ZDI Advisories
722 advisoriesZero Day Initiative vulnerability advisories – published disclosures and upcoming publications.
Microsoft
Microsoft has a high-severity vulnerability (CVSS 7.5) that can be exploited remotely over the network without authentication, though it requires…
Trend Micro Apex One Security Agent iCore Service Signature Verification Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
A privilege escalation vulnerability exists in Trend Micro Apex One Security Agent that allows local attackers with low-privileged code execution to…
Hewlett Packard Enterprise AutoPass License Server Authentication Bypass Vulnerability
A remote authentication bypass vulnerability (CVE-2026-23600) has been discovered in Hewlett Packard Enterprise AutoPass License Server, rated as…
Trend Micro Apex One Console Directory Traversal Remote Code Execution Vulnerability
Trend Micro Apex One contains a critical remote code execution vulnerability (CVE-2025-71210) that requires no authentication to exploit, allowing…
Music Assistant _update_library_item External Control of File Path Remote Code Execution Vulnerability
Music Assistant contains a high-severity vulnerability (CVE-2026-26975) that allows network-adjacent attackers to execute arbitrary code on affected…
Trend Micro Apex One Console Directory Traversal Remote Code Execution Vulnerability
Trend Micro Apex One contains a critical remote code execution vulnerability (CVE-2025-71211) that allows unauthenticated attackers to execute…
LangChain LangGraph BaseCache Deserialization of Untrusted Data Remote Code Execution Vulnerability
LangChain's LangGraph component contains a remote code execution vulnerability (CVE-2026-27794) that allows unauthenticated attackers to execute…
Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability
A privilege escalation vulnerability (CVE-2025-71213) in Trend Micro Apex One Security Agent allows attackers with low-level code execution on a…
Docker Desktop for Mac Docker Model Runner Exposed Dangerous Function Denial-of-Service Vulnerability
Docker Desktop contains a local denial-of-service vulnerability (CVE-2026-28400) that allows low-privileged attackers to crash or disable the…
GNU
GNU is the open-source software foundation behind widely-used tools like GCC compiler and core Linux utilities, making this vulnerability potentially…
Trend Micro Apex One Security Agent iCore Service Origin Validation Error Local Privilege Escalation Vulnerability
Trend Micro Apex One Security Agent contains a privilege escalation vulnerability (CVE-2025-71214) that allows local attackers with low-privileged…
Trend Micro Apex One Virus Scan Engine Link Following Local Privilege Escalation Vulnerability
Trend Micro Apex One Security Agent contains a privilege escalation vulnerability (CVE-2025-71212) that allows attackers with low-level code…
Trend Micro Apex One Security Agent TmSelfProtect Origin Validation Error Local Privilege Escalation Vulnerability
This advisory describes a privilege escalation vulnerability in Trend Micro Apex One Security Agent that allows an attacker with low-privileged code…
Trend Micro Apex One Security Agent Cache Mechanism Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
Trend Micro Apex One Security Agent contains a privilege escalation vulnerability (CVE-2025-71216) that allows local attackers with low-privileged…
Trend Micro Apex Central Manual Update Server-Side Request Forgery Vulnerability
Trend Micro Apex Central contains an information disclosure vulnerability (CVE-2025-71207) that allows authenticated remote attackers to access…
Trend Micro Apex Central Scheduled Update Server-Side Request Forgery Vulnerability
A medium-severity information disclosure vulnerability exists in Trend Micro Apex Central that allows authenticated remote attackers to access…
Trend Micro Apex Central Improper Authentication Privilege Escalation Vulnerability
Trend Micro Apex Central contains a high-severity privilege escalation vulnerability (CVE-2025-71209, CVSS 8.1) that allows authenticated attackers…
Trend Micro Apex Central Improper Authentication Privilege Escalation Vulnerability
A privilege escalation vulnerability affects Trend Micro Apex Central that allows authenticated remote attackers to gain elevated permissions on the…
Trend Micro Apex Central Hub Server Server-Side Request Forgery Vulnerability
Trend Micro Apex Central contains an information disclosure vulnerability (CVE-2025-71205) that allows authenticated remote attackers to access…
AzeoTech
AzeoTech is a software company known for industrial automation and SCADA control systems.
Trend Micro
Trend Micro is a well-known cybersecurity software vendor specializing in antivirus, endpoint protection, and threat defense solutions.
Trend Micro
Trend Micro is a major cybersecurity vendor that provides antivirus, endpoint protection, and cloud security solutions.
Microsoft
Microsoft has disclosed a low-severity local information disclosure vulnerability (CVSS 3.3) that requires user interaction to exploit but no…
AzeoTech
AzeoTech is a software company known for industrial automation and SCADA/HMI (human-machine interface) platforms.
Microsoft
Microsoft has a high-severity local privilege escalation vulnerability (CVSS 7.8) that requires local access and low-level user privileges to…
Mozilla
Mozilla, the company behind the Firefox browser and related internet services, has a critical vulnerability (CVSS 8.8) that can be exploited remotely…
Microsoft
Microsoft has a high-severity vulnerability (CVSS 7.0) that requires local access and low-level user privileges to exploit, with potential to…
Flowise
Flowise is an open-source platform for building AI applications and workflows.
Linux
Linux kernel vulnerability CVE classified as HIGH severity (CVSS 7.5) requires local access and high-level privileges to exploit, but can result in…
Flowise
Flowise is a popular open-source low-code platform for building AI applications and chatbots.