ZDI Advisories
400 advisoriesZero Day Initiative vulnerability advisories – published disclosures and upcoming publications.
GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability
GFI Archiver contains an authentication bypass vulnerability (CVE-2026-2039) that allows remote attackers to gain unauthorized access without valid…
Ivanti Endpoint Manager ROI SQL Injection Remote Code Execution Vulnerability
Ivanti Endpoint Manager contains a high-severity vulnerability (CVE-2026-1602, CVSS 7.2) that allows authenticated remote attackers to execute…
Microsoft Windows win32kfull Use-After-Free Local Privilege Escalation Vulnerability
A local privilege escalation vulnerability in Microsoft Windows (CVE-2026-21235) allows attackers with low-level code execution capabilities to gain…
Microsoft Windows searchConnector-ms NTLM Response Information Disclosure Vulnerability
This vulnerability in Microsoft Windows allows attackers to capture and disclose NTLM authentication responses, a critical component used for network…
Microsoft Exchange InterceptorSmtpAgent Reliance on Untrusted Inputs Security Feature Bypass Vulnerability
A medium-severity vulnerability in Microsoft Exchange (CVE-2026-21527) allows unauthenticated remote attackers to bypass a security feature without…
Ivanti Endpoint Manager AuthHelper Authentication Bypass Vulnerability
Ivanti Endpoint Manager contains an authentication bypass vulnerability (CVE-2026-1603) that allows remote attackers to gain unauthorized access…
Deciso OPNsense diag_backup.php filename Command Injection Remote Code Execution Vulnerability
Deciso OPNsense contains a code execution vulnerability (CVE-2026-2035) that allows authenticated network-adjacent attackers to execute arbitrary…
GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution Vulnerability
GFI Archiver contains a critical remote code execution vulnerability (CVE-2026-2037) with a CVSS score of 8.8 that allows attackers to execute…
Nagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution Vulnerability
A high-severity remote code execution vulnerability (CVE-2026-2043) has been identified in Nagios Host that allows authenticated attackers to execute…
Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability
A high-severity remote code execution vulnerability exists in Nagios Host that allows authenticated attackers to execute arbitrary code on affected…
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
A high-severity remote code execution vulnerability (CVE-2025-13845) has been discovered in Schneider Electric EcoStruxure Power Build that allows…
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
A remote code execution vulnerability (CVE-2025-13845) has been discovered in Schneider Electric EcoStruxure Power Build with a CVSS score of 7.8,…
Schneider Electric EcoStruxure Power Build SSD File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2025-13845 is a remote code execution vulnerability affecting Schneider Electric EcoStruxure Power Build that allows attackers to execute…
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
Schneider Electric's EcoStruxure Power Build contains a remote code execution vulnerability (CVE-2025-13845) that allows attackers to execute…
Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnerability
A remote code execution vulnerability in Xmind (CVE-2026-0777) with a high CVSS score of 7.8 allows attackers to execute arbitrary code if users are…
Adobe ColdFusion CAR File Parsing Directory Traversal Remote Code Execution Vulnerability
Adobe ColdFusion contains a vulnerability (CVE-2025-61808) that allows authenticated attackers to execute arbitrary code on affected systems, rated…
Lexmark CX532adwe libesffls Directory Traversal Remote Code Execution Vulnerability
A critical vulnerability in Lexmark CX532adwe printers allows unauthenticated attackers on the same network to execute arbitrary code with a CVSS…
Docker Desktop for Windows Incorrect Permission Assignment Privilege Escalation Vulnerability
Docker Desktop for Windows contains a local privilege escalation vulnerability (CVE-2025-14740) that allows attackers with local access to elevate…
Lexmark CX532adwe esfhelper Untrusted Search Path Local Privilege Escalation Vulnerability
A high-severity privilege escalation vulnerability (CVE-2025-65078) has been identified in Lexmark CX532adwe printers that allows local attackers…
Lexmark CX532adwe execuserobject Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability in Lexmark CX532adwe printers allows unauthenticated network-adjacent attackers to execute arbitrary code with a CVSS score of…
Docker Desktop for Windows Incorrect Permission Assignment Privilege Escalation Vulnerability
Docker Desktop for Windows contains a privilege escalation vulnerability (CVE-2025-14740) that allows local attackers to gain elevated privileges if…
Lexmark CX532adwe getCFFNames Heap-based Buffer Overflow Remote Code Execution Vulnerability
A critical remote code execution vulnerability affects Lexmark CX532adwe printers, allowing network-adjacent attackers to execute arbitrary code…
Lexmark CX532adwe usecmap Type Confusion Remote Code Execution Vulnerability
A critical unauthenticated remote code execution vulnerability (CVE-2025-65080) has been discovered in Lexmark CX532adwe multifunction printers,…
NVIDIA Megatron-LM load_base_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability
NVIDIA's Megatron-LM contains a remote code execution vulnerability (CVE-2026-24149) with a CVSS score of 7.8 that allows attackers to execute…
NVIDIA Triton Inference Server EVBufferToJson Uncaught Exception Denial-of-Service Vulnerability
NVIDIA Triton Inference Server contains a remote denial-of-service vulnerability (CVE-2025-33201) that can be exploited without authentication to…
CyberArk Endpoint Privilege Management Improper Privilege Management Local Privilege Escalation Vulnerability
CVE-2025-66374 is a privilege escalation vulnerability in CyberArk Endpoint Privilege Management that allows local attackers with low-privileged…
Apple macOS AppleIntelKBLGraphics Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2025-43283 is a medium-severity information disclosure vulnerability affecting Apple macOS that allows local attackers with low-privileged code…
Apple Safari JavaScriptCore FTL New Array Materialization Type Confusion Remote Code Execution Vulnerability
Apple Safari contains a remote code execution vulnerability (CVE-2025-46298) that allows attackers to execute arbitrary code on affected systems when…
AzeoTech DAQFactory Pro CTL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
A remote code execution vulnerability (CVE-2025-66589) has been discovered in AzeoTech DAQFactory that allows attackers to execute arbitrary code on…
Progress Software Kemp LoadMaster delcert Command Injection Remote Code Execution Vulnerability
Progress Software's Kemp LoadMaster contains a remote code execution vulnerability (CVE-2025-13447) that allows authenticated network-adjacent…