2026-01-23
2026-01-23 02:00Z
CRIT

Pwn2Own Automotive 2026 - Day Three Results and the Master of Pwn

Zero Day Initiative·thezdi.com0day

Pwn2Own Automotive 2026 concluded with 76 unique 0-day vulnerabilities disclosed across three days of competition, awarding $1,047,000 USD total. Fuzzware.io's team claimed Master of Pwn with exploits targeting infotainment systems (Alpine iLX-F511, Sony XAV-9500ES, Kenwood DNR1007XR) and EV charging hardware (Grizzl-E, Alpitronic HYC50, Autel MaxiCharger), leveraging buffer overflows, TOCTOU conditions, race conditions, and permission misconfigurations to achieve arbitrary code execution and root access.

SRFNetwork ApplianceOSLinuxVNDKenwoodVNDAlpitronicVNDAutelVNDGrizzl EVNDSonyTYPResearch
72
Edit Score
2026-01-22
2026-01-22 22:16Z
CRIT

CVE-2026-20912 — Gitea Gitea: An attachment uploaded to a private repository could potentially be linked to a release

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-20912

Gitea does not properly validate repository ownership when linking attachments to releases. An attachment uploaded to a private repository could potentially be linked to a release in a different public repository, making it accessible to unauthorized users. CVSSv3.1 9.1 (CRITICAL) · EPSS 28th percentile

CWECWE 639CWECWE 284CWECWE 283VNDGiteaTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-01-22
2026-01-22 22:16Z
CRIT

CVE-2026-20897 — Gitea Gitea: does not properly validate repository ownership when deleting Git LFS locks.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-20897

Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may be able to delete LFS locks belonging to other repositories. CVSSv3.1 9.1 (CRITICAL) · EPSS 28th percentile

CWECWE 639CWECWE 284VNDGiteaTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-01-22
2026-01-22 22:16Z
CRIT

CVE-2026-20750 — Gitea Gitea: does not properly validate project ownership in organization project operations.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-20750

Gitea does not properly validate project ownership in organization project operations. A user with project write access in one organization may be able to modify projects belonging to a different organization. CVSSv3.1 9.1 (CRITICAL) · EPSS 27th percentile

CWECWE 284VNDGiteaTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-01-22
2026-01-22 18:16Z
CRIT

CVE-2025-56590 — Apryse Html2pdf: This vulnerability could allow an attacker to execute arbitrary operating system commands on the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-56590

An issue was discovered in the InsertFromURL() function of the Apryse HTML2PDF SDK thru 11.10. This vulnerability could allow an attacker to execute arbitrary operating system commands on the local server. CVSSv3.1 9.8 (CRITICAL) · EPSS 40th percentile

CWECWE 78VNDApryseTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-01-22
2026-01-22 17:16Z
HIGH

CVE-2026-24367 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-24367

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a through < 3.2.8. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2026-01-22
2026-01-22 17:16Z
HIGH

CVE-2026-0535 — Autodesk Fusion: A maliciously crafted HTML payload, stored in a component’s description and clicked by a

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-0535

A maliciously crafted HTML payload, stored in a component’s description and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process. CVSSv3.1 8.1 (HIGH) · EPSS 7th percentile

CWECWE 79VNDAutodeskTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-01-22
2026-01-22 17:16Z
HIGH

CVE-2026-0534 — Autodesk Fusion: A maliciously crafted HTML payload, stored in a part’s attribute and clicked by a

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-0534

A maliciously crafted HTML payload, stored in a part’s attribute and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process. CVSSv3.1 8.1 (HIGH) · EPSS 5th percentile

CWECWE 79VNDAutodeskTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-01-22
2026-01-22 17:16Z
HIGH

CVE-2026-0533 — Autodesk Fusion: A maliciously crafted HTML payload in a design name, when displayed during the delete

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-0533

A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process. CVSSv3.1 8.1 (HIGH) · EPSS 6th percentile

CWECWE 79VNDAutodeskTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-01-22
2026-01-22 17:16Z
HIGH

CVE-2025-69180 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-69180

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in themepassion Ultra Portfolio ultra-portfolio allows Blind SQL Injection.This issue affects Ultra Portfolio: from n/a through <= 6.7. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2026-01-22
2026-01-22 17:16Z
HIGH

CVE-2025-69097 — Limitation: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in VibeThemes

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-69097

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through <= 1.9.9.5.4. CVSSv3.1 8.6 (HIGH)

CWECWE 22TYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2026-01-22
2026-01-22 17:16Z
HIGH

CVE-2025-69043 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-69043

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Rashy rashy allows PHP Local File Inclusion.This issue affects Rashy: from n/a through <= 1.1.3. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-01-22
2026-01-22 17:16Z
HIGH

CVE-2025-69042 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-69042

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Lindo lindo allows PHP Local File Inclusion.This issue affects Lindo: from n/a through <= 1.2.5. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-01-22
2026-01-22 17:16Z
HIGH

CVE-2025-69040 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-69040

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Bfres bfres allows PHP Local File Inclusion.This issue affects Bfres: from n/a through <= 1.2.1. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-01-22
2026-01-22 17:16Z
HIGH

CVE-2025-69039 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-69039

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Bailly bailly allows PHP Local File Inclusion.This issue affects Bailly: from n/a through <= 1.3.4. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-01-22
2026-01-22 17:16Z
HIGH

CVE-2025-68999 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-68999

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Blind SQL Injection.This issue affects Happy Addons for Elementor: from n/a through <= 3.20.4. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2026-01-22
2026-01-22 17:16Z
HIGH

CVE-2025-68912 — Limitation: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Harmonic

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-68912

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Harmonic Design HDForms hdforms allows Path Traversal.This issue affects HDForms: from n/a through <= 1.6.1. CVSSv3.1 8.6 (HIGH)

CWECWE 22TYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2026-01-22
2026-01-22 17:16Z
HIGH

CVE-2025-68901 — Limitation: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AivahThemes

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-68901

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AivahThemes Anona anona allows Path Traversal.This issue affects Anona: from n/a through <= 8.0. CVSSv3.1 8.6 (HIGH)

CWECWE 22TYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2026-01-22
2026-01-22 17:16Z
CRIT

CVE-2025-68034 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-68034

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CleverReach® CleverReach® WP cleverreach-wp allows SQL Injection.This issue affects CleverReach® WP: from n/a through <= 1.5.21. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2026-01-22
2026-01-22 17:16Z
CRIT

CVE-2025-68001 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in garidium g-FFL Checkout g-ffl-checkout allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-68001

Unrestricted Upload of File with Dangerous Type vulnerability in garidium g-FFL Checkout g-ffl-checkout allows Upload a Web Shell to a Web Server.This issue affects g-FFL Checkout: from n/a through <= 2.1.0. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2026-01-22
2026-01-22 17:16Z
HIGH

CVE-2025-67956 — Authorization: Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-67956

Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through <= 4.4.6. CVSSv3.1 8.2 (HIGH) · EPSS 14th percentile

CWECWE 862TYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-01-22
2026-01-22 17:16Z
CRIT

CVE-2025-67945 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-67945

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MailerLite MailerLite – WooCommerce integration woo-mailerlite allows SQL Injection.This issue affects MailerLite – WooCommerce integration: from n/a through <= 3.1.2. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2026-01-22
2026-01-22 17:16Z
CRIT

CVE-2025-67944 — Control: Improper Control of Generation of Code ('Code Injection') vulnerability in Nelio Software Nelio AB

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-67944

Improper Control of Generation of Code ('Code Injection') vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Code Injection.This issue affects Nelio AB Testing: from n/a through <= 8.1.8. CVSSv3.1 9.1 (CRITICAL)

CWECWE 94TYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-01-22
2026-01-22 17:15Z
HIGH

CVE-2025-54003 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-54003

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Depot depot allows PHP Local File Inclusion.This issue affects Depot: from n/a through <= 1.16. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-01-22
2026-01-22 17:15Z
HIGH

CVE-2025-50004 — Deserialization: of Untrusted Data vulnerability in artbees JupiterX Core jupiterx-core allows Object Injection.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-50004

Deserialization of Untrusted Data vulnerability in artbees JupiterX Core jupiterx-core allows Object Injection.This issue affects JupiterX Core: from n/a through <= 4.10.1. CVSSv3.1 8.8 (HIGH)

CWECWE 502TYPVulnerability
8.8
CVSS v3.1
94
Edit Score