Radar
A personal hobby project. Radar aggregates security advisories from CISA and Zero Day Initiative and adds short editorial highlights on what I find notable from a European infrastructure perspective — not a threat-intel service, not exhaustive, just what catches my eye.
-
ZDI-26-245: (0Day) aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability
This is an unauthenticated command injection vulnerability in AWS CLI's MCP server. It carries a CVSS score of 9.8 and is marked as a 0-day.
Read more → -
ZDI-26-293: (0Day) Microsoft Office URI Handler NTLM Response Information Disclosure Vulnerability
A Microsoft Office URI handler vulnerability enables remote disclosure of NTLM responses. Exploitation requires user interaction via a malicious page or file.
Read more → -
ZDI-26-294: (0Day) Microsoft Windows library-ms NTLM Response Information Disclosure Vulnerability
The vulnerability requires user interaction through viewing a folder with malicious content, which may limit exposure to network-adjacent attackers.
Read more → -
ZDI-26-295: (0Day) PublicCMS getXml Server-Side Request Forgery Information Disclosure Vulnerability
The vulnerability allows unauthenticated remote attackers to disclose sensitive information via SSRF. The advisory notes a CVSS rating of 8.2.
Read more → -
ZDI-26-258: (0Day) Docker Desktop extension-manager Exposed Dangerous Function Local Privilege Escalation Vulnerability
The vulnerability requires prior execution of high-privileged container code to exploit. The advisory assigns a CVSS rating of 8.2.
Read more → -
ZDI-26-259: (0Day) Docker Desktop cli-plugins Incorrect Permission Assignment Local Privilege Escalation Vulnerability
Local privilege escalation vulnerability in Docker Desktop for Windows requires escaping the container first. The ZDI assigned a CVSS score of 7.8.
Read more → -
ZDI-26-260: (0Day) Docker Desktop System Editor Uncontrolled Search Path Element Privilege Escalation Vulnerability
The vulnerability requires escaping a container and executing code in the Docker Hyper-V VM to escalate privileges.
Read more → -
ZDI-26-261: (0Day) Docker Desktop credentialHelper Directory Traversal Privilege Escalation Vulnerability
The vulnerability requires prior container escape to the Hyper-V VM for exploitation. The advisory assigns a CVSS score of 7.5.
Read more → -
ZDI-26-262: Adobe ColdFusion deleteVersion Directory Traversal Arbitrary File Deletion Vulnerability
The advisory notes authentication is required but can be bypassed, which may expand the pool of potential attackers despite the access control requirement.
Read more → -
ZDI-26-263: Adobe ColdFusion subscribeToEndpoints Authentication Bypass Vulnerability
The vulnerability allows authentication bypass without requiring authentication to exploit. The ZDI has assigned a CVSS rating of 6.5.
Read more → -
ZDI-26-264: Adobe ColdFusion fetchCFSettingFile Directory Traversal Information Disclosure Vulnerability
The vulnerability allows remote attackers to disclose sensitive information without authentication. The ZDI has assigned a CVSS rating of 7.5.
Read more → -
ZDI-26-265: Fortinet FortiWeb cgi_buf_alloc Integer Overflow Denial-of-Service Vulnerability
Authentication is required to exploit this denial-of-service vulnerability in Fortinet FortiWeb.
Read more → -
ZDI-26-266: Fortinet FortiWeb cat_cgi_paths Out-Of-Bounds Write Remote Code Execution Vulnerability
The vulnerability requires authentication for exploitation. The ZDI assigned a CVSS rating of 8.8.
Read more → -
ZDI-26-267: Malwarebytes Anti-Malware Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
The vulnerability requires local execution to escalate privileges. The CVSS rating of 7.8 indicates high severity for local privilege escalation.
Read more → -
ZDI-26-268: Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability
The vulnerability stems from incorrect default permissions in Samsung MagicINFO 9 Server, enabling local privilege escalation.
Read more → -
ZDI-26-269: TrendAI Apex One Console Directory Traversal Remote Code Execution Vulnerability
The vulnerability permits unauthenticated remote attackers to execute arbitrary code on Trend Micro Apex One via directory traversal.
Read more → -
ZDI-26-270: TrendAI Apex One Console Directory Traversal Remote Code Execution Vulnerability
The vulnerability permits remote code execution without authentication via a directory traversal issue in the Apex One Console.
Read more → -
ZDI-26-271: Avast Premium Security Gen Self Protection Driver Exposed Dangerous Function Local Privilege Escalation Vulnerability
The vulnerability requires prior local code execution to escalate privileges. The advisory notes a CVSS score of 7.8 for this local privilege escalation.
Read more → -
ZDI-26-272: ATEN Unizon RpcProvider Missing Authentication Denial-of-Service Vulnerability
The vulnerability affects ATEN Unizon's RpcProvider component and can be exploited without authentication to trigger a denial-of-service condition.
Read more → -
ZDI-26-273: Microsoft Olive Deserialization of Untrusted Data Remote Code Execution Vulnerability
The vulnerability requires user interaction, such as visiting a malicious page or opening a malicious file, to trigger remote code execution via deserialization of untrusted data.
Read more → -
ZDI-26-274: Microsoft Qlib fit Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability requires user interaction via a malicious page or file. It has a CVSS rating of 7.8.
Read more → -
ZDI-26-275: Microsoft Qlib _mount_nfs_uri Command Injection Remote Code Execution Vulnerability
Network-adjacent attackers can execute arbitrary code without authentication. The CVSS rating assigned is 8.8.
Read more → -
ZDI-26-276: Microsoft Windows Secure Kernel Double Free Local Privilege Escalation Vulnerability
This vulnerability targets the Windows Secure Kernel and requires local high-privileged code execution to exploit. The ZDI assigned a CVSS score of 7.5.
Read more → -
ZDI-26-277: Microsoft Windows afd.sys Race Condition Local Privilege Escalation Vulnerability
The vulnerability requires local code execution prior to exploitation.
Read more → -
ZDI-26-278: Microsoft Windows win32kfull Improper Locking Local Privilege Escalation Vulnerability
The vulnerability requires a local attacker to already have code execution on the target system. The advisory assigns a CVSS score of 7.8.
Read more → -
ZDI-26-279: Microsoft Windows Snipping Tool Improper Input Validation Remote Code Execution Vulnerability
The vulnerability requires user interaction through visiting a malicious page or opening a malicious file. A CVSS rating of 7.5 is assigned.
Read more → -
ZDI-26-280: (Pwn2Own) HP DeskJet 2855e JobStatusEvent Stack-based Buffer Overflow Remote Code Execution Vulnerability
The vulnerability allows network-adjacent attackers to execute arbitrary code without authentication. It was demonstrated at Pwn2Own 2026 and carries a CVSS score of 8.8.
Read more → -
ZDI-26-281: Microsoft vcpkg OpenSSL Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
The vulnerability affects Microsoft's vcpkg OpenSSL port, enabling local privilege escalation.
Read more → -
ZDI-26-282: GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
The vulnerability is a heap-based buffer overflow in GIMP's HDR file parsing, requiring user interaction to trigger.
Read more → -
ZDI-26-283: GStreamer qtdemux Stack-based Buffer Overflow Remote Code Execution Vulnerability
The vulnerability requires interaction with the GStreamer library but specific attack vectors depend on implementation. A CVSS rating of 7.8 has been assigned.
Read more → -
ZDI-26-284: DriveLock Directory Traversal Information Disclosure Vulnerability
DriveLock directory traversal vulnerability allows unauthenticated remote information disclosure. CVSS 7.5 assigned to CVE-2026-5487.
Read more → -
ZDI-26-285: DriveLock Directory Traversal Information Disclosure Vulnerability
The vulnerability permits unauthenticated remote attackers to disclose sensitive information via a directory traversal issue in DriveLock.
Read more → -
ZDI-26-286: DriveLock SQL Injection Privilege Escalation Vulnerability
Authentication is required to exploit this SQL injection vulnerability in DriveLock, which could lead to privilege escalation.
Read more → -
ZDI-26-287: DriveLock Directory Traversal Information Disclosure Vulnerability
The vulnerability enables remote information disclosure without requiring authentication, affecting DriveLock installations.
Read more → -
ZDI-26-288: DriveLock Directory Traversal Information Disclosure Vulnerability
The vulnerability requires authentication and allows remote attackers to disclose sensitive information via a directory traversal flaw in DriveLock.
Read more → -
ZDI-26-289: Linux Kernel ETS Scheduler Race Condition Local Privilege Escalation Vulnerability
This vulnerability requires prior high-privileged code execution on the target system. The ETS scheduler race condition allows local privilege escalation.
Read more → -
ZDI-26-290: NI LabVIEW LVLIB File Parsing Memory Corruption Remote Code Execution Vulnerability
The vulnerability stems from memory corruption during LVLIB file parsing in NI LabVIEW, requiring user interaction for exploitation.
Read more → -
ZDI-26-291: NI LabVIEW LVCLASS File Parsing Memory Corruption Remote Code Execution Vulnerability
The vulnerability affects NI LabVIEW during LVCLASS file parsing, leading to memory corruption.
Read more → -
ZDI-26-292: QNAP TS-453E QVRPro excpostgres Exposed Dangerous Method Remote Code Execution Vulnerability
The vulnerability affects QNAP TS-453E devices running QVRPro's excpostgres service and can be exploited without authentication.
Read more → -
ZDI-26-254: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability
A type confusion vulnerability exists in the parsing of PDSPRJ files in Labcenter Electronics Proteus, which could lead to remote code execution if a user opens a malicious file.
Read more → -
ZDI-26-255: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
The vulnerability requires user interaction through opening a malicious file or visiting a malicious page. The assigned CVSS score of 7.8 indicates a high-severity issue.
Read more → -
ZDI-26-256: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
An out-of-bounds write vulnerability exists in Labcenter Electronics Proteus PDSPRJ file parsing. Remote code execution requires user interaction via a malicious file or page.
Read more → -
ZDI-26-257: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
The vulnerability is triggered by parsing a malicious PDSPRJ file, leading to an out-of-bounds write condition.
Read more → -
ZDI-26-251: Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
The vulnerability stems from an uncontrolled search path element in the Foxit PDF Reader update service, which can be exploited by local attackers to escalate privileges.
Read more → -
ZDI-26-252: Mozilla Firefox IonMonkey Switch Statement Optimization Type Confusion Remote Code Execution Vulnerability
The vulnerability stems from a type confusion in Firefox's IonMonkey switch statement optimization, which could be triggered by visiting a malicious page.
Read more → -
ZDI-26-253: Microsoft Visual Studio Code mcp.json Command Injection Remote Code Execution Vulnerability
The vulnerability requires a user to open a malicious project to trigger command injection via mcp.json in Visual Studio Code.
Read more → -
ZDI-26-250: Linux Kernel Analog Device Driver Improper Validation of Array Index Local Privilege Escalation Vulnerability
This vulnerability requires local execution with high privileges to exploit. The advisory specifies a CVSS score of 8.2.
Read more → -
ZDI-26-227: OpenClaw Canvas Path Traversal Information Disclosure Vulnerability
The vulnerability requires authentication to exploit and could lead to information disclosure via path traversal in OpenClaw.
Read more → -
ZDI-26-228: OpenClaw Canvas Authentication Bypass Vulnerability
The advisory notes that authentication is not required to exploit the vulnerability, indicating potential for unauthenticated remote access.
Read more → -
ZDI-26-229: OpenClaw Client PKCE Verifier Information Disclosure Vulnerability
The vulnerability requires user interaction during an OAuth authorization flow to disclose stored credentials.
Read more → -
ZDI-26-230: Apple macOS CoreMedia Framework Out-Of-Bounds Write Remote Code Execution Vulnerability
The vulnerability is an out-of-bounds write in the CoreMedia framework requiring user interaction for remote code execution.
Read more → -
ZDI-26-231: Apple macOS Exposure of Sensitive Information to Unauthorized Sphere Information Disclosure Vulnerability
The vulnerability requires a local attacker with low-privileged code execution to disclose sensitive information. It affects Apple macOS installations with a CVSS rating of 3.8.
Read more → -
ZDI-26-232: (Pwn2Own) Red Hat Enterprise Linux vmwgfx Driver Integer Overflow Local Privilege Escalation Vulnerability
The vulnerability is an integer overflow in the vmwgfx driver, which is part of the Red Hat Enterprise Linux kernel graphics subsystem.
Read more → -
ZDI-26-233: Digilent DASYLab DSA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
The vulnerability is triggered by parsing a malicious DSA file, leading to an out-of-bounds read in Digilent DASYLab.
Read more → -
ZDI-26-234: Digilent DASYLab DSA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
The vulnerability requires user interaction through opening a malicious file or visiting a malicious page. A CVSS score of 7.8 is assigned.
Read more → -
ZDI-26-235: Digilent DASYLab DSA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
The vulnerability involves an out-of-bounds write during DSA file parsing in Digilent DASYLab, requiring user interaction for exploitation.
Read more → -
ZDI-26-236: Digilent DASYLab DSB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
DASYLab DSB file parsing contains an out-of-bounds write vulnerability. Exploitation requires user interaction via a malicious file or page.
Read more → -
ZDI-26-237: (Pwn2Own) QNAP QHora-322 ip6_wanifset Improper Restriction of Communication Channel to Intended Endpoints Firewall Bypass Vulnerability
The advisory notes a firewall bypass vulnerability in the QNAP QHora-322 router due to improper restriction of a communication channel.
Read more → -
ZDI-26-238: Linux Kernel AoE Driver Use-After-Free Local Privilege Escalation Vulnerability
The vulnerability is a use-after-free in the Linux Kernel AoE driver that can be exploited by local attackers to escalate privileges.
Read more → -
ZDI-26-239: (Pwn2Own) QNAP QHora-322 login.newAuthMiddleware.Authenticator Authentication Bypass Vulnerability
The vulnerability enables remote authentication bypass on QNAP QHora-322 routers without requiring prior authentication.
Read more → -
ZDI-26-240: (Pwn2Own) QNAP QHora-322 qvpn_db_mgr role_type Improper Neutralization of Escape Sequences Authentication Bypass Vulnerability
The advisory notes that authentication is required to exploit the vulnerability, yet the authentication mechanism can be bypassed, which may indicate a flaw in how role_type input is validated during the authentication process.
Read more → -
ZDI-26-241: (Pwn2Own) QNAP QHora-322 qvpn_db_mgr username SQL Injection Remote Code Execution Vulnerability
The vulnerability involves a SQL injection in the qvpn_db_mgr component that can be exploited remotely after bypassing authentication.
Read more → -
ZDI-26-242: (Pwn2Own) QNAP TS-453E server_handlers.pyc rr2s.kwargs Error Message Information Disclosure Vulnerability
The vulnerability involves an information disclosure in the server_handlers.pyc rr2s.kwargs component of QNAP TS-453E devices, where authentication can be bypassed despite being nominally required.
Read more → -
ZDI-26-243: (Pwn2Own) QNAP TS-453E write_file_to_svr External Control of File Path Remote Code Execution Vulnerability
The vulnerability affects QNAP TS-453E devices and involves external control of a file path via the write_file_to_svr function, potentially allowing remote code execution.
Read more → -
ZDI-26-244: (Pwn2Own) QNAP QHora-322 miro_webserver_controllers_api_login_singIn Authentication Bypass Vulnerability
The vulnerability enables network-adjacent attackers to bypass authentication on QNAP QHora-322 routers without requiring credentials.
Read more → -
ZDI-26-246: (0Day) aws-mcp-server Command Injection Remote Code Execution Vulnerability
The vulnerability permits unauthenticated remote code execution with a CVSS score of 9.8. The assigned CVE is CVE-2026-5058.
Read more → -
ZDI-26-247: NoMachine External Control of File Path Arbitrary File Deletion Vulnerability
The vulnerability requires local code execution for exploitation. The advisory assigns a CVSS score of 7.1.
Read more → -
ZDI-26-248: NoMachine External Control of File Path Local Privilege Escalation Vulnerability
The vulnerability involves external control of file paths in NoMachine, potentially allowing local privilege escalation.
Read more → -
ZDI-26-249: NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
The vulnerability stems from an uncontrolled search path element in NoMachine, which could allow local privilege escalation if exploited.
Read more → -
ZDI-26-226: (0Day) Microsoft Azure MCP AzureCliService Command Injection Remote Code Execution Vulnerability
The vulnerability allows unauthenticated remote code execution in Microsoft Azure MCP AzureCliService with a CVSS rating of 9.8.
Read more → -
ZDI-26-222: (Pwn2Own) Canon imageCLASS MF654Cdw BJNP Memory Corruption Remote Code Execution Vulnerability
The vulnerability allows network-adjacent attackers to achieve remote code execution without authentication on Canon MF654Cdw printers.
Read more → -
ZDI-26-223: (Pwn2Own) Samsung Galaxy S25 Smart Touch Call Application Protection Mechanism Failure Information Disclosure Vulnerability
The vulnerability requires user interaction, such as visiting a malicious page or opening a malicious file, to disclose sensitive information on the Samsung Galaxy S25.
Read more → -
ZDI-26-224: (Pwn2Own) Samsung Galaxy S25 Samsung Account Cross-Site Scripting Remote Code Execution Vulnerability
The vulnerability affects Samsung Galaxy S25 devices and involves a cross-site scripting issue that can lead to remote code execution without authentication.
Read more → -
ZDI-26-225: (Pwn2Own) Samsung Galaxy S25 Samsung Account Open Redirect Security Bypass Vulnerability
The vulnerability involves a Samsung Account open redirect that enables security bypass on Samsung Galaxy S25 devices.
Read more → -
ZDI-26-217: GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability
The vulnerability stems from an integer overflow during PSD file parsing in GIMP, which can lead to remote code execution if a malicious file is opened.
Read more → -
ZDI-26-218: GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability
The vulnerability stems from an integer overflow during ANI file parsing in GIMP, which can lead to remote code execution if a user opens a malicious file.
Read more → -
ZDI-26-219: GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
The vulnerability is triggered by parsing a malicious JP2 file in GIMP, requiring user interaction to open the file or visit a malicious page.
Read more → -
ZDI-26-220: GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
The vulnerability is triggered by parsing a malicious PSP file, requiring user interaction to open the file or visit a malicious page.
Read more → -
ZDI-26-221: GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability
The vulnerability stems from an integer overflow during XPM file parsing in GIMP, which can lead to remote code execution if a user opens a malicious file.
Read more → -
ZDI-26-216: (Pwn2Own) QNAP TS-453E smbd domain_name Argument Injection Authentication Bypass Vulnerability
The vulnerability enables authentication bypass on QNAP TS-453E devices via argument injection in the smbd domain_name field, requiring no credentials.
Read more → -
ZDI-26-187: (Pwn2Own) Synology DiskStation Manager Netatalk Library Buffer Overflow Remote Code Execution Vulnerability
The vulnerability affects Synology DiskStation Manager's Netatalk library and permits remote code execution without authentication.
Read more → -
ZDI-26-188: (Pwn2Own) VMware ESXi VMCI Integer Underflow Local Privilege Escalation Vulnerability
The vulnerability is a local privilege escalation in VMware ESXi's VMCI component, requiring high-privileged code execution in a guest VM as a prerequisite.
Read more → -
ZDI-26-189: (Pwn2Own) VMware ESXi VMXNET3 Integer Overflow Local Privilege Escalation Vulnerability
The vulnerability requires prior high-privileged code execution on the guest to escalate privileges within the VMware ESXi hypervisor.
Read more → -
ZDI-26-190: (Pwn2Own) VMware Workstation PVSCSI Heap-based Buffer Overflow Local Privilege Escalation Vulnerability
The vulnerability is a heap-based buffer overflow in VMware Workstation's PVSCSI component, requiring an attacker to already execute high-privileged code within the guest system.
Read more → -
ZDI-26-191: (Pwn2Own) Linux Kernel nf_tables Use-After-Free Privilege Escalation Vulnerability
The vulnerability is a use-after-free in nf_tables that could allow local privilege escalation.
Read more → -
ZDI-26-192: Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability
The vulnerability allows unauthenticated remote code execution with a CVSS score of 10.0. The Sonos Era 300 appears to expose an SMB service network-facing.
Read more → -
ZDI-26-193: (Pwn2Own) Linux Kernel nf_tables_newset Out-Of-Bounds Write Information Disclosure Vulnerability
The vulnerability requires local access and low-privileged code execution to exploit. It involves an out-of-bounds write in the nf_tables_newset component.
Read more → -
ZDI-26-194: Microsoft Exchange InterceptorSmtpAgent Improper Input Validation Security Feature Bypass Vulnerability
The vulnerability affects Microsoft Exchange's InterceptorSmtpAgent and stems from improper input validation, enabling remote security feature bypass without authentication.
Read more → -
ZDI-26-195: (Pwn2Own) ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability
The vulnerability allows unauthorized remote disclosure of sensitive information from ChargePoint Home Flex charging stations without authentication.
Read more → -
ZDI-26-196: (Pwn2Own) ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability
The vulnerability is a stack-based buffer overflow in the OCPP getpreq function, exploitable by network-adjacent attackers without authentication.
Read more → -
ZDI-26-197: (Pwn2Own) ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability
Network-adjacent attackers can achieve unauthenticated remote code execution on ChargePoint Home Flex devices. This vulnerability was demonstrated during the Pwn2Own 2026 competition.
Read more → -
ZDI-26-198: (Pwn2Own) QNAP TS-453E malware_remover Code Injection Remote Code Execution Vulnerability
Network-adjacent attackers can execute arbitrary code without authentication on QNAP TS-453E devices. The malware_remover component is vulnerable to code injection.
Read more → -
ZDI-26-199: (Pwn2Own) QNAP TS-453E conn_log_tool Format String Remote Code Execution Vulnerability
The vulnerability allows bypassing authentication on QNAP TS-453E devices. Network-adjacent attackers can achieve remote code execution.
Read more → -
ZDI-26-200: (Pwn2Own) QNAP TS-453E nvrlog_event_add msg SQL Injection Remote Code Execution Vulnerability
The vulnerability requires network adjacency but allows bypass of authentication. The ZDI assigned a CVSS score of 8.0.
Read more → -
ZDI-26-201: (Pwn2Own) QNAP TS-453E Hyper Data Protector Plugin Hard-Coded Credentials Authentication Bypass Vulnerability
The advisory notes a hard-coded credentials vulnerability in the QNAP TS-453E Hyper Data Protector plugin that allows authentication bypass without requiring user interaction.
Read more → -
ZDI-26-202: (Pwn2Own) QNAP TS-453E Hyper Data Protector Plugin query_original_file_size SQL Injection Remote Code Execution Vulnerability
The advisory notes that authentication is required but can be bypassed, which may indicate a flaw in the access control implementation for the Hyper Data Protector Plugin.
Read more → -
ZDI-26-203: (Pwn2Own) Canon imageCLASS MF654Cdw XML SOAP Request Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
The vulnerability affects Canon imageCLASS MF654Cdw printers and involves a heap-based buffer overflow in XML SOAP request parsing.
Read more → -
ZDI-26-204: (Pwn2Own) Canon imageCLASS MF654Cdw XPS Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability
The vulnerability affects the XPS parser in Canon imageCLASS MF654Cdw printers and can be exploited remotely without authentication.
Read more → -
ZDI-26-205: (Pwn2Own) Canon imageCLASS MF654Cdw PJCC Request Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
This is a network-adjacent RCE vulnerability in a Canon printer requiring no authentication. It was demonstrated at Pwn2Own 2026.
Read more → -
ZDI-26-206: (Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
The vulnerability requires no authentication and allows network-adjacent attackers to execute arbitrary code via a TTF parsing flaw.
Read more →