZDI assigned a CVSS rating of 8.8.
Read more → -
ZDI-26-267: Malwarebytes Anti-Malware Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
The vulnerability requires local execution to escalate privileges. The CVSS rating of 7.8 indicates high severity for local privilege escalation.
Read more → -
ZDI-26-268: Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability
The vulnerability stems from incorrect default permissions in Samsung MagicINFO 9 Server, enabling local privilege escalation.
Read more → -
ZDI-26-269: TrendAI Apex One Console Directory Traversal Remote Code Execution Vulnerability
The vulnerability permits unauthenticated remote attackers to execute arbitrary code on Trend Micro Apex One via directory traversal.
Read more → -
ZDI-26-270: TrendAI Apex One Console Directory Traversal Remote Code Execution Vulnerability
The vulnerability permits remote code execution without authentication via a directory traversal issue in the Apex One Console.
Read more → -
ZDI-26-271: Avast Premium Security Gen Self Protection Driver Exposed Dangerous Function Local Privilege Escalation Vulnerability
The vulnerability requires prior local code execution to escalate privileges. The advisory notes a CVSS score of 7.8 for this local privilege escalation.
Read more → -
ZDI-26-272: ATEN Unizon RpcProvider Missing Authentication Denial-of-Service Vulnerability
The vulnerability affects ATEN Unizon's RpcProvider component and can be exploited without authentication to trigger a denial-of-service condition.
Read more → -
ZDI-26-273: Microsoft Olive Deserialization of Untrusted Data Remote Code Execution Vulnerability
The vulnerability requires user interaction, such as visiting a malicious page or opening a malicious file, to trigger remote code execution via deserialization of untrusted data.
Read more → -
ZDI-26-274: Microsoft Qlib fit Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability requires user interaction via a malicious page or file. It has a CVSS rating of 7.8.
Read more → -
ZDI-26-275: Microsoft Qlib _mount_nfs_uri Command Injection Remote Code Execution Vulnerability
Network-adjacent attackers can execute arbitrary code without authentication. The CVSS rating assigned is 8.8.
Read more → -
ZDI-26-276: Microsoft Windows Secure Kernel Double Free Local Privilege Escalation Vulnerability
This vulnerability targets the Windows Secure Kernel and requires local high-privileged code execution to exploit. The ZDI assigned a CVSS score of 7.5.
Read more → -
ZDI-26-277: Microsoft Windows afd.sys Race Condition Local Privilege Escalation Vulnerability
The vulnerability requires local code execution prior to exploitation.
Read more → -
ZDI-26-278: Microsoft Windows win32kfull Improper Locking Local Privilege Escalation Vulnerability
The vulnerability requires a local attacker to already have code execution on the target system. The advisory assigns a CVSS score of 7.8.
Read more → -
ZDI-26-279: Microsoft Windows Snipping Tool Improper Input Validation Remote Code Execution Vulnerability
The vulnerability requires user interaction through visiting a malicious page or opening a malicious file. A CVSS rating of 7.5 is assigned.
Read more → -
ZDI-26-280: (Pwn2Own) HP DeskJet 2855e JobStatusEvent Stack-based Buffer Overflow Remote Code Execution Vulnerability
The vulnerability allows network-adjacent attackers to execute arbitrary code without authentication. It was demonstrated at Pwn2Own 2026 and carries a CVSS score of 8.8.
Read more → -
ZDI-26-281: Microsoft vcpkg OpenSSL Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
The vulnerability affects Microsoft's vcpkg OpenSSL port, enabling local privilege escalation.
Read more → -
ZDI-26-282: GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
The vulnerability is a heap-based buffer overflow in GIMP's HDR file parsing, requiring user interaction to trigger.
Read more → -
ZDI-26-283: GStreamer qtdemux Stack-based Buffer Overflow Remote Code Execution Vulnerability
The vulnerability requires interaction with the GStreamer library but specific attack vectors depend on implementation. A CVSS rating of 7.8 has been assigned.
Read more → -
ZDI-26-284: DriveLock Directory Traversal Information Disclosure Vulnerability
DriveLock directory traversal vulnerability allows unauthenticated remote information disclosure. CVSS 7.5 assigned to CVE-2026-5487.
Read more → -
ZDI-26-285: DriveLock Directory Traversal Information Disclosure Vulnerability
The vulnerability permits unauthenticated remote attackers to disclose sensitive information via a directory traversal issue in DriveLock.
Read more → -
ZDI-26-286: DriveLock SQL Injection Privilege Escalation Vulnerability
Authentication is required to exploit this SQL injection vulnerability in DriveLock, which could lead to privilege escalation.
Read more → -
ZDI-26-287: DriveLock Directory Traversal Information Disclosure Vulnerability
The vulnerability enables remote information disclosure without requiring authentication, affecting DriveLock installations.
Read more → -
ZDI-26-288: DriveLock Directory Traversal Information Disclosure Vulnerability
The vulnerability requires authentication and allows remote attackers to disclose sensitive information via a directory traversal flaw in DriveLock.
Read more → -
ZDI-26-289: Linux Kernel ETS Scheduler Race Condition Local Privilege Escalation Vulnerability
This vulnerability requires prior high-privileged code execution on the target system. The ETS scheduler race condition allows local privilege escalation.
Read more → -
ZDI-26-290: NI LabVIEW LVLIB File Parsing Memory Corruption Remote Code Execution Vulnerability
The vulnerability stems from memory corruption during LVLIB file parsing in NI LabVIEW, requiring user interaction for exploitation.
Read more → -
ZDI-26-291: NI LabVIEW LVCLASS File Parsing Memory Corruption Remote Code Execution Vulnerability
The vulnerability affects NI LabVIEW during LVCLASS file parsing, leading to memory corruption.
Read more → -
ZDI-26-292: QNAP TS-453E QVRPro excpostgres Exposed Dangerous Method Remote Code Execution Vulnerability
The vulnerability affects QNAP TS-453E devices running QVRPro's excpostgres service and can be exploited without authentication.
Read more → -
ZDI-26-254: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability
A type confusion vulnerability exists in the parsing of PDSPRJ files in Labcenter Electronics Proteus, which could lead to remote code execution if a user opens a malicious file.
Read more → -
ZDI-26-255: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
The vulnerability requires user interaction through opening a malicious file or visiting a malicious page. The assigned CVSS score of 7.8 indicates a high-severity issue.
Read more → -
ZDI-26-256: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
An out-of-bounds write vulnerability exists in Labcenter Electronics Proteus PDSPRJ file parsing. Remote code execution requires user interaction via a malicious file or page.
Read more → -
ZDI-26-257: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
The vulnerability is triggered by parsing a malicious PDSPRJ file, leading to an out-of-bounds write condition.
Read more → -
ZDI-26-251: Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
The vulnerability stems from an uncontrolled search path element in the Foxit PDF Reader update service, which can be exploited by local attackers to escalate privileges.
Read more → -
ZDI-26-252: Mozilla Firefox IonMonkey Switch Statement Optimization Type Confusion Remote Code Execution Vulnerability
The vulnerability stems from a type confusion in Firefox's IonMonkey switch statement optimization, which could be triggered by visiting a malicious page.
Read more → -
ZDI-26-253: Microsoft Visual Studio Code mcp.json Command Injection Remote Code Execution Vulnerability
The vulnerability requires a user to open a malicious project to trigger command injection via mcp.json in Visual Studio Code.
Read more → -
ZDI-26-250: Linux Kernel Analog Device Driver Improper Validation of Array Index Local Privilege Escalation Vulnerability
This vulnerability requires local execution with high privileges to exploit. The advisory specifies a CVSS score of 8.2.
Read more → -
ZDI-26-227: OpenClaw Canvas Path Traversal Information Disclosure Vulnerability
The vulnerability requires authentication to exploit and could lead to information disclosure via path traversal in OpenClaw.
Read more → -
ZDI-26-228: OpenClaw Canvas Authentication Bypass Vulnerability
The advisory notes that authentication is not required to exploit the vulnerability, indicating potential for unauthenticated remote access.
Read more → -
ZDI-26-229: OpenClaw Client PKCE Verifier Information Disclosure Vulnerability
The vulnerability requires user interaction during an OAuth authorization flow to disclose stored credentials.
Read more → -
ZDI-26-230: Apple macOS CoreMedia Framework Out-Of-Bounds Write Remote Code Execution Vulnerability
The vulnerability is an out-of-bounds write in the CoreMedia framework requiring user interaction for remote code execution.
Read more → -
ZDI-26-231: Apple macOS Exposure of Sensitive Information to Unauthorized Sphere Information Disclosure Vulnerability
The vulnerability requires a local attacker with low-privileged code execution to disclose sensitive information. It affects Apple macOS installations with a CVSS rating of 3.8.
Read more → -
ZDI-26-232: (Pwn2Own) Red Hat Enterprise Linux vmwgfx Driver Integer Overflow Local Privilege Escalation Vulnerability
The vulnerability is an integer overflow in the vmwgfx driver, which is part of the Red Hat Enterprise Linux kernel graphics subsystem.
Read more → -
ZDI-26-233: Digilent DASYLab DSA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
The vulnerability is triggered by parsing a malicious DSA file, leading to an out-of-bounds read in Digilent DASYLab.
Read more → -
ZDI-26-234: Digilent DASYLab DSA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
The vulnerability requires user interaction through opening a malicious file or visiting a malicious page. A CVSS score of 7.8 is assigned.
Read more → -
ZDI-26-235: Digilent DASYLab DSA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
The vulnerability involves an out-of-bounds write during DSA file parsing in Digilent DASYLab, requiring user interaction for exploitation.
Read more → -
ZDI-26-236: Digilent DASYLab DSB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
DASYLab DSB file parsing contains an out-of-bounds write vulnerability. Exploitation requires user interaction via a malicious file or page.
Read more → -
ZDI-26-237: (Pwn2Own) QNAP QHora-322 ip6_wanifset Improper Restriction of Communication Channel to Intended Endpoints Firewall Bypass Vulnerability
The advisory notes a firewall bypass vulnerability in the QNAP QHora-322 router due to improper restriction of a communication channel.
Read more → -
ZDI-26-238: Linux Kernel AoE Driver Use-After-Free Local Privilege Escalation Vulnerability
The vulnerability is a use-after-free in the Linux Kernel AoE driver that can be exploited by local attackers to escalate privileges.
Read more → -
ZDI-26-239: (Pwn2Own) QNAP QHora-322 login.newAuthMiddleware.Authenticator Authentication Bypass Vulnerability
The vulnerability enables remote authentication bypass on QNAP QHora-322 routers without requiring prior authentication.
Read more → -
ZDI-26-240: (Pwn2Own) QNAP QHora-322 qvpn_db_mgr role_type Improper Neutralization of Escape Sequences Authentication Bypass Vulnerability
The advisory notes that authentication is required to exploit the vulnerability, yet the authentication mechanism can be bypassed, which may indicate a flaw in how role_type input is validated during the authentication process.
Read more → -
ZDI-26-241: (Pwn2Own) QNAP QHora-322 qvpn_db_mgr username SQL Injection Remote Code Execution Vulnerability
The vulnerability involves a SQL injection in the qvpn_db_mgr component that can be exploited remotely after bypassing authentication.
Read more → -
ZDI-26-242: (Pwn2Own) QNAP TS-453E server_handlers.pyc rr2s.kwargs Error Message Information Disclosure Vulnerability
The vulnerability involves an information disclosure in the server_handlers.pyc rr2s.kwargs component of QNAP TS-453E devices, where authentication can be bypassed despite being nominally required.
Read more → -
ZDI-26-243: (Pwn2Own) QNAP TS-453E write_file_to_svr External Control of File Path Remote Code Execution Vulnerability
The vulnerability affects QNAP TS-453E devices and involves external control of a file path via the write_file_to_svr function, potentially allowing remote code execution.
Read more →