ZDI Advisories
722 advisoriesZero Day Initiative vulnerability advisories – published disclosures and upcoming publications.
IceWarp collaboration Directory Traversal Information Disclosure Vulnerability
IceWarp contains a high-severity information disclosure vulnerability (CVE-2026-2493) that allows unauthenticated remote attackers to access…
Siemens SINEC NMS Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
A privilege escalation vulnerability exists in Siemens SINEC NMS that allows local attackers with low-level code execution capabilities to elevate…
Ubiquiti Networks AI Pro Uncaught Exception Denial-of-Service Vulnerability
A denial-of-service vulnerability affecting Ubiquiti Networks AI Pro allows network-adjacent attackers to crash or disable the device without…
Ubiquiti Networks AI Pro Cleartext Transmission Information Disclosure Vulnerability
Ubiquiti Networks AI Pro contains an information disclosure vulnerability (CVE-2026-21633) that allows nearby network attackers to access sensitive…
AOMEI
AOMEI is a software vendor known for backup, cloning, and disk management utilities commonly used in enterprise and consumer environments.
Parallels
Parallels, a well-known provider of virtualization and desktop management software, has a high-severity vulnerability (CVSS 7.8) that requires local…
Parallels
Parallels, known for virtualization and remote access software, has a high-severity vulnerability (CVSS 7.8) that requires local access and valid…
Siemens SINEC NMS Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
A local privilege escalation vulnerability has been discovered in Siemens SINEC NMS (CVE-2026-25655) that allows attackers with low-level code…
Microsoft
Microsoft has a high-severity local privilege escalation vulnerability (CVSS 7.8) that requires local access and low-level user privileges to…
Ubiquiti Networks AI Pro Discovery Protocol Missing Encryption Protocol Downgrade Vulnerability
Ubiquiti Networks AI Pro contains a medium-severity protocol downgrade vulnerability (CVE-2026-21633) that allows network-adjacent attackers to force…
Docker Desktop grpcfuse Kernel Module Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2026-2664 is a medium-severity information disclosure vulnerability in Docker Desktop that allows local attackers with low-privileged code…
claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vulnerability
Claude-hovercraft contains a critical remote code execution vulnerability (CVE-2025-15060) that allows unauthenticated attackers to execute arbitrary…
Docker
Docker, a leading containerization platform, has a high-severity vulnerability (CVSS 8.8) that requires local access and low-level user privileges to…
AOMEI
AOMEI, known for backup and disk utility software, has a high-severity vulnerability (CVSS 7.5) that allows unauthenticated remote attackers to…
Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability
A medium-severity authentication bypass vulnerability (CVE-2026-2491) affects Socomec DIRIS A-40 power monitoring devices, allowing network-adjacent…
Parallels
Parallels, known for virtualization and desktop software solutions, has a high-severity vulnerability (CVSS 7.8) that requires local access and…
OpenAI
OpenAI, the artificial intelligence company behind ChatGPT and related AI services, has a high-severity local vulnerability (CVSS 8.6) that requires…
Meta
Meta, the parent company of Facebook, Instagram, and WhatsApp, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but…
Flowise
Flowise is an open-source low-code platform for building AI applications, and this vulnerability has a high severity rating of 8.8.
Adobe
Adobe, a major software vendor known for creative and productivity applications, has a high-severity local vulnerability (CVSS 7.8) that requires…
Docker Desktop MCP Server Cleartext Storage of Sensitive Information Vulnerability
Docker Desktop contains a local information disclosure vulnerability (ZDI-26-123) that allows low-privileged attackers to access sensitive…
Progress Software
Progress Software is a well-known vendor of enterprise application development and management solutions.
Progress Software
Progress Software is a well-known vendor of enterprise integration, workflow automation, and database solutions widely used across organizations…
n8n
n8n, a popular open-source workflow automation and integration platform, contains a critical remote code execution vulnerability with a CVSS score of…
Hong Kong University Data Intelligence Lab
A critical vulnerability (CVSS 9.3) has been discovered in the Hong Kong University Data Intelligence Lab's products or services, which focuses on…
Hong Kong University Data Intelligence Lab
Hong Kong University Data Intelligence Lab has a high-severity vulnerability (CVSS 7.5) that allows remote attackers to gain unauthorized access to…
n8n
n8n is a workflow automation platform that allows users to connect and automate tasks across multiple applications.
GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
GIMP contains a remote code execution vulnerability (CVE-2026-2048) rated as HIGH severity with a CVSS score of 7.8 that allows attackers to execute…
Bosch Rexroth IndraWorks OPC.TestClient XML File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability
A high-severity remote code execution vulnerability (CVE-2025-60035) has been identified in Bosch Rexroth IndraWorks that allows attackers to execute…
Dassault Systèmes eDrawings Viewer EPRT File Parsing Memory Corruption Remote Code Execution Vulnerability
A high-severity remote code execution vulnerability (CVE-2026-1334) has been identified in Dassault Systèmes eDrawings Viewer that allows attackers…