ZeroPath at Black Hat USA 2026

ZeroPath Blog & Research

Explore our team's latest research and stay up to date with ZeroPath's capabilities.
Brief Summary of Stack-Based Buffer Overflow in Linksys RE Series (CVE-2025-9392)
CVE Analysis

2025-08-24

8 min read

Brief Summary of Stack-Based Buffer Overflow in Linksys RE Series (CVE-2025-9392)

This post provides a brief summary of CVE-2025-9392, a stack-based buffer overflow in Linksys RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 range extenders. The vulnerability is remotely exploitable via the /goform/qosClassifier endpoint and has a public proof of concept. No patch or detection method is currently available.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Linksys RE-Series CVE-2025-9393 Stack Buffer Overflow: Brief Summary and Technical Review
CVE Analysis

2025-08-24

9 min read

Linksys RE-Series CVE-2025-9393 Stack Buffer Overflow: Brief Summary and Technical Review

This post provides a brief summary and technical review of CVE-2025-9393, a stack-based buffer overflow affecting Linksys RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 range extenders. It covers affected versions, technical details, and vendor security history based on public sources. No patch or detection guidance is available at this time.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Linksys RE Series Buffer Overflow (CVE-2025-9358): Brief Summary and Technical Review
CVE Analysis

2025-08-23

8 min read

Linksys RE Series Buffer Overflow (CVE-2025-9358): Brief Summary and Technical Review

A brief summary of CVE-2025-9358, a stack-based buffer overflow in Linksys RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 extenders. This post covers affected versions, technical vulnerability details, and vendor security history. No patch or detection guidance is currently available.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Linksys RE Series CVE-2025-9359 Stack Buffer Overflow: Brief Summary and Technical Review
CVE Analysis

2025-08-23

8 min read

Linksys RE Series CVE-2025-9359 Stack Buffer Overflow: Brief Summary and Technical Review

A brief summary of CVE-2025-9359, a stack-based buffer overflow in Linksys RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 range extenders. This post covers affected versions, technical details, and vendor security history. No patch or detection methods are currently available.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Brief Summary of Centreon Web CVE-2025-6791 SQL Injection Vulnerability
CVE Analysis

2025-08-22

8 min read

Brief Summary of Centreon Web CVE-2025-6791 SQL Injection Vulnerability

This post provides a brief summary of CVE-2025-6791, a high-severity SQL injection vulnerability in Centreon Web's monitoring event logs module. It covers affected versions, technical details, patch information, and vendor security history based on available public sources.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Brief Summary: CVE-2025-26496 Type Confusion in Salesforce Tableau Server and Desktop
CVE Analysis

2025-08-22

7 min read

Brief Summary: CVE-2025-26496 Type Confusion in Salesforce Tableau Server and Desktop

This post provides a brief summary of CVE-2025-26496, a type confusion vulnerability in Salesforce Tableau Server and Desktop that enables local code inclusion via file upload modules. Includes affected versions, technical details, and references.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Salesforce Tableau Server CVE-2025-52451 Path Traversal: Brief Summary and Technical Review
CVE Analysis

2025-08-22

7 min read

Salesforce Tableau Server CVE-2025-52451 Path Traversal: Brief Summary and Technical Review

This post provides a brief summary and technical review of CVE-2025-52451, an absolute path traversal vulnerability in Salesforce Tableau Server's tabdoc API create-data-source-from-file-upload modules. It covers affected versions, technical root cause, and vendor security context based on available public information.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Brief Summary: CVE-2025-7642 Simpler Checkout WordPress Plugin Authentication Bypass
CVE Analysis

2025-08-22

8 min read

Brief Summary: CVE-2025-7642 Simpler Checkout WordPress Plugin Authentication Bypass

This post provides a brief summary of CVE-2025-7642, a critical authentication bypass in the Simpler Checkout plugin for WordPress affecting versions 0.7.0 to 1.1.9. The flaw allows unauthenticated attackers to gain admin access by exploiting weak order ID validation. Includes technical details, affected versions, and detection guidance.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Brief Summary of CVE-2025-9355: Stack-Based Buffer Overflow in Linksys RE Series Range Extenders
CVE Analysis

2025-08-22

8 min read

Brief Summary of CVE-2025-9355: Stack-Based Buffer Overflow in Linksys RE Series Range Extenders

This post provides a brief summary of CVE-2025-9355, a stack-based buffer overflow in Linksys RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 range extenders. It covers affected versions, technical details, and vendor security history based on available public sources.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Linksys RE Series CVE-2025-9356 Stack-Based Buffer Overflow: Brief Summary and Technical Review
CVE Analysis

2025-08-22

8 min read

Linksys RE Series CVE-2025-9356 Stack-Based Buffer Overflow: Brief Summary and Technical Review

A brief summary of CVE-2025-9356, a stack-based buffer overflow in Linksys RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 range extenders. This post covers affected versions, technical details, and vendor security history, with references to public advisories and research.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Linksys RE Series Stack Buffer Overflow (CVE-2025-9357): Brief Summary and Technical Review
CVE Analysis

2025-08-22

8 min read

Linksys RE Series Stack Buffer Overflow (CVE-2025-9357): Brief Summary and Technical Review

This post provides a brief summary and technical review of CVE-2025-9357, a stack-based buffer overflow in Linksys RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 range extenders. The vulnerability is remotely exploitable via the langSelectionOnly parameter in the langSwitchByBBS function. No patch or detection method is available at this time.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Kubernetes Image Builder CVE-2025-7342: Brief Summary of Default Credentials Vulnerability in Windows VM Images
CVE Analysis

2025-08-17

10 min read

Kubernetes Image Builder CVE-2025-7342: Brief Summary of Default Credentials Vulnerability in Windows VM Images

This post provides a brief summary of CVE-2025-7342, a default credentials vulnerability affecting Kubernetes Image Builder up to v0.1.44 for Windows VM images built with Nutanix or OVA providers. It covers technical details, affected versions, patch information, and detection methods.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Soledad WordPress Theme CVE-2025-8142: Brief Summary of Local File Inclusion Vulnerability
CVE Analysis

2025-08-16

7 min read

Soledad WordPress Theme CVE-2025-8142: Brief Summary of Local File Inclusion Vulnerability

This post provides a brief summary of CVE-2025-8142, a Local File Inclusion vulnerability in the Soledad WordPress theme affecting versions up to and including 8.6.7. The summary covers technical details, affected versions, patch information, and vendor security history.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

StoryChief WordPress Plugin CVE-2025-7441 Arbitrary File Upload – Brief Summary and Technical Review
CVE Analysis

2025-08-15

7 min read

StoryChief WordPress Plugin CVE-2025-7441 Arbitrary File Upload – Brief Summary and Technical Review

This post provides a brief summary and technical review of CVE-2025-7441, a critical arbitrary file upload vulnerability in the StoryChief WordPress plugin up to version 1.0.42. The review covers affected versions, technical root cause, and vendor security history based on available public information.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Icons Factory WordPress Plugin CVE-2025-7778 Arbitrary File Deletion: Brief Summary and Technical Review
CVE Analysis

2025-08-15

7 min read

Icons Factory WordPress Plugin CVE-2025-7778 Arbitrary File Deletion: Brief Summary and Technical Review

This post provides a brief summary and technical review of CVE-2025-7778, a critical arbitrary file deletion vulnerability affecting all versions up to and including 1.6.12 of the Icons Factory plugin for WordPress. The flaw allows unauthenticated attackers to delete arbitrary files on the server due to insufficient authorization and improper path validation in the delete_files() function.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Taxi Booking Manager WordPress Plugin CVE-2025-8898 Privilege Escalation: Brief Summary and Technical Review
CVE Analysis

2025-08-15

8 min read

Taxi Booking Manager WordPress Plugin CVE-2025-8898 Privilege Escalation: Brief Summary and Technical Review

This post provides a brief summary and technical review of CVE-2025-8898, a critical privilege escalation vulnerability in the Taxi Booking Manager for WooCommerce WordPress plugin up to version 1.3.0. The flaw allows unauthenticated attackers to take over any account, including administrators, by changing email addresses and triggering password resets. Includes affected versions, technical details, and links to public advisories.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Drupal Authenticator Login Authentication Bypass (CVE-2025-8995): Brief Summary and Technical Review
CVE Analysis

2025-08-15

10 min read

Drupal Authenticator Login Authentication Bypass (CVE-2025-8995): Brief Summary and Technical Review

This post provides a brief summary and technical review of CVE-2025-8995, a critical authentication bypass vulnerability in the Drupal Authenticator Login module. We cover affected versions, technical details, patch information, and detection strategies for security professionals.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Cisco Firepower CVE-2025-20127: Brief Summary of TLS 1.3 ChaCha20 Resource Exhaustion Vulnerability
CVE Analysis

2025-08-14

8 min read

Cisco Firepower CVE-2025-20127: Brief Summary of TLS 1.3 ChaCha20 Resource Exhaustion Vulnerability

This post provides a brief summary of CVE-2025-20127, a resource exhaustion vulnerability in the TLS 1.3 ChaCha20 cipher implementation affecting Cisco Secure Firewall ASA and FTD software on Firepower 3100 and 4200 Series devices. The vulnerability allows authenticated remote attackers to cause denial of service by exhausting resources via repeated TLS connections, impacting both data and management traffic. No patch or detection methods are currently available.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Cisco ASA and FTD Remote Access SSL VPN DoS (CVE-2025-20133): Brief Summary and Patch Guidance
CVE Analysis

2025-08-14

8 min read

Cisco ASA and FTD Remote Access SSL VPN DoS (CVE-2025-20133): Brief Summary and Patch Guidance

A brief summary of CVE-2025-20133, a high-severity DoS vulnerability in Cisco ASA and FTD Remote Access SSL VPN, including technical details, affected versions, and official patch information.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Cisco ASA and FTD CVE-2025-20134: Brief Summary of SSL/TLS Certificate Double Free DoS Vulnerability
CVE Analysis

2025-08-14

8 min read

Cisco ASA and FTD CVE-2025-20134: Brief Summary of SSL/TLS Certificate Double Free DoS Vulnerability

A brief summary of CVE-2025-20134, a high-severity SSL/TLS certificate parsing vulnerability in Cisco ASA and Firepower Threat Defense (FTD) software. This post covers affected versions, technical details, and official patch guidance.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Detect & fix
what others miss

Works with
  • GitHub
  • GitLab
  • Bitbucket
  • Azure DevOps Services
  • Jira
  • Linear
  • Slack
  • Security Compass
Security magnifying glass visualization
CVE Analysis | ZeroPath Security Blog - Vulnerability Research & Exploits | Page 50 | ZeroPath