ZDI Advisories
400 advisoriesZero Day Initiative vulnerability advisories – published disclosures and upcoming publications.
Bosch Rexroth IndraWorks Print Settings File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability
Bosch Rexroth IndraWorks contains a remote code execution vulnerability (CVE-2025-60037) that allows attackers to execute arbitrary code if a user…
Fortinet FortiClient VPN FCConfig Utility Link Following Local Privilege Escalation Vulnerability
Fortinet FortiClient VPN contains a local privilege escalation vulnerability (CVE-2025-62676) that allows attackers with low-level code execution to…
GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
GIMP contains a remote code execution vulnerability (CVE-2026-2048) rated as HIGH severity with a CVSS score of 7.8 that allows attackers to execute…
GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
A remote code execution vulnerability has been discovered in GIMP (CVE-2026-2047) with a high CVSS score of 7.8, allowing attackers to execute…
GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
GIMP contains a remote code execution vulnerability (CVE-2026-2045) with a CVSS score of 7.8 that allows attackers to execute arbitrary code if a…
RustDesk Client for Windows Transfer File Link Following Information Disclosure Vulnerability
RustDesk Client for Windows contains a local information disclosure vulnerability (CVE-2026-2490) that allows attackers with low-privileged code…
MLflow Use of Default Password Authentication Bypass Vulnerability
MLflow contains a critical authentication bypass vulnerability (CVE-2026-2635) with a CVSS score of 9.8 that allows unauthenticated remote attackers…
Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
A high-severity remote code execution vulnerability (CVE-2026-0874) exists in Autodesk AutoCAD that allows attackers to execute arbitrary code when…
Autodesk AutoCAD MODEL File Out-Of-Bounds Write Remote Code Execution Vulnerability
Autodesk AutoCAD contains a remote code execution vulnerability (CVE-2026-0875) rated CVSS 7.8 that allows attackers to execute arbitrary code if…
Oracle VirtualBox BusLogic Uninitialized Memory Information Disclosure Vulnerability
Oracle VirtualBox contains a local information disclosure vulnerability (CVE-2026-21963) that allows attackers with high-privilege code execution on…
Oracle VirtualBox VMSVGA Out-Of-Bounds Write Local Privilege Escalation Vulnerability
CVE-2026-21957 is a privilege escalation vulnerability in Oracle VirtualBox that allows local attackers with high-privileged code execution on a…
Oracle VirtualBox VMSVGA Race Condition Local Privilege Escalation Vulnerability
Oracle VirtualBox contains a privilege escalation vulnerability (CVE-2026-21984) that allows local attackers with high-privileged code execution on a…
Oracle VirtualBox VMSVGA Use-After-Free Local Privilege Escalation Vulnerability
CVE-2026-21955 is a privilege escalation vulnerability affecting Oracle VirtualBox that allows local attackers with high-privilege code execution on…
Oracle VirtualBox VMSVGA Heap-based Buffer Overflow Local Privilege Escalation Vulnerability
A privilege escalation vulnerability has been discovered in Oracle VirtualBox (CVE-2026-21983) that allows local attackers with high-privileged code…
MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability
MLflow Tracking Server contains a remote code execution vulnerability (CVE-2026-2033) that allows unauthenticated attackers to execute arbitrary code…
Dassault Systèmes eDrawings Viewer EPRT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
A high-severity remote code execution vulnerability (CVE-2026-1284) has been discovered in Dassault Systèmes eDrawings Viewer that allows attackers…
Dassault Systèmes eDrawings Viewer EPRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
A high-severity remote code execution vulnerability (CVE-2026-1283) has been discovered in Dassault Systèmes eDrawings Viewer that allows attackers…
Sante DICOM Viewer Pro DCM File Parsing Buffer Overflow Remote Code Execution Vulnerability
A remote code execution vulnerability (CVE-2026-2034) has been identified in Sante DICOM Viewer Pro, rated as HIGH severity with a CVSS score of 7.8.
Oracle VirtualBox LsiLogic Uninitialized Memory Information Disclosure Vulnerability
Oracle VirtualBox contains a local information disclosure vulnerability (CVE-2026-21985) that allows privileged attackers to access sensitive data on…
Oracle VirtualBox VMSVGA Out-Of-Bounds Access Local Privilege Escalation Vulnerability
A privilege escalation vulnerability exists in Oracle VirtualBox (CVE-2026-21956) that allows attackers with high-privileged code execution on a…
Nagios Host zabbixagent_configwizard_func Command Injection Remote Code Execution Vulnerability
A high-severity remote code execution vulnerability exists in Nagios Host (CVE-2026-2041) that allows authenticated attackers to execute arbitrary…
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
Schneider Electric EcoStruxure Power Build contains a remote code execution vulnerability (CVE-2025-13845) that allows attackers to execute arbitrary…
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
A high-severity remote code execution vulnerability (CVE-2025-13845) affects Schneider Electric EcoStruxure Power Build, allowing attackers to…
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-13845 is a high-severity remote code execution vulnerability in Schneider Electric EcoStruxure Power Build that allows attackers to execute…
GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution Vulnerability
GFI Archiver contains a critical remote code execution vulnerability (CVE-2026-2036) with a CVSS score of 8.8 that allows attackers to execute…
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
Schneider Electric EcoStruxure Power Build contains a remote code execution vulnerability (CVE-2025-13845) that allows attackers to execute arbitrary…
Schneider Electric EcoStruxure Power Build SSD File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2025-13845 is a high-severity remote code execution vulnerability in Schneider Electric EcoStruxure Power Build that allows attackers to execute…
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
Schneider Electric EcoStruxure Power Build contains a remote code execution vulnerability (CVE-2025-13845) that allows attackers to execute arbitrary…
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-13845 is a high-severity remote code execution vulnerability in Schneider Electric EcoStruxure Power Build that requires user interaction,…
GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability
GFI Archiver contains an authentication bypass vulnerability (CVE-2026-2038) that allows remote attackers to gain unauthorized access without…