ZDI Advisories
400 advisoriesZero Day Initiative vulnerability advisories – published disclosures and upcoming publications.
Fortinet FortiClient Link Following Local Privilege Escalation Vulnerability
A high-severity privilege escalation vulnerability exists in Fortinet FortiClient that allows local attackers with low-privileged code execution to…
Microsoft Windows cdd Improper Locking Local Privilege Escalation Vulnerability
A local privilege escalation vulnerability in Microsoft Windows (CVE-2026-23668) allows attackers with low-level code execution to gain elevated…
Unraid Update Request Path Traversal Remote Code Execution Vulnerability
This vulnerability in Unraid (CVE-2026-3838) allows authenticated remote attackers to execute arbitrary code on affected systems, earning a HIGH…
Unraid Authentication Request Path Traversal Authentication Bypass Vulnerability
A high-severity authentication bypass vulnerability (CVE-2026-3839) has been discovered in Unraid that allows remote attackers to gain unauthorized…
GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerability
GStreamer contains a remote code execution vulnerability (CVE-2026-2922) rated HIGH with a CVSS score of 7.8, allowing attackers to execute arbitrary…
GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability
GStreamer contains a critical remote code execution vulnerability (CVE-2026-3083) rated 8.8 CVSS that allows attackers to execute arbitrary code on…
Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability
A network-adjacent attacker can execute arbitrary code on Philips Hue Bridge devices without authentication due to CVE-2026-3562, a medium-severity…
GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability
GStreamer contains a high-severity remote code execution vulnerability (CVE-2026-3085, CVSS 8.8) that allows attackers to execute arbitrary code when…
Philips Hue Bridge HomeKit hk_hap_pair_storage_put Heap-based Buffer Overflow Remote Code Execution Vulnerability
A critical unauthenticated remote code execution vulnerability (CVE-2026-3560) has been discovered in the Philips Hue Bridge smart home device, rated…
Philips Hue Bridge hk_hap characteristics Heap-based Buffer Overflow Remote Code Execution Vulnerability
A high-severity vulnerability (CVSS 8.0) in Philips Hue Bridge allows network-adjacent attackers to execute arbitrary code by bypassing the device's…
Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass Vulnerability
A high-severity authentication bypass vulnerability (CVE-2026-3559) has been discovered in Philips Hue Bridge that allows network-adjacent attackers…
Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability
A critical unauthenticated remote code execution vulnerability (CVE-2026-3556) affects the Philips Hue Bridge smart home hub, rated 8.8 CVSS.
Philips Hue Bridge hap_pair_verify_handler Sub-TLV Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
A high-severity vulnerability (CVE-2026-3557) in Philips Hue Bridge allows network-adjacent attackers to execute arbitrary code by bypassing the…
GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability
GStreamer contains a remote code execution vulnerability (CVE-2026-2923) with a CVSS score of 7.8 that allows attackers to execute arbitrary code on…
Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
Docker Desktop contains a local privilege escalation vulnerability (CVE-2025-15558) that allows attackers with low-level code execution access to…
Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Delta Electronics CNCSoft-G2 contains a remote code execution vulnerability (CVE-2026-3094) that allows attackers to execute arbitrary code if a user…
GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability
GStreamer contains a remote code execution vulnerability (CVE-2026-2920, CVSS 7.8) that allows attackers to execute arbitrary code on systems running…
GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability
GStreamer contains a remote code execution vulnerability (CVE-2026-3082) rated HIGH with a CVSS score of 7.8 that allows attackers to execute…
Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authentication Bypass Vulnerability
A high-severity authentication bypass vulnerability (CVE-2026-3558, CVSS 8.1) affects Philips Hue Bridge, allowing network-adjacent attackers to gain…
GStreamer H.266 Codec Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability
GStreamer contains a remote code execution vulnerability (CVE-2026-3081) rated 7.8 CVSS that allows attackers to execute arbitrary code if they can…
Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execution Vulnerability
A high-severity vulnerability (CVSS 8.0) in Philips Hue Bridge allows network-adjacent attackers to execute arbitrary code on the device if a user…
GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerability
GStreamer contains a remote code execution vulnerability (CVE-2026-3086) rated 7.8 CVSS High severity that allows attackers to execute arbitrary code…
GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability
GStreamer contains a remote code execution vulnerability (CVE-2026-2921) with a high CVSS score of 7.8 that allows attackers to execute arbitrary…
GStreamer H.266 Codec Parser Integer Underflow Remote Code Execution Vulnerability
GStreamer contains a remote code execution vulnerability (CVE-2026-3084) rated HIGH with a CVSS score of 7.8 that allows attackers to execute…
Music Assistant _update_library_item External Control of File Path Remote Code Execution Vulnerability
Music Assistant contains a high-severity vulnerability (CVE-2026-26975) that allows network-adjacent attackers to execute arbitrary code on affected…
Trend Micro Apex Central Scheduled Update Server-Side Request Forgery Vulnerability
A medium-severity information disclosure vulnerability exists in Trend Micro Apex Central that allows authenticated remote attackers to access…
Trend Micro Apex One Console Directory Traversal Remote Code Execution Vulnerability
Trend Micro Apex One contains a critical remote code execution vulnerability (CVE-2025-71210) that requires no authentication to exploit, allowing…
Hewlett Packard Enterprise AutoPass License Server Authentication Bypass Vulnerability
A remote authentication bypass vulnerability (CVE-2026-23600) has been discovered in Hewlett Packard Enterprise AutoPass License Server, rated as…
Trend Micro Apex One Console Directory Traversal Remote Code Execution Vulnerability
Trend Micro Apex One contains a critical remote code execution vulnerability (CVE-2025-71211) that allows unauthenticated attackers to execute…
Trend Micro Cleaner One Pro Link Following Denial-of-Service Vulnerability
Trend Micro Cleaner One Pro contains a local denial-of-service vulnerability (CVE-2025-71218) that allows low-privileged attackers to crash or…