[ZDI-25-328|CVE-2025-5749] (0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger BLE Encryption Keys Uninitialized Variable Authentication Bypass Vulnerability (CVSS 6.3; Credit: Tobias Scharnowski, Felix Buchmann, and Kristian Covic of fuzzware.io) zerodayinitiative.com/advisories/ZDI…

[ZDI-25-329|CVE-2025-5750] (0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger tuya_svc_devos_activate_result_parse Heap-based Buffer Overflow Remote Code Execution Vulnerability (CVSS 8.8; Credit: Rafal Goryl of PixiePoint Security) zerodayinitiative.com/advisories/ZDI…

[ZDI-25-330|CVE-2025-5751] (0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Authentication Bypass Vulnerability (CVSS 4.6; Credit: Sina Kheirkhah (SinSinology) of Summoning Team (SummoningTeam)) zerodayinitiative.com/advisories/ZDI…

[ZDI-25-334|CVE-2025-30394] Microsoft Windows Remote Desktop Gateway Service Null Pointer Dereference Denial-of-Service Vulnerability (CVSS 8.6) zerodayinitiative.com/advisories/ZDI…

[ZDI-25-340|CVE-2025-5822] (Pwn2Own) Autel MaxiCharger AC Wallbox Commercial Technician API Incorrect Authorization Privilege Escalation Vulnerability (CVSS 7.1; Credit: Sina Kheirkhah (SinSinology) of Summoning Team (SummoningTeam)) zerodayinitiative.com/advisories/ZDI…

[ZDI-25-341|CVE-2025-5823] (Pwn2Own) Autel MaxiCharger AC Wallbox Commercial Serial Number Exposed Dangerous Method Information Disclosure Vulnerability (CVSS 4.9; Credit: Sina Kheirkhah (SinSinology) of Summoning Team (SummoningTeam)) zerodayinitiative.com/advisories/ZDI…

[ZDI-25-342] (Pwn2Own) Autel MaxiCharger AC Wallbox Commercial PIN Missing Authentication Information Disclosure Vulnerability (CVSS 7.5; Credit: Sina Kheirkhah (SinSinology) of Summoning Team (SummoningTeam)) zerodayinitiative.com/advisories/ZDI…

[ZDI-25-343|CVE-2025-5824] (Pwn2Own) Autel MaxiCharger AC Wallbox Commercial Origin Validation Error Authentication Bypass Vulnerability (CVSS 5.0; Credit: Sina Kheirkhah (SinSinology) of Summoning Team (SummoningTeam)) zerodayinitiative.com/advisories/ZDI…

[ZDI-25-344|CVE-2025-5825] (Pwn2Own) Autel MaxiCharger AC Wallbox Commercial Firmware Downgrade Remote Code Execution Vulnerability (CVSS 7.5; Credit: Sina Kheirkhah (SinSinology) of Summoning Team (SummoningTeam)) zerodayinitiative.com/advisories/ZDI…

[ZDI-25-345|CVE-2025-5826] (Pwn2Own) Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Misinterpretation of Input Vulnerability (CVSS 6.3; Credit: Quarkslab) zerodayinitiative.com/advisories/ZDI…

[ZDI-25-348|CVE-2025-5829] (Pwn2Own) Autel MaxiCharger AC Wallbox Commercial autocharge Stack-based Buffer Overflow Remote Code Execution Vulnerability (CVSS 6.8; Credit: Tobias Scharnowski, Felix Buchmann, and Kristian Covic of fuzzware.io) zerodayinitiative.com/advisories/ZDI…

[ZDI-25-346|CVE-2025-5827] (Pwn2Own) Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Stack-based Buffer Overflow Remote Code Execution Vulnerability (CVSS 8.8; Credit: Quarkslab) zerodayinitiative.com/advisories/ZDI…

[ZDI-25-347|CVE-2025-5828] (Pwn2Own) Autel MaxiCharger AC Wallbox Commercial wLength Buffer Overflow Remote Code Execution Vulnerability (CVSS 6.8; Credit: Synacktiv) zerodayinitiative.com/advisories/ZDI…

[ZDI-25-349|CVE-2025-5830] (Pwn2Own) Autel MaxiCharger AC Wallbox Commercial DLB_SlaveRegister Heap-based Buffer Overflow Remote Code Execution Vulnerability (CVSS 8.8; Credit: PHP Hooligans) zerodayinitiative.com/advisories/ZDI…

[ZDI-25-353|CVE-2025-5475] (Pwn2Own) Sony XAV-AX8500 Bluetooth Packet Handling Integer Overflow Remote Code Execution Vulnerability (CVSS 7.5; Credit: Công Thành Nguyễn) zerodayinitiative.com/advisories/ZDI…

[ZDI-25-354|CVE-2025-5477] (Pwn2Own) Sony XAV-AX8500 Bluetooth L2CAP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability (CVSS 7.5; Credit: Mikhail Evdokimov (konata) from PCAutomotive) zerodayinitiative.com/advisories/ZDI…

[ZDI-25-355|CVE-2025-5478] (Pwn2Own) Sony XAV-AX8500 Bluetooth SDP Protocol Integer Overflow Remote Code Execution Vulnerability (CVSS 8.8; Credit: Synacktiv) zerodayinitiative.com/advisories/ZDI…

[ZDI-25-356|CVE-2025-5479] (Pwn2Own) Sony XAV-AX8500 Bluetooth AVCTP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability (CVSS 7.5; Credit: Team Confused) zerodayinitiative.com/advisories/ZDI…

[ZDI-25-357|CVE-2025-5476] (Pwn2Own) Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability (CVSS 6.3; Credit: Mikhail Evdokimov (konata) from PCAutomotive) zerodayinitiative.com/advisories/ZDI…

[ZDI-25-358|CVE-2025-5820] (Pwn2Own) Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass Vulnerability (CVSS 6.3; Credit: Mikhail Evdokimov (konata) from PCAutomotive) zerodayinitiative.com/advisories/ZDI…