Vulnerability Research

Security Advisories

STAR Labs responsibly discloses every vulnerability we discover. The following table is our public record of coordinated disclosures, sorted newest first.

168 / 168 advisories

Date ↕	CVE ↕	Title	Author ↕
Oct 14, 2025	CVE-2025-55336	Windows Cloud Files Mini Filter Driver Information Disclosure	Chen Le Qi
Sep 09, 2025	CVE-2025-54098	Windows Hyper-V vhdmp.sys Arbitrary File Write Leading to Elevation of Privilege	Chen Le Qi
Sep 05, 2025	CVE-2025-39682	Linux Kernel net/tls Use-After-Free in tls_sw_recvmsg Leading to Privilege Escalation	Billy Jheng Bing-Jhong, Muhammad Alifa Ramdhan
Aug 12, 2025	CVE-2025-50170	Windows Cloud Files Mini Filter Driver Elevation of Privilege	Chen Le Qi
Jul 08, 2025	CVE-2025-47985	Windows Event Tracing Insufficient Validation Leading to Elevation of Privilege	Chen Le Qi
Jul 08, 2025	CVE-2025-49660	Windows Event Tracing Reference Count Overflow Leading to Use-After-Free and Elevation of Privilege	Chen Le Qi
Jun 04, 2025	CVE-2025-23095	Samsung Exynos NPU Driver Double Free Leading to Privilege Escalation	Billy Jheng Bing Jhong, Muhammad Alifa Ramdhan, Pan ZhenPeng
Jun 02, 2025	CVE-2025-23099	Samsung Exynos NPU Driver Out-of-Bounds Write Leading to Privilege Escalation	Billy Jheng Bing Jhong, Muhammad Alifa Ramdhan, Pan ZhenPeng
Jun 01, 2025	CVE-2025-23096	Samsung Exynos NPU Driver Double Free in IMB Memory Buffer Leading to Privilege Escalation	Billy Jheng Bing-Jhong, Muhammad Alifa Ramdhan, Pan Zhenpeng
Jun 01, 2025	CVE-2025-23098	Samsung Exynos NPU Driver Use-After-Free in IMB Memory Buffer Leading to Privilege Escalation	Billy Jheng Bing-Jhong, Muhammad Alifa Ramdhan, Pan Zhenpeng, Ng Zhi Yang
Jun 01, 2025	CVE-2025-23100	Samsung Exynos NPU Driver Null Pointer Dereference Leading to Denial of Service	Billy Jheng Bing-Jhong, Muhammad Alifa Ramdhan, Pan Zhenpeng
Jun 01, 2025	CVE-2025-23103	Samsung Exynos NPU Driver Out-of-Bounds Write via Unbounded Loop Counter	Billy Jheng Bing-Jhong, Muhammad Alifa Ramdhan, Pan Zhenpeng
Jun 01, 2025	CVE-2025-23107	Samsung Exynos NPU Driver Out-of-Bounds Write via Undersized User Buffer	Billy Jheng Bing-Jhong, Muhammad Alifa Ramdhan, Pan Zhenpeng
May 16, 2025	CVE-2025-37890	Linux Kernel net_sched netem Double Enqueue Leading to Use-After-Free and Local Privilege Escalation	Gerrard Tai
May 02, 2025	CVE-2025-37797	Linux Kernel hfsc_change_class TOCTOU Leading to Use-After-Free and Local Privilege Escalation	Gerrard Tai
May 02, 2025	CVE-2025-37798	Linux Kernel fq_codel_dequeue qlen Mismatch Leading to Use-After-Free and Local Privilege Escalation	Gerrard Tai
Nov 12, 2024	CVE-2024-43626	Windows Telephony Service Heap Out-of-Bounds Read/Write Leading to Elevation of Privilege	Chen Le Qi, Nguyễn Đăng Nguyễn
Oct 01, 2024	CVE-2024-9370	Google Chrome V8 Maglev Escape Analysis Incorrect Optimization Bug	Nguyễn Hoàng Thạch, Đỗ Minh Tuấn, Wu JinLin
Jul 31, 2024	CVE-2024-6781	Calibre Arbitrary File Read	Amos Ng
Jul 31, 2024	CVE-2024-6782	Calibre Remote Code Execution	Amos Ng
Jul 31, 2024	CVE-2024-7008	Calibre Reflected Cross-Site Scripting (XSS)	Devesh Logendran
Jul 31, 2024	CVE-2024-7009	Calibre SQLite Injection	Devesh Logendran
Jul 22, 2024	CVE-2024-1837	Singtel RT5703W Unauthenticated Command Injection RCE via Login Vulnerability	Daniel Lim Wee Soong
Jul 22, 2024	CVE-2024-1838	Singtel RT5703W Authenticated Command Injection RCE via SetLoginPwd Vulnerability	Daniel Lim Wee Soong
Jul 01, 2024	CVE-2024-26923	Android AF_UNIX Garbage Collector Race Condition Leading to Use-After-Free	Billy Jheng Bing Jhong, Pan ZhenPeng
Jul 01, 2024	CVE-2024-34594	Samsung Galaxy Kernel Information Disclosure via Debug proc Entry Leading to KASLR Bypass	Billy Jheng Bing-Jhong, Pan Zhenpeng
May 16, 2024	CVE-2024-36972	Linux Kernel Race Condition in unix_gc on oob_skb Leading to Double Free	Billy Jheng Bing Jhong
May 13, 2024	CVE-2024-27828	Apple IOSurfaceRoot Reference Count Leak Leading to Kernel Panic and Code Execution	Pan Zhenpeng
Jan 22, 2024	CVE-2024-27791	Apple PMP Firmware Out-of-Bounds Write via ApplePMPv2 writeDashboard	Pan Zhenpeng
Nov 28, 2023	CVE-2023-3368	Chamilo LMS Unauthenticated Command Injection	Ngo Wei Lin
Nov 28, 2023	CVE-2023-3533	Chamilo LMS Unauthenticated Remote Code Execution via Arbitrary File Write	Ngo Wei Lin
Nov 28, 2023	CVE-2023-3545	Chamilo LMS Htaccess File Upload Security Bypass	Ngo Wei Lin
Nov 28, 2023	CVE-2023-4220	Chamilo LMS Unauthenticated Big Upload File Remote Code Execution	Ngo Wei Lin
Nov 28, 2023	CVE-2023-4221	Chamilo LMS Learning Path PPT2LP OpenofficePresentation Command Injection	Ngo Wei Lin
Nov 28, 2023	CVE-2023-4222	Chamilo LMS Learning Path PPT2LP OpenofficeTextDocument Command Injection	Ngo Wei Lin
Nov 28, 2023	CVE-2023-4223	Chamilo LMS Document Ajax File Upload Functionality Remote Code Execution	Ngo Wei Lin
Nov 28, 2023	CVE-2023-4224	Chamilo LMS Dropbox Ajax File Upload Functionality Remote Code Execution	Ngo Wei Lin
Nov 28, 2023	CVE-2023-4225	Chamilo LMS Exercise Ajax File Upload Functionality Remote Code Execution	Ngo Wei Lin
Nov 28, 2023	CVE-2023-4226	Chamilo LMS Work Ajax File Upload Functionality Remote Code Execution	Ngo Wei Lin
Nov 01, 2023	CVE-2023-1713	Bitrix24 Remote Command Execution (RCE) via Insecure Temporary File Creation	Lam Jun Rong & Li Jiantao
Nov 01, 2023	CVE-2023-1714	Bitrix24 Remote Command Execution (RCE) via Unsafe Variable Extraction	Lam Jun Rong & Li Jiantao
Nov 01, 2023	CVE-2023-1715	(CVE-2023-1715 & CVE-2023-1716) Bitrix24 Stored Cross-Site Scripting (XSS) via Improper Input Neutralization on Invoice Edit Page	Lam Jun Rong & Li Jiantao
Nov 01, 2023	CVE-2023-1717	Bitrix24 Cross-Site Scripting (XSS) via Client-side Prototype Pollution	Lam Jun Rong & Li Jiantao
Nov 01, 2023	CVE-2023-1718	Bitrix24 Denial-of-Service (DoS) via Improper File Stream Access	Lam Jun Rong & Li Jiantao
Nov 01, 2023	CVE-2023-1719	Bitrix24 Insecure Global Variable Extraction	Lam Jun Rong & Li Jiantao
Nov 01, 2023	CVE-2023-1720	Bitrix24 Stored Cross-Site Scripting (XSS) via File Upload	Lam Jun Rong & Li Jiantao
Oct 11, 2023	CVE-2023-4197	Dolibarr ERP CRM (<= 18.0.1) Improper Input Sanitization Authenticated RCE	Poh Jia Hao
Oct 11, 2023	CVE-2023-4198	Dolibarr ERP CRM (<= 17.0.3) Improper Access Control	Poh Jia Hao
Sep 29, 2023	CVE-2023-30591	NodeBB Pre-Authentication Denial-of-Service	Ngo Wei Lin
Sep 26, 2023	CVE-2023-41984	Apple AppleSPU Shared Memory Read/Write Mapping Leading to Kernel Panic and Code Execution	Pan Zhenpeng
Sep 18, 2023	CVE-2023-2315	Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2	Poh Jia Hao
Aug 28, 2023	CVE-2023-2016	Attendize <= 2.8.0 Authenticated TOCTOU Allows Multiple Refunds Per Order	Poh Jia Hao
Aug 22, 2023	CVE-2023-32523	Trend Micro Mobile Security (Enterprise) 9.8 SP5 (<= Critical Patch 3) Unauthenticated RCE	Poh Jia Hao
Aug 22, 2023	CVE-2023-32524	Trend Micro Mobile Security (Enterprise) 9.8 SP5 (<= Critical Patch 3) Unauthenticated RCE	Poh Jia Hao
Aug 22, 2023	CVE-2023-32529	Trend Micro Apex Central 2019 (<= Build 6016) Authenticated RCE	Poh Jia Hao
Aug 22, 2023	CVE-2023-32530	Trend Micro Apex Central 2019 (<= Build 6016) Authenticated RCE	Poh Jia Hao
Aug 22, 2023	CVE-2023-38624	Trend Micro Apex Central 2019 (<= Build 6394) Authenticated SSRF	Poh Jia Hao
Aug 22, 2023	CVE-2023-38625	Trend Micro Apex Central 2019 (<= Build 6394) Authenticated SSRF	Poh Jia Hao
Aug 19, 2023	CVE-2023-2110	Obsidian Local File Disclosure	Li Jiantao
Aug 19, 2023	CVE-2023-2316	Typora Local File Disclosure	Li Jiantao
Aug 19, 2023	CVE-2023-2317	Typora DOM-Based Cross-site Scripting leading to Remote Code Execution	Li Jiantao
Aug 19, 2023	CVE-2023-2318	MarkText DOM-Based Cross-site Scripting leading to Remote Code Execution	Li Jiantao
Aug 19, 2023	CVE-2023-2971	Typora Local File Disclosure (Patch Bypass)	Li Jiantao
Jul 14, 2023	CVE-2023-3513	RazerCentralService unsafe deserialization Escalation of Privilege Vulnerability	Phan Thanh Duy
Jul 14, 2023	CVE-2023-3514	RazerCentralSerivce unsafe NamedPipe permission Escalation of Privilege Vulnerability	Phan Thanh Duy
Apr 17, 2023	CVE-2023-2017	Shopware 6 Server-side Template Injection (SSTI) via Twig Security Extension	Ngo Wei Lin
Apr 12, 2023	CVE-2023-1872	Linux Kernel io_uring Missing Lock in io_file_get_fixed Leading to Use-After-Free and Local Privilege Escalation	Billy Jheng Bing-Jhong
Dec 13, 2022	CVE-2022-44667	Windows CDirectMusicPortDownload Integer Overflow Vulnerability	Lê Hữu Quang Linh
Dec 13, 2022	CVE-2022-44668	Windows DirectMusicPortDownload Double Free Vulnerability	Lê Hữu Quang Linh
Jul 13, 2022	CVE-2022-26438	Asus System Control Interface Backup Local Privilege Escalation (LPE)	Schuyler Tay
Jul 13, 2022	CVE-2022-26439	Asus System Control Interface Software Update Arbitrary File Deletion	Schuyler Tay
Mar 28, 2022	CVE-2021-4206	QEMU QXL Integer overflow leads to Heap Overflow	Billy Jheng Bing Jhong
Mar 28, 2022	CVE-2021-4207	QEMU QXL Integer overflow leads to Heap Overflow	Billy Jheng Bing Jhong
Mar 28, 2022	CVE-2022-0168	Linux Kernel smb2_ioctl_query_info NULL Pointer Dereference	Billy Jheng Bing Jhong
Mar 28, 2022	CVE-2022-0216	QEMU LSI SCSI Use After Free	Muhammad Alifa Ramdhan
Mar 14, 2022	CVE-2022-28730	Apache JSPWiki v2.11.1 - Reflected XSS in AjaxPreview.jsp	Poh Jia Hao
Mar 04, 2022	CVE-2022-26718	macOS smbfs Out-of-Bounds Read due to parse nic info	Peter Nguyễn Vũ Hoàng
Jan 11, 2022	CVE-2022-21877	Storage Spaces Controller Information Disclosure Vulnerability	Lê Hữu Quang Linh
Sep 13, 2021	CVE-2021-30844	macOS smbfs Out-of-Bounds Read	Peter Nguyễn Vũ Hoàng
Sep 13, 2021	CVE-2021-30845	macOS smbfs Out-of-Bounds Read	Peter Nguyễn Vũ Hoàng
Jun 18, 2021	CVE-2021-30868	macOS smbfs Race Condition leading to Use-After-Free Vulnerability	Peter Nguyễn Vũ Hoàng
Jun 10, 2021	CVE-20221-35400	Prolink PRC2402M mesh.cgi get_extender_page Un-authenticated Command Injection Vulnerability	Daniel Lim Wee Soong
Jun 10, 2021	CVE-20221-35401	Prolink PRC2402M login.cgi sys_login Un-authenticated Command Injection Vulnerability	Daniel Lim Wee Soong
Jun 10, 2021	CVE-20221-35403	Prolink PRC2402M touchlist_sync.cgi main Un-authenticated Command Injection Vulnerability	Daniel Lim Wee Soong
Jun 10, 2021	CVE-20221-35404	Prolink PRC2402M applogin.cgi sys_login1 Authenticated Command Injection Vulnerability	Daniel Lim Wee Soong
Jun 10, 2021	CVE-20221-35406	Prolink PRC2402M login.cgi sys_login1 Authenticated Command Injection Vulnerability	Daniel Lim Wee Soong
Jun 10, 2021	CVE-20221-35406	Prolink PRC2402M qos.cgi qos_settings Un-authenticated Command Injection Vulnerability	Daniel Lim Wee Soong
Jun 10, 2021	CVE-20221-35407	Prolink PRC2402M mesh.cgi get_upgrade_page Un-authenticated Command Injection Vulnerability	Daniel Lim Wee Soong
Jun 10, 2021	CVE-20221-35409	Prolink PRC2402M nightled.cgi SetNightLed Un-authenticated Command Injection Vulnerability	Daniel Lim Wee Soong
Jun 09, 2021	CVE-2021-30836	WebKit WebCore::AudioNode::disconnect null pointer reference	Ta Dinh Sung
Jun 09, 2021	CVE-20221-35402	Prolink PRC2402M live_api.cgi satellist_list Un-authenticated Command Injection Vulnerability	Daniel Lim Wee Soong
Jun 08, 2021	CVE-2021-35408	Prolink PRC2402M qos.cgi qos_sta_settings Un-authenticated Command Injection Vulnerability	Daniel Lim Wee Soong
May 28, 2021	CVE-2021-0956	Android NFC Out-Of-Bounds Write due to increase mNumTechList without bounds checking	Nguyễn Hoàng Thạch
May 20, 2021	CVE-2021-30745	Apple macOS QuartzCore Type Confusion Vulnerability	Peter Nguyễn Vũ Hoàng
Apr 14, 2021	CVE-2021-0204	Juniper Junos OS Local Privilege Escalation vulnerability in dexp	Nguyễn Hoàng Thạch
Apr 14, 2021	CVE-2021-0223	Juniper Junos OS Local Privilege Escalation vulnerability in telnetd	Nguyễn Hoàng Thạch
Apr 14, 2021	CVE-2021-0254	Junos OS overlayd service bss Buffer Overflow	Nguyễn Hoàng Thạch
Apr 14, 2021	CVE-2021-0255	Juniper Junos OS Local Privilege Escalation vulnerability in ethtraceroute	Nguyễn Hoàng Thạch
Apr 14, 2021	CVE-2021-0256	Juniper Junos OS Local Privilege Escalation vulnerability in mosquitto	Nguyễn Hoàng Thạch
Apr 06, 2021	CVE-2021-2321	Oracle VirtualBox E1000 BSS Out-Of-Bounds Read	Muhammad Alifa Ramdhan
Mar 23, 2021	CVE-2021-3409	QEMU Heap Overflow in SDHCI Component	Muhammad Alifa Ramdhan
Mar 22, 2021	CVE-2021-34978	NETGEAR R6260 setupwizard.cgi Buffer Overflow Unauthenticated Remote Code Execution	Sherman Chann Zhi Shen & Nguyễn Hoàng Thạch
Mar 22, 2021	CVE-2021-34979	NETGEAR R6260 mini_httpd Buffer Overflow Unauthenticated Remote Code Execution	Sherman Chann Zhi Shen & Nguyễn Hoàng Thạch
Mar 05, 2021	CVE-2021-0950	Android NFC android.hardware.nfc@1.2-service Writer mode Out-Of-Bounds Write leading to Information Disclosure	Nguyễn Hoàng Thạch
Feb 27, 2021	CVE-2021-33760	Windows Media Foundation Integer Overflow Vulnerability	Phan Thanh Duy, Brandon Chong, Cao Yi Tian
Feb 27, 2021	CVE-2021-34503	Windows Media Foundation Type Confusion Vulnerability	Phan Thanh Duy
Feb 10, 2021	CVE-2021-1758	macOS/iOS CoreText Out-Of-Bounds Read	Peter Nguyễn Vũ Hoàng
Feb 10, 2021	CVE-2021-1790	macOS/iOS CoreText libhvf Out-Of-Bounds Read	Peter Nguyễn Vũ Hoàng
Aug 21, 2020	CVE-2020-24430	Adobe Acrobat Pro DC FDF.addContact Use-After-Free Vulnerability	Alan Chang Enze
Jul 17, 2020	CVE-2020-13937	Apache Kylin - Unauthenticated Configuration Disclosure	Ngo Wei Lin
Jun 12, 2020	CVE-2020-0634	Windows CLFS UAF Memory Corruption Vulnerability	Meysam Firouzi
Jun 12, 2020	CVE-2020-1664	Juniper Junos OS dcd create_debug_data() buffer overflow	Nguyễn Hoàng Thạch
Jun 12, 2020	CVE-2021-0218	Junos OS lc_fetch_license_keys() command injection	Nguyễn Hoàng Thạch
Jun 12, 2020	CVE-2021-0219	Juniper Junos OS validate package mgd_package_real() command injection	Nguyễn Hoàng Thạch
Jun 12, 2020	CVE-2021-1485	Cisco IOS XR CLI Arbitrary Command Injection	Darell Tan
May 22, 2020	CVE-2020-15357	Askey AP5100W Authenticated Command Injection in web Interface	Li Bailin
May 22, 2020	CVE-2020-25545	Askey AP5100W Information Leak through Insecure backups	Li Bailin
May 22, 2020	CVE-2020-25546	Askey AP5100W Logic Error allowing Web Admin authentication bypass	Li Bailin
Apr 30, 2020	CVE-2020-2575	Oracle VirtualBox OHCI Uninitialized Heap Variable - Pwn2Own	Pham Hong Phi
Apr 30, 2020	CVE-2020-2748	Oracle VirtualBox SVGA Out-of-Bounds Read in vmsvgaR3FifoUpdateCursor	Pham Hong Phi, Calvin Fong
Apr 30, 2020	CVE-2020-2758	Oracle VirtualBox VHWA Use-After-Free Privilege Escalation	Calvin Fong
Apr 30, 2020	CVE-2020-2894	Oracle VirtualBox e1kInsertChecksum Out-of-Bounds Read - Pwn2Own	Pham Hong Phi
Apr 16, 2020	CVE-2020-10907	Foxit Reader XFA Widget Use-After-Free Code Execution	Peter Nguyễn Vũ Hoàng
Mar 17, 2020	CVE-2020-3800	Adobe Reader xfa.loadXML Use-after-Free	Phan Thanh Duy
Mar 17, 2020	CVE-2020-3801	Adobe Reader XFA Heap Address Leak	Phan Thanh Duy
Mar 17, 2020	CVE-2020-9816	macOS libFontParser HeapOverflow Vulnerability	Peter Nguyễn Vũ Hoàng
Jan 15, 2020	CVE-2020-2682	Oracle VirtualBox VBoxVHWAHandleTable Out-Of-Bounds Access Privilege Escalation	Pham Hong Phi
Jan 14, 2020	CVE-2020-2674	Oracle VirtualBox OHCI Use-After-Free	Pham Hong Phi
Dec 10, 2019	CVE-2019-16452	Adobe Acrobat/Reader getSound JSObject Use-after-Free - TianFu Cup 2019	Phan Thanh Duy
Dec 04, 2019	CVE-2020-0889	Microsoft Jet Database Format Record Length Memory Corruption	Shi Ji, Meysam Firouzi
Dec 04, 2019	CVE-2020-2902	Oracle VirtualBox Direct3D 9 Shader Out-of-Bounds Write Remote Code Execution Vulnerability	Pham Hong Phi
Nov 13, 2019	CVE-2020-0961	Microsoft Jet Database file position integer overflow Memory Corruption	Shi Ji, Meysam Firouzi
Nov 12, 2019	CVE-2019-1406	Microsoft Jet Engine ColumnLvText Type Confusion	Shi Ji & Meysam Firouzi
Oct 20, 2019	CVE-2019-2984	Oracle VirtualBox Video Hardware Acceleration NULL Pointer Dereferences	Phạm Hồng Phi
Oct 20, 2019	CVE-2019-3002	Oracle VirtualBox Integer Divide by Zero in hdaR3StreamInit	Phạm Hồng Phi
Oct 20, 2019	CVE-2019-3005	Oracle VirtualBox NULL Pointer Dereference in hdaR3WalClkSet	Phạm Hồng Phi
Oct 20, 2019	CVE-2019-3026	Oracle VirtualBox VBoxSVGA Invalid Check in vmsvgaFIFOLoop	Phạm Hồng Phi
Oct 20, 2019	CVE-2019-3031	Oracle VirtualBox VMSVGA Out-of-Bounds Read in vmsvga3dSetLightEnabled	Phạm Hồng Phi
Oct 15, 2019	CVE-2019-8220	Adobe Reader CLstBxField Use-after-Free	Ta Dinh Sung
Oct 15, 2019	CVE-2019-8221	Adobe Reader Type Confusion in getColorConvertAction	Ta Dinh Sung
Sep 10, 2019	CVE-2019-1250	Microsoft Jet database Record::IsNull Memory Corruption	Shi Ji & Meysam Firouzi
Aug 13, 2019	CVE-2019-8011	Acrobat Reader DC 2d.x3d!_LoadTIFF() Out-of-Bounds Read	Wei Lei
Aug 13, 2019	CVE-2019-8018	Acrobat Reader DC 2d.x3d!_LoadRGB() OOB Read in TRGB::expandrow()	Wei Lei
Jun 20, 2019	CVE-2019-8038	Adobe Acrobat/Reader CTextWidget Use-after-Free	Phan Thanh Duy
Jun 20, 2019	CVE-2019-8039	Adobe Acrobat/Reader CTextField Use-after-Free	Phan Thanh Duy
May 14, 2019	CVE-2019-7142	Acrobat Reader DC 2d.x3d!_LoadRGB() Out-of-Bounds Read/Write in TRGB::expandrow()	Wei Lei
May 07, 2019	CVE-2019-8010	Acrobat Reader DC 2d.x3d!_LoadTIFF() Out-of-Bounds Read	Wei Lei
Apr 09, 2019	CVE-2019-7118	Acrobat Reader DC 2d.x3d!_LoadRGB() Out-of-Bounds Write in TRGB::Read()	Wei Lei
Apr 09, 2019	CVE-2019-7119	Acrobat Reader DC 2d.x3d!_LoadRGB() Out-of-Bounds Write in TRGB::Read()	Wei Lei
Apr 09, 2019	CVE-2019-7120	Acrobat Reader DC 2d.x3d!_LoadILBM() Out-of-Bounds Read in TIF::Read()	Wei Lei
Apr 09, 2019	CVE-2019-7121	Acrobat Reader DC 2d.x3d!_LoadILBM() Out-of-Bounds Read in TIF::Read()	Wei Lei
Apr 09, 2019	CVE-2019-7122	Acrobat Reader DC 2d.x3d!_LoadTIFF() Out-of-Bounds Read in TTIFFread::TifReadChunkyRGB()	Wei Lei
Apr 09, 2019	CVE-2019-7123	Acrobat Reader DC 2d.x3d!_LoadRGB() Memory Corruption in TRGB::expandrow()	Wei Lei
Mar 20, 2019	CVE-2019-2722	Oracle VirtualBox e1000 Integer Underflow - Pwn2Own	Phạm Hồng Phi
Mar 07, 2019	CVE-2019-9133	KMPlayer Subtitles Parser Integer Overflow Vulnerability	Phạm Hồng Phi
Feb 19, 2019	CVE-2018-20334	ASUSWRT Command Injection in start_apply.htm	Shi Ji
Feb 19, 2019	CVE-2018-20335	ASUSWRT Denial of Service of HTTP Service	Shi Ji
Feb 19, 2019	CVE-2018-20336	ASUSWRT Stack Overflow in wanduck.c	Shi Ji
Feb 19, 2019	CVE-2019-16340	Linksys Velop Authentication Bypass	Shi Ji
Feb 12, 2019	CVE-2019-7035	Acrobat Reader DC 2d.x3d!_LoadGIF() Arbitrary Write in TGIF::PutPixel()	Wei Lei
Jan 10, 2019	CVE-2019-16337	Hancom Office Use-after-Free in HncBD90	Shi Ji
Jan 10, 2019	CVE-2019-16338	Hancom Office tfo_common Object Use-after-Free in HwordApp	Shi Ji
Jan 09, 2019	CVE-2019-16339	Hancom Hcell Unspecified Memory Corruption	Shi Ji
Dec 21, 2018	CVE-2018-20333	ASUSWRT Information Disclosure on update_applist.asp	Shi Ji
Nov 28, 2018	CVE-2019-6984	Foxit Reader U3D Shading Modifier Block Integer Overflow Vulnerability	Wei Lei
Nov 28, 2018	CVE-2019-6985	Foxit Reader U3D 2D Glyph Modifier Block Use-after-Free Vulnerability	Wei Lei
Nov 27, 2018	CVE-2019-6982	Foxit Reader U3D CLOD Mesh Declaration OOB Write	Wei Lei
Nov 27, 2018	CVE-2019-6983	Foxit Reader U3D File Header Block Heap Overflow	Wei Lei