Skip to main content

ZDI Advisories

400 advisories

Zero Day Initiative vulnerability advisories – published disclosures and upcoming publications.

ZDI-26-110 7.8 CVE-2025-60037 Bosch Feb 19, 2026

Bosch Rexroth IndraWorks Print Settings File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability

Bosch Rexroth IndraWorks contains a remote code execution vulnerability (CVE-2025-60037) that allows attackers to execute arbitrary code if a user…

ZDI-26-115 7.8 CVE-2025-62676 Fortinet Feb 19, 2026

Fortinet FortiClient VPN FCConfig Utility Link Following Local Privilege Escalation Vulnerability

Fortinet FortiClient VPN contains a local privilege escalation vulnerability (CVE-2025-62676) that allows attackers with low-level code execution to…

ZDI-26-121 7.8 CVE-2026-2048 GIMP Feb 19, 2026

GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

GIMP contains a remote code execution vulnerability (CVE-2026-2048) rated as HIGH severity with a CVSS score of 7.8 that allows attackers to execute…

ZDI-26-120 7.8 CVE-2026-2047 GIMP Feb 19, 2026

GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

A remote code execution vulnerability has been discovered in GIMP (CVE-2026-2047) with a high CVSS score of 7.8, allowing attackers to execute…

ZDI-26-119 7.8 CVE-2026-2045 GIMP Feb 19, 2026

GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

GIMP contains a remote code execution vulnerability (CVE-2026-2045) with a CVSS score of 7.8 that allows attackers to execute arbitrary code if a…

ZDI-26-117 5.5 CVE-2026-2490 RustDesk Feb 19, 2026

RustDesk Client for Windows Transfer File Link Following Information Disclosure Vulnerability

RustDesk Client for Windows contains a local information disclosure vulnerability (CVE-2026-2490) that allows attackers with low-privileged code…

ZDI-26-111 9.8 CVE-2026-2635 MLflow Feb 19, 2026

MLflow Use of Default Password Authentication Bypass Vulnerability

MLflow contains a critical authentication bypass vulnerability (CVE-2026-2635) with a CVSS score of 9.8 that allows unauthenticated remote attackers…

ZDI-26-106 7.8 CVE-2026-0874 Autodesk Feb 18, 2026

Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

A high-severity remote code execution vulnerability (CVE-2026-0874) exists in Autodesk AutoCAD that allows attackers to execute arbitrary code when…

ZDI-26-107 7.8 CVE-2026-0875 Autodesk Feb 18, 2026

Autodesk AutoCAD MODEL File Out-Of-Bounds Write Remote Code Execution Vulnerability

Autodesk AutoCAD contains a remote code execution vulnerability (CVE-2026-0875) rated CVSS 7.8 that allows attackers to execute arbitrary code if…

ZDI-26-101 6.0 CVE-2026-21963 Oracle Feb 13, 2026

Oracle VirtualBox BusLogic Uninitialized Memory Information Disclosure Vulnerability

Oracle VirtualBox contains a local information disclosure vulnerability (CVE-2026-21963) that allows attackers with high-privilege code execution on…

ZDI-26-102 7.5 CVE-2026-21957 Oracle Feb 13, 2026

Oracle VirtualBox VMSVGA Out-Of-Bounds Write Local Privilege Escalation Vulnerability

CVE-2026-21957 is a privilege escalation vulnerability in Oracle VirtualBox that allows local attackers with high-privileged code execution on a…

ZDI-26-099 7.5 CVE-2026-21984 Oracle Feb 13, 2026

Oracle VirtualBox VMSVGA Race Condition Local Privilege Escalation Vulnerability

Oracle VirtualBox contains a privilege escalation vulnerability (CVE-2026-21984) that allows local attackers with high-privileged code execution on a…

ZDI-26-098 8.2 CVE-2026-21955 Oracle Feb 13, 2026

Oracle VirtualBox VMSVGA Use-After-Free Local Privilege Escalation Vulnerability

CVE-2026-21955 is a privilege escalation vulnerability affecting Oracle VirtualBox that allows local attackers with high-privilege code execution on…

ZDI-26-097 7.5 CVE-2026-21983 Oracle Feb 13, 2026

Oracle VirtualBox VMSVGA Heap-based Buffer Overflow Local Privilege Escalation Vulnerability

A privilege escalation vulnerability has been discovered in Oracle VirtualBox (CVE-2026-21983) that allows local attackers with high-privileged code…

ZDI-26-105 8.1 CVE-2026-2033 MLflow Feb 13, 2026

MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability

MLflow Tracking Server contains a remote code execution vulnerability (CVE-2026-2033) that allows unauthenticated attackers to execute arbitrary code…

ZDI-26-095 7.8 CVE-2026-1284 Dassault Feb 13, 2026

Dassault Systèmes eDrawings Viewer EPRT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

A high-severity remote code execution vulnerability (CVE-2026-1284) has been discovered in Dassault Systèmes eDrawings Viewer that allows attackers…

ZDI-26-096 7.8 CVE-2026-1283 Dassault Feb 13, 2026

Dassault Systèmes eDrawings Viewer EPRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

A high-severity remote code execution vulnerability (CVE-2026-1283) has been discovered in Dassault Systèmes eDrawings Viewer that allows attackers…

ZDI-26-104 7.8 CVE-2026-2034 Sante Feb 13, 2026

Sante DICOM Viewer Pro DCM File Parsing Buffer Overflow Remote Code Execution Vulnerability

A remote code execution vulnerability (CVE-2026-2034) has been identified in Sante DICOM Viewer Pro, rated as HIGH severity with a CVSS score of 7.8.

ZDI-26-100 6.0 CVE-2026-21985 Oracle Feb 13, 2026

Oracle VirtualBox LsiLogic Uninitialized Memory Information Disclosure Vulnerability

Oracle VirtualBox contains a local information disclosure vulnerability (CVE-2026-21985) that allows privileged attackers to access sensitive data on…

ZDI-26-103 8.2 CVE-2026-21956 Oracle Feb 13, 2026

Oracle VirtualBox VMSVGA Out-Of-Bounds Access Local Privilege Escalation Vulnerability

A privilege escalation vulnerability exists in Oracle VirtualBox (CVE-2026-21956) that allows attackers with high-privileged code execution on a…

ZDI-26-073 7.2 CVE-2026-2041 Nagios Feb 12, 2026

Nagios Host zabbixagent_configwizard_func Command Injection Remote Code Execution Vulnerability

A high-severity remote code execution vulnerability exists in Nagios Host (CVE-2026-2041) that allows authenticated attackers to execute arbitrary…

ZDI-26-084 7.8 CVE-2025-13845 Schneider Feb 12, 2026

Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

Schneider Electric EcoStruxure Power Build contains a remote code execution vulnerability (CVE-2025-13845) that allows attackers to execute arbitrary…

ZDI-26-087 7.8 CVE-2025-13845 Schneider Feb 12, 2026

Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

A high-severity remote code execution vulnerability (CVE-2025-13845) affects Schneider Electric EcoStruxure Power Build, allowing attackers to…

ZDI-26-091 7.8 CVE-2025-13845 Schneider Feb 12, 2026

Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

CVE-2025-13845 is a high-severity remote code execution vulnerability in Schneider Electric EcoStruxure Power Build that allows attackers to execute…

ZDI-26-076 8.8 CVE-2026-2036 GFI Feb 12, 2026

GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution Vulnerability

GFI Archiver contains a critical remote code execution vulnerability (CVE-2026-2036) with a CVSS score of 8.8 that allows attackers to execute…

ZDI-26-090 7.8 CVE-2025-13845 Schneider Feb 12, 2026

Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

Schneider Electric EcoStruxure Power Build contains a remote code execution vulnerability (CVE-2025-13845) that allows attackers to execute arbitrary…

ZDI-26-093 7.8 CVE-2025-13845 Schneider Feb 12, 2026

Schneider Electric EcoStruxure Power Build SSD File Parsing Use-After-Free Remote Code Execution Vulnerability

CVE-2025-13845 is a high-severity remote code execution vulnerability in Schneider Electric EcoStruxure Power Build that allows attackers to execute…

ZDI-26-089 7.8 CVE-2025-13845 Schneider Feb 12, 2026

Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

Schneider Electric EcoStruxure Power Build contains a remote code execution vulnerability (CVE-2025-13845) that allows attackers to execute arbitrary…

ZDI-26-085 7.8 CVE-2025-13845 Schneider Feb 12, 2026

Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

CVE-2025-13845 is a high-severity remote code execution vulnerability in Schneider Electric EcoStruxure Power Build that requires user interaction,…

ZDI-26-075 7.3 CVE-2026-2038 GFI Feb 12, 2026

GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability

GFI Archiver contains an authentication bypass vulnerability (CVE-2026-2038) that allows remote attackers to gain unauthorized access without…

Prev Page 12 of 14 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy