ZDI Advisories
722 advisoriesZero Day Initiative vulnerability advisories – published disclosures and upcoming publications.
Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
Docker Desktop contains a local privilege escalation vulnerability (CVE-2025-15558) that allows attackers with low-level code execution access to…
NGINX
NGINX is a widely-used open-source web server and reverse proxy software that handles traffic for millions of websites globally.
GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability
GStreamer contains a remote code execution vulnerability (CVE-2026-2923) with a CVSS score of 7.8 that allows attackers to execute arbitrary code on…
Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass Vulnerability
A high-severity authentication bypass vulnerability (CVE-2026-3559) has been discovered in Philips Hue Bridge that allows network-adjacent attackers…
Philips Hue Bridge HomeKit hk_hap_pair_storage_put Heap-based Buffer Overflow Remote Code Execution Vulnerability
A critical unauthenticated remote code execution vulnerability (CVE-2026-3560) has been discovered in the Philips Hue Bridge smart home device, rated…
Adminer
Adminer is a popular web-based database management tool that allows remote administration of databases.
verl
A high-severity vulnerability (CVSS 8.1) has been identified in Verl, affecting the confidentiality, integrity, and availability of impacted systems.
Philips Hue Bridge hk_hap characteristics Heap-based Buffer Overflow Remote Code Execution Vulnerability
A high-severity vulnerability (CVSS 8.0) in Philips Hue Bridge allows network-adjacent attackers to execute arbitrary code by bypassing the device's…
Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability
A critical unauthenticated remote code execution vulnerability (CVE-2026-3556) affects the Philips Hue Bridge smart home hub, rated 8.8 CVSS.
Philips Hue Bridge hap_pair_verify_handler Sub-TLV Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
A high-severity vulnerability (CVE-2026-3557) in Philips Hue Bridge allows network-adjacent attackers to execute arbitrary code by bypassing the…
GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability
GStreamer contains a high-severity remote code execution vulnerability (CVE-2026-3085, CVSS 8.8) that allows attackers to execute arbitrary code when…
Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability
A network-adjacent attacker can execute arbitrary code on Philips Hue Bridge devices without authentication due to CVE-2026-3562, a medium-severity…
GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability
GStreamer contains a critical remote code execution vulnerability (CVE-2026-3083) rated 8.8 CVSS that allows attackers to execute arbitrary code on…
GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerability
GStreamer contains a remote code execution vulnerability (CVE-2026-2922) rated HIGH with a CVSS score of 7.8, allowing attackers to execute arbitrary…
GStreamer H.266 Codec Parser Integer Underflow Remote Code Execution Vulnerability
GStreamer contains a remote code execution vulnerability (CVE-2026-3084) rated HIGH with a CVSS score of 7.8 that allows attackers to execute…
GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability
GStreamer contains a remote code execution vulnerability (CVE-2026-2921) with a high CVSS score of 7.8 that allows attackers to execute arbitrary…
GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerability
GStreamer contains a remote code execution vulnerability (CVE-2026-3086) rated 7.8 CVSS High severity that allows attackers to execute arbitrary code…
Apple
Apple has a local vulnerability (CVE pending) with low severity that requires user interaction to exploit but could lead to minor information…
Apple
Apple has a high-severity vulnerability (CVSS 7.5) that can be exploited remotely without authentication, though it requires user interaction and…
Microsoft
Microsoft has a high-severity vulnerability (CVSS 7.8) that requires local access and user interaction to exploit, but delivers complete system…
Meta
Meta, a major social media and technology company, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but no…
Meta
Meta, the social media and technology conglomerate, has a high-severity vulnerability (CVSS 7.8) that requires local access and user interaction but…
Meta
Meta, the social media and technology conglomerate behind Facebook, Instagram, and other platforms, has a high-severity local vulnerability (CVSS…
Meta
Meta, the parent company of Facebook, Instagram, and WhatsApp, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but…
Meta
Meta, the parent company of Facebook, Instagram, and WhatsApp, has a high-severity vulnerability (CVSS 7.8) that requires local access and user…
ASUS
ASUS, a major manufacturer of consumer and enterprise computing hardware and components, has a high-severity local privilege escalation vulnerability…
Meta
Meta, the social media and technology conglomerate, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction to exploit but…
Meta
Meta, the social media and technology conglomerate behind Facebook, Instagram, and WhatsApp, has a high-severity local vulnerability (CVSS 7.8) that…
Trend Micro Apex One Virus Scan Engine Link Following Local Privilege Escalation Vulnerability
Trend Micro Apex One Security Agent contains a privilege escalation vulnerability (CVE-2025-71212) that allows attackers with low-level code…
Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability
A privilege escalation vulnerability (CVE-2025-71213) in Trend Micro Apex One Security Agent allows attackers with low-level code execution on a…