ZDI Advisories
722 advisoriesZero Day Initiative vulnerability advisories – published disclosures and upcoming publications.
Bosch Rexroth
Bosch Rexroth, a major industrial automation and hydraulics manufacturer, has a high-severity vulnerability (CVSS 7.8) that requires local access and…
OriginLab
OriginLab is a software company known for scientific data analysis and graphing tools, primarily their Origin product used in research and…
Samba
Samba is a widely-used open-source software suite that enables file sharing and printing services across Windows and Unix networks.
OriginLab
OriginLab is a scientific data analysis and graphing software company known for their Origin product suite used in research and engineering.
Bosch Rexroth
Bosch Rexroth, a major industrial automation and hydraulics company, has a high-severity vulnerability (CVSS 7.8) that requires local access and user…
Microsoft Windows win32full Improper Release Local Privilege Escalation Vulnerability
A privilege escalation vulnerability (CVE-2026-24285) has been identified in Microsoft Windows with a CVSS score of 7.8.
Microsoft Windows GDI Bitmap Parsing Out-Of-Bound Read Information Disclosure Vulnerability
This vulnerability in Microsoft Windows GDI library allows remote attackers to access sensitive information without requiring user authentication.
Microsoft Windows cdd Improper Locking Local Privilege Escalation Vulnerability
A local privilege escalation vulnerability in Microsoft Windows (CVE-2026-23668) allows attackers with low-level code execution to gain elevated…
Apple macOS libusd_ms Alembic File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
A high-severity remote code execution vulnerability (CVE-2026-20616) has been discovered in Apple macOS that allows attackers to execute arbitrary…
Apple macOS Audio APAC Frame Decoding Out-Of-Bounds Write Remote Code Execution Vulnerability
Apple macOS contains a remote code execution vulnerability (CVE-2026-20611) with a CVSS score of 7.8 that can be exploited when users interact with…
G DATA
G DATA is a well-known German cybersecurity company that develops antivirus and endpoint protection software.
Microsoft
Microsoft has disclosed a high-severity vulnerability (CVSS 7.8) that requires local access and low-level user privileges to exploit, with no user…
Fortinet FortiClient Link Following Local Privilege Escalation Vulnerability
A high-severity privilege escalation vulnerability exists in Fortinet FortiClient that allows local attackers with low-privileged code execution to…
Array Networks MotionPro ArrayInstallManager Incorrect Permission Assignment Local Privilege Escalation Vulnerability
A privilege escalation vulnerability (CVE-2026-26364) in Array Networks MotionPro allows attackers with low-level code execution to gain elevated…
Apple macOS ImageIO SGI File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
A low-severity information disclosure vulnerability exists in Apple's macOS ImageIO framework (CVE-2026-20634) that allows remote attackers to access…
Microsoft Windows win32kfull Improper Locking Local Privilege Escalation Vulnerability
CVE-2026-23668 is a high-severity privilege escalation vulnerability in Microsoft Windows that allows local attackers to gain elevated system…
Microsoft Windows cdd Improper Locking Local Privilege Escalation Vulnerability
A privilege escalation vulnerability (CVE-2026-23668) in Microsoft Windows allows attackers who already have low-level code execution to gain…
Microsoft Windows win32full Improper Release Local Privilege Escalation Vulnerability
Microsoft Windows contains a privilege escalation vulnerability (CVE-2026-24285) that allows local attackers with low-privileged code execution to…
Microsoft Windows win32full Improper Release Local Privilege Escalation Vulnerability
This vulnerability is a privilege escalation flaw in Microsoft Windows (CVE-2026-24285) that allows attackers with low-level code execution to gain…
Apple macOS ImageIO SGI File Parsing Integer Overflow Remote Code Execution Vulnerability
CVE-2026-20675 is a high-severity remote code execution vulnerability in Apple's macOS ImageIO library that allows attackers to execute arbitrary…
Microsoft Windows NDIS Driver Use-After-Free Local Privilege Escalation Vulnerability
This is a privilege escalation vulnerability affecting Microsoft Windows (CVE-2026-24289) with a CVSS score of 7.8, allowing local attackers to gain…
Unraid Authentication Request Path Traversal Authentication Bypass Vulnerability
A high-severity authentication bypass vulnerability (CVE-2026-3839) has been discovered in Unraid that allows remote attackers to gain unauthorized…
MSI
MSI, a well-known manufacturer of motherboards, graphics cards, and gaming hardware, has a local privilege escalation vulnerability (CVSS 7.8) that…
Unraid Update Request Path Traversal Remote Code Execution Vulnerability
This vulnerability in Unraid (CVE-2026-3838) allows authenticated remote attackers to execute arbitrary code on affected systems, earning a HIGH…
Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execution Vulnerability
A high-severity vulnerability (CVSS 8.0) in Philips Hue Bridge allows network-adjacent attackers to execute arbitrary code on the device if a user…
GStreamer H.266 Codec Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability
GStreamer contains a remote code execution vulnerability (CVE-2026-3081) rated 7.8 CVSS that allows attackers to execute arbitrary code if they can…
Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authentication Bypass Vulnerability
A high-severity authentication bypass vulnerability (CVE-2026-3558, CVSS 8.1) affects Philips Hue Bridge, allowing network-adjacent attackers to gain…
GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability
GStreamer contains a remote code execution vulnerability (CVE-2026-3082) rated HIGH with a CVSS score of 7.8 that allows attackers to execute…
GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability
GStreamer contains a remote code execution vulnerability (CVE-2026-2920, CVSS 7.8) that allows attackers to execute arbitrary code on systems running…
Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Delta Electronics CNCSoft-G2 contains a remote code execution vulnerability (CVE-2026-3094) that allows attackers to execute arbitrary code if a user…