defcesco, I'm disclosing three remote code execution (RCE) 0 days for KiTTY. KiTTY is a fork of PuTTY and has 20 million+ downloads. The vulnerability was introduced in the original release and is stable and reliable on Windows 11-Windows XP. Your sysadmin who likes cats and needs PuTTY is probably using it. The lead developer of KiTTY never replied after multiple contacts (see Timeline).
Advisory & Exploits:
https://blog.defcesco.io/CVE-2024-25003-CVE-2024-25004
https://blog.defcesco.io/CVE-2024-23749