ZeroPath at Black Hat USA 2026

ZeroPath Blog & Research

Explore our team's latest research and stay up to date with ZeroPath's capabilities.
PTZOptics, ValueHD PTZ Cameras: CVE-2025-35452 Hard-Coded Credentials Vulnerability – Brief Summary and Technical Review
CVE Analysis

2025-09-05

8 min read

PTZOptics, ValueHD PTZ Cameras: CVE-2025-35452 Hard-Coded Credentials Vulnerability – Brief Summary and Technical Review

This post provides a brief summary and technical review of CVE-2025-35452, a critical hard-coded credentials vulnerability affecting PTZOptics and ValueHD-based pan tilt zoom cameras. The review covers specific affected products, technical root cause, and vendor security history, with references to official advisories and external research.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

AdForest WordPress Theme CVE-2025-8359: Authentication Bypass Vulnerability – Brief Summary and Technical Analysis
CVE Analysis

2025-09-05

9 min read

AdForest WordPress Theme CVE-2025-8359: Authentication Bypass Vulnerability – Brief Summary and Technical Analysis

This post provides a brief summary and technical analysis of CVE-2025-8359, a critical authentication bypass vulnerability affecting the AdForest WordPress theme up to version 6.0.9. Includes affected versions, technical mechanism, and vendor security history.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Podman kube play Symlink Traversal: Brief Summary of CVE-2025-9566
CVE Analysis

2025-09-05

8 min read

Podman kube play Symlink Traversal: Brief Summary of CVE-2025-9566

This post provides a brief summary of CVE-2025-9566, a symlink traversal vulnerability in Podman's kube play command. The flaw allows attackers to overwrite arbitrary host files via manipulated ConfigMap or Secret volumes containing symlinks. Affected versions, technical exploitation details, and patch information are included.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Android MediaProjection Screen Recording Bypass (CVE-2025-32322): Brief Summary and Technical Review
CVE Analysis

2025-09-04

8 min read

Android MediaProjection Screen Recording Bypass (CVE-2025-32322): Brief Summary and Technical Review

This post provides a brief summary and technical review of CVE-2025-32322, a high-severity Android vulnerability that allows malicious apps to bypass user consent for screen recording via improper input validation in MediaProjectionPermissionActivity.java. Includes affected versions, patch details, and vendor security history.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Argo CD CVE-2025-55190 Information Disclosure: Brief Summary and Patch Guidance
CVE Analysis

2025-09-04

8 min read

Argo CD CVE-2025-55190 Information Disclosure: Brief Summary and Patch Guidance

This post provides a brief summary of CVE-2025-55190, a critical information disclosure vulnerability in Argo CD affecting versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12, and 3.1.0-rc1 through 3.1.1. It covers technical details, affected versions, and patch guidance.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Android Runtime Use After Free (CVE-2025-48543): Brief Summary and Patch Guidance
CVE Analysis

2025-09-04

8 min read

Android Runtime Use After Free (CVE-2025-48543): Brief Summary and Patch Guidance

This post provides a brief summary of CVE-2025-48543, a critical use after free vulnerability in Android Runtime (ART) affecting Android 13 through 16. We cover technical details, affected versions, patch information, and Google's response.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Azure Networking CVE-2025-54914: Brief Summary of Critical Elevation of Privilege Vulnerability
CVE Analysis

2025-09-04

6 min read

Azure Networking CVE-2025-54914: Brief Summary of Critical Elevation of Privilege Vulnerability

This post provides a brief summary of CVE-2025-54914, a critical elevation of privilege vulnerability in Microsoft Azure Networking services with a CVSS score of 10.0. Includes technical details, affected versions, and references based on available public information.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Azure Entra CVE-2025-55241 Elevation of Privilege: Brief Summary and Technical Context
CVE Analysis

2025-09-04

7 min read

Azure Entra CVE-2025-55241 Elevation of Privilege: Brief Summary and Technical Context

This post provides a brief summary of CVE-2025-55241, a critical Azure Entra Elevation of Privilege vulnerability. We focus on technical context, affected systems, and vendor security history based on available public information as of September 2025.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Azure Bot Service CVE-2025-55244 Elevation of Privilege: Brief Summary and Patch Guidance
CVE Analysis

2025-09-04

7 min read

Azure Bot Service CVE-2025-55244 Elevation of Privilege: Brief Summary and Patch Guidance

This post provides a brief summary of CVE-2025-55244, a critical elevation of privilege vulnerability in Azure Bot Service. It covers technical details, affected versions, and official patch guidance.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

WordPress Helpdesk Integration CVE-2025-9990: Brief Summary of Local File Inclusion Vulnerability
CVE Analysis

2025-09-04

6 min read

WordPress Helpdesk Integration CVE-2025-9990: Brief Summary of Local File Inclusion Vulnerability

This post provides a brief summary of CVE-2025-9990, a Local File Inclusion vulnerability affecting all versions up to and including 5.8.10 of the WordPress Helpdesk Integration plugin. It covers technical details, affected versions, and references for further reading.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Sitecore Experience Platform CVE-2025-53690: Brief Summary of Critical Deserialization Vulnerability
CVE Analysis

2025-09-03

8 min read

Sitecore Experience Platform CVE-2025-53690: Brief Summary of Critical Deserialization Vulnerability

This post provides a brief summary of CVE-2025-53690, a critical deserialization of untrusted data vulnerability in Sitecore Experience Manager (XM) and Experience Platform (XP) through version 9.0. The summary covers technical details, affected versions, vendor security history, and references for further reading.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Django FilteredRelation SQL Injection (CVE-2025-57833): Brief Summary and Patch Guidance
CVE Analysis

2025-09-03

8 min read

Django FilteredRelation SQL Injection (CVE-2025-57833): Brief Summary and Patch Guidance

This post provides a brief summary of CVE-2025-57833, a SQL injection vulnerability affecting Django's FilteredRelation feature in versions 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. It covers technical details, affected versions, and official patch information.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Google Chrome V8 Use-After-Free (CVE-2025-9864): Brief Summary and Technical Review
CVE Analysis

2025-09-03

12 min read

Google Chrome V8 Use-After-Free (CVE-2025-9864): Brief Summary and Technical Review

This post provides a brief summary of CVE-2025-9864, a high-severity use-after-free vulnerability in Google Chrome's V8 JavaScript engine prior to version 140.0.7339.80. We cover technical details, affected versions, patch information, and detection strategies relevant to security professionals.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Rancher Manager CVE-2024-58259: Brief Summary of a High-Impact Denial of Service Vulnerability
CVE Analysis

2025-09-02

10 min read

Rancher Manager CVE-2024-58259: Brief Summary of a High-Impact Denial of Service Vulnerability

This post provides a brief summary of CVE-2024-58259, a high-severity denial of service vulnerability in Rancher Manager. It covers technical details, affected versions, patch information, and detection methods relevant to security professionals and administrators.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

H2O-3 REST API CVE-2025-5662: Brief Summary of Critical Deserialization RCE
CVE Analysis

2025-09-02

8 min read

H2O-3 REST API CVE-2025-5662: Brief Summary of Critical Deserialization RCE

A brief summary of CVE-2025-5662, a critical deserialization vulnerability in H2O-3 REST API (POST /99/ImportSQLTable) up to version 3.46.0.7, allowing unauthenticated remote code execution via unsafe JDBC parameter handling. Includes affected versions, technical details, and vendor security history.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Brief Summary of Cockroach Labs cockroach-k8s-request-cert Authentication Bypass (CVE-2025-9276)
CVE Analysis

2025-09-02

9 min read

Brief Summary of Cockroach Labs cockroach-k8s-request-cert Authentication Bypass (CVE-2025-9276)

This post provides a brief summary of CVE-2025-9276, a critical authentication bypass in Cockroach Labs' cockroach-k8s-request-cert container image due to an empty root password. Includes technical details, affected versions, proof of concept, and detection strategies.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Foxit PDF Reader CVE-2025-9326 PRC Parsing Out-of-Bounds Read: Brief Summary and Patch Guidance
CVE Analysis

2025-09-02

9 min read

Foxit PDF Reader CVE-2025-9326 PRC Parsing Out-of-Bounds Read: Brief Summary and Patch Guidance

A brief summary of CVE-2025-9326, a high-severity out-of-bounds read vulnerability in Foxit PDF Reader's PRC file parsing. This post covers technical details, affected versions, patch information, and vendor security history.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Foxit PDF Reader CVE-2025-9328: Brief Summary of PRC File Parsing Out-Of-Bounds Read RCE
CVE Analysis

2025-09-02

8 min read

Foxit PDF Reader CVE-2025-9328: Brief Summary of PRC File Parsing Out-Of-Bounds Read RCE

A brief summary of CVE-2025-9328, an out-of-bounds read vulnerability in Foxit PDF Reader's PRC file parsing that may allow remote code execution. This post covers technical details, affected versions, and vendor security history.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Foxit PDF Reader CVE-2025-9329: Brief Summary of PRC Parsing Out-of-Bounds Read RCE
CVE Analysis

2025-09-02

8 min read

Foxit PDF Reader CVE-2025-9329: Brief Summary of PRC Parsing Out-of-Bounds Read RCE

This post provides a brief summary of CVE-2025-9329, a high-severity out-of-bounds read vulnerability in Foxit PDF Reader's PRC file parsing, which can lead to remote code execution. Includes affected versions, technical details, and official patch information.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Tenda AC20 CVE-2025-9791: Brief Summary of a Stack-Based Buffer Overflow Vulnerability
CVE Analysis

2025-09-01

7 min read

Tenda AC20 CVE-2025-9791: Brief Summary of a Stack-Based Buffer Overflow Vulnerability

This post provides a brief summary of CVE-2025-9791, a stack-based buffer overflow in Tenda AC20 16.03.08.05. It covers technical details, affected versions, and vendor security history based on available public sources.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Detect & fix
what others miss

Works with
  • GitHub
  • GitLab
  • Bitbucket
  • Azure DevOps Services
  • Jira
  • Linear
  • Slack
  • Security Compass
Security magnifying glass visualization
CVE Analysis | ZeroPath Security Blog - Vulnerability Research & Exploits | Page 48 | ZeroPath