Advisories, Hacking, News, Threat Research, Vulnerabilities, , , , ,
Cyber Security Advisories

Zero Day Initiative Upcoming Advisories

ZDI: Upcoming Advisories The following is a list of vulnerabilities discovered by Zero Day Initiative researchers that are yet to be publicly disclosed. The affected vendor has been contacted on the specified date and while they work on a patch for these vulnerabilities, Trend Micro customers are protected from exploitation by IPS filters delivered ahead of public disclosure. Once the affected vendor patches the vulnerability, we publish an accompanying security advisory which describes the issue, including links to the vendor’s fixes.

  • ZDI-CAN-27867: PDFsam
    on August 14, 2025 at 5:00 am

    A CVSS score 6.6 AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Xavier DANEST’ was reported to the affected vendor on: 2025-08-14, 5 days ago. The vendor is given until 2025-12-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27478: Schneider Electric
    on August 14, 2025 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Rocco Calvi (@TecR0c) with TecSecurity’ was reported to the affected vendor on: 2025-08-14, 5 days ago. The vendor is given until 2025-12-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27889: Cisco
    on August 14, 2025 at 5:00 am

    A CVSS score 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by ‘ Bobby Gould (@bobbygould5) of Trend Zero Day Initiative’ was reported to the affected vendor on: 2025-08-14, 5 days ago. The vendor is given until 2025-12-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27480: Schneider Electric
    on August 14, 2025 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Rocco Calvi (@TecR0c) with TecSecurity’ was reported to the affected vendor on: 2025-08-14, 5 days ago. The vendor is given until 2025-12-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27455: Schneider Electric
    on August 14, 2025 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Rocco Calvi (@TecR0c) with TecSecurity’ was reported to the affected vendor on: 2025-08-14, 5 days ago. The vendor is given until 2025-12-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27894: Apple
    on August 14, 2025 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Nikolai Skliarenko of Trend Micro Security Research’ was reported to the affected vendor on: 2025-08-14, 5 days ago. The vendor is given until 2025-12-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-26620: Hancom
    on August 14, 2025 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘rgod’ was reported to the affected vendor on: 2025-08-14, 5 days ago. The vendor is given until 2025-12-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27784: github-kanban-mcp-server
    on August 14, 2025 at 5:00 am

    A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Brandon Niemczyk & Peter Girnus (@gothburz) of Trend Zero Day Initiative’ was reported to the affected vendor on: 2025-08-14, 5 days ago. The vendor is given until 2025-12-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27644: Trend Micro
    on August 14, 2025 at 5:00 am

    A CVSS score 7.3 AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Zeze and Sharkkcode with TeamT5’ was reported to the affected vendor on: 2025-08-14, 5 days ago. The vendor is given until 2025-12-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27873: Windscribe
    on August 14, 2025 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Xavier DANEST’ was reported to the affected vendor on: 2025-08-14, 5 days ago. The vendor is given until 2025-12-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27786: Katana Network
    on August 14, 2025 at 5:00 am

    A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Peter Girnus (@gothburz) of Trend Research’ was reported to the affected vendor on: 2025-08-14, 5 days ago. The vendor is given until 2025-12-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-22274: Hexo
    on August 14, 2025 at 5:00 am

    A CVSS score 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N severity vulnerability discovered by ‘Grigory Dorodnov of Trend Micro Security Research’ was reported to the affected vendor on: 2025-08-14, 5 days ago. The vendor is given until 2025-12-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27892: Cisco
    on August 12, 2025 at 5:00 am

    A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Guy Lederfein of Trend Research’ was reported to the affected vendor on: 2025-08-12, 7 days ago. The vendor is given until 2025-12-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27902: pdfforge
    on August 12, 2025 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Mat Powell of Trend Zero Day Initiative’ was reported to the affected vendor on: 2025-08-12, 7 days ago. The vendor is given until 2025-12-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27514: pdfforge
    on August 12, 2025 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘kimiya’ was reported to the affected vendor on: 2025-08-12, 7 days ago. The vendor is given until 2025-12-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27146: Siemens
    on August 12, 2025 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Rocco Calvi (@TecR0c) with TecSecurity’ was reported to the affected vendor on: 2025-08-12, 7 days ago. The vendor is given until 2025-12-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27856: NVIDIA
    on August 12, 2025 at 5:00 am

    A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Peter Girnus (@gothburz) of Trend Zero Day Initiative’ was reported to the affected vendor on: 2025-08-12, 7 days ago. The vendor is given until 2025-12-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27858: NVIDIA
    on August 12, 2025 at 5:00 am

    A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Peter Girnus (@gothburz) of Trend Zero Day Initiative’ was reported to the affected vendor on: 2025-08-12, 7 days ago. The vendor is given until 2025-12-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27874: NVIDIA
    on August 12, 2025 at 5:00 am

    A CVSS score 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by ‘Peter Girnus (@gothburz) of Trend Zero Day Initiative’ was reported to the affected vendor on: 2025-08-12, 7 days ago. The vendor is given until 2025-12-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27857: NVIDIA
    on August 12, 2025 at 5:00 am

    A CVSS score 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by ‘Peter Girnus (@gothburz) of Trend Zero Day Initiative’ was reported to the affected vendor on: 2025-08-12, 7 days ago. The vendor is given until 2025-12-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27349: Siemens
    on August 12, 2025 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Rocco Calvi (@TecR0c) with TecSecurity’ was reported to the affected vendor on: 2025-08-12, 7 days ago. The vendor is given until 2025-12-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27861: NVIDIA
    on August 12, 2025 at 5:00 am

    A CVSS score 7.5 AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Peter Girnus (@gothburz) of Trend Zero Day Initiative’ was reported to the affected vendor on: 2025-08-12, 7 days ago. The vendor is given until 2025-12-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27893: Cisco
    on August 12, 2025 at 5:00 am

    A CVSS score 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N severity vulnerability discovered by ‘Guy Lederfein of Trend Research’ was reported to the affected vendor on: 2025-08-12, 7 days ago. The vendor is given until 2025-12-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27848: Apple
    on August 7, 2025 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Michael DePlante (@izobashi) of Trend Zero Day Initiative’ was reported to the affected vendor on: 2025-08-07, 12 days ago. The vendor is given until 2025-12-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27849: Apple
    on August 7, 2025 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Michael DePlante (@izobashi) of Trend Zero Day Initiative’ was reported to the affected vendor on: 2025-08-07, 12 days ago. The vendor is given until 2025-12-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27854: Apple
    on August 7, 2025 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Michael DePlante (@izobashi) of Trend Zero Day Initiative’ was reported to the affected vendor on: 2025-08-07, 12 days ago. The vendor is given until 2025-12-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-26765: Microsoft
    on August 7, 2025 at 5:00 am

    A CVSS score 7.5 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Eduardo Braun Prado’ was reported to the affected vendor on: 2025-08-07, 12 days ago. The vendor is given until 2025-12-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27853: Apple
    on August 7, 2025 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Michael DePlante (@izobashi) of Trend Zero Day Initiative’ was reported to the affected vendor on: 2025-08-07, 12 days ago. The vendor is given until 2025-12-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27761: Microsoft
    on August 7, 2025 at 5:00 am

    A CVSS score 8.8 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by ‘Marcin Wiazowski’ was reported to the affected vendor on: 2025-08-07, 12 days ago. The vendor is given until 2025-12-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27832: Microsoft
    on August 7, 2025 at 5:00 am

    A CVSS score 8.8 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by ‘Marcin Wiazowski’ was reported to the affected vendor on: 2025-08-07, 12 days ago. The vendor is given until 2025-12-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Share Websitecyber

Related Posts:

We are an ethical website cyber security team and we perform security assessments to protect our clients.