ZDI Advisories

248 advisories

Zero Day Initiative vulnerability advisories – published disclosures and upcoming publications.

All 706 Published 248 Upcoming 458 Overdue 331
ZDI-26-288 6.5 CVE-2026-5492 DriveLock Apr 15, 2026

DriveLock Directory Traversal Information Disclosure Vulnerability

ZDI-26-292 8.8 CVE-2026-22898 QNAP Apr 15, 2026

QNAP TS-453E QVRPro excpostgres Exposed Dangerous Method Remote Code Execution Vulnerability

ZDI-26-289 7.5 CVE-2025-71066 Linux Apr 15, 2026

Linux Kernel ETS Scheduler Race Condition Local Privilege Escalation Vulnerability

ZDI-26-272 7.5 CVE-2026-5057 ATEN Apr 15, 2026

ATEN Unizon RpcProvider Missing Authentication Denial-of-Service Vulnerability

ZDI-26-264 7.5 CVE-2026-27305 Adobe Apr 15, 2026

Adobe ColdFusion fetchCFSettingFile Directory Traversal Information Disclosure Vulnerability

ZDI-26-262 5.4 CVE-2026-34619 Adobe Apr 15, 2026

Adobe ColdFusion deleteVersion Directory Traversal Arbitrary File Deletion Vulnerability

ZDI-26-263 6.5 CVE-2026-27282 Adobe Apr 15, 2026

Adobe ColdFusion subscribeToEndpoints Authentication Bypass Vulnerability

ZDI-26-290 7.8 CVE-2026-32860 NI Apr 15, 2026

NI LabVIEW LVLIB File Parsing Memory Corruption Remote Code Execution Vulnerability

ZDI-26-276 7.5 CVE-2026-26179 Microsoft Apr 15, 2026

Microsoft Windows Secure Kernel Double Free Local Privilege Escalation Vulnerability

ZDI-26-273 7.8 Microsoft Apr 15, 2026

Microsoft Olive Deserialization of Untrusted Data Remote Code Execution Vulnerability

ZDI-26-265 6.5 CVE-2026-39811 Fortinet Apr 15, 2026

Fortinet FortiWeb cgi_buf_alloc Integer Overflow Denial-of-Service Vulnerability

ZDI-26-268 7.8 CVE-2026-25203 Samsung Apr 15, 2026

Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability

ZDI-26-266 8.8 CVE-2026-40688 Fortinet Apr 15, 2026

Fortinet FortiWeb cat_cgi_paths Out-Of-Bounds Write Remote Code Execution Vulnerability

ZDI-26-267 7.8 Malwarebytes Apr 15, 2026

Malwarebytes Anti-Malware Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

ZDI-26-281 7.8 CVE-2026-34054 Microsoft Apr 15, 2026

Microsoft vcpkg OpenSSL Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

ZDI-26-279 7.5 CVE-2026-32183 Microsoft Apr 15, 2026

Microsoft Windows Snipping Tool Improper Input Validation Remote Code Execution Vulnerability

ZDI-26-280 8.8 CVE-2026-4682 HP Apr 15, 2026

HP DeskJet 2855e JobStatusEvent Stack-based Buffer Overflow Remote Code Execution Vulnerability

ZDI-26-291 7.8 CVE-2026-32861 NI Apr 15, 2026

NI LabVIEW LVCLASS File Parsing Memory Corruption Remote Code Execution Vulnerability

ZDI-26-278 7.8 CVE-2026-33104 Microsoft Apr 15, 2026

Microsoft Windows win32kfull Improper Locking Local Privilege Escalation Vulnerability

ZDI-26-277 7.8 CVE-2026-32073 Microsoft Apr 15, 2026

Microsoft Windows afd.sys Race Condition Local Privilege Escalation Vulnerability

ZDI-26-274 7.8 Microsoft Apr 15, 2026

Microsoft Qlib fit Deserialization of Untrusted Data Remote Code Execution Vulnerability

ZDI-26-275 8.8 Microsoft Apr 15, 2026

Microsoft Qlib _mount_nfs_uri Command Injection Remote Code Execution Vulnerability

ZDI-26-271 7.8 CVE-2026-5424 Avast Apr 15, 2026

Avast Premium Security Gen Self Protection Driver Exposed Dangerous Function Local Privilege Escalation Vulnerability

ZDI-26-261 7.5 Docker Apr 15, 2026

Docker Desktop credentialHelper Directory Traversal Privilege Escalation Vulnerability

ZDI-26-269 9.8 CVE-2025-54948 TrendAI Apr 15, 2026

TrendAI Apex One Console Directory Traversal Remote Code Execution Vulnerability

ZDI-26-270 9.8 CVE-2025-54987 TrendAI Apr 15, 2026

TrendAI Apex One Console Directory Traversal Remote Code Execution Vulnerability

ZDI-26-258 8.2 Docker Apr 15, 2026

Docker Desktop extension-manager Exposed Dangerous Function Local Privilege Escalation Vulnerability

ZDI-26-260 7.5 Docker Apr 15, 2026

Docker Desktop System Editor Uncontrolled Search Path Element Privilege Escalation Vulnerability

ZDI-26-259 7.8 Docker Apr 15, 2026

Docker Desktop cli-plugins Incorrect Permission Assignment Local Privilege Escalation Vulnerability

ZDI-26-287 7.5 CVE-2026-5491 DriveLock Apr 15, 2026

DriveLock Directory Traversal Information Disclosure Vulnerability

Page 1 of 9 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy