ZDI Advisories
722 advisoriesZero Day Initiative vulnerability advisories – published disclosures and upcoming publications.
TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
CVE-2026-2492 is a high-severity privilege escalation vulnerability in TensorFlow that allows local attackers with low-privileged code execution to…
PDF-XChange Editor TrackerUpdate Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
PDF-XChange Editor contains a local privilege escalation vulnerability (CVE-2026-2040) rated as HIGH severity with a CVSS score of 7.3.
Bosch Rexroth IndraWorks Print Settings File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability
Bosch Rexroth IndraWorks contains a remote code execution vulnerability (CVE-2025-60037) that allows attackers to execute arbitrary code if a user…
pdfforge
pdfforge is a software company known for PDF creation and manipulation tools.
GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
A remote code execution vulnerability has been discovered in GIMP (CVE-2026-2047) with a high CVSS score of 7.8, allowing attackers to execute…
aeon
This vulnerability affects aeon, a vendor whose specific product line is not widely documented in major security databases.
Flowise
Flowise is an open-source low-code platform for building AI applications and chatbots.
Apple
Apple has a high-severity vulnerability (CVSS 7.8) that requires local access to a user's device but no authentication or user privileges to exploit,…
Apple
Apple has a low-severity local vulnerability (CVSS 3.3) that requires user interaction to exploit but poses minimal risk, affecting only…
MLflow Use of Default Password Authentication Bypass Vulnerability
MLflow contains a critical authentication bypass vulnerability (CVE-2026-2635) with a CVSS score of 9.8 that allows unauthenticated remote attackers…
Bosch Rexroth IndraWorks UA.TestClient XML File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability
Bosch Rexroth IndraWorks contains a remote code execution vulnerability (CVE-2025-60036) that allows attackers to execute arbitrary code if a user…
Dassault Systèmes eDrawings Viewer EPRT File Parsing Uninitialized Variable Remote Code Execution Vulnerability
A remote code execution vulnerability (CVE-2026-1333) exists in Dassault Systèmes eDrawings Viewer that allows attackers to execute arbitrary code if…
Dassault Systèmes eDrawings Viewer EPRT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
A high-severity remote code execution vulnerability (CVE-2026-1335) affects Dassault Systèmes eDrawings Viewer, allowing attackers to execute…
aeon
This vulnerability affects Aeon, a vendor whose specific product details aren't widely established in public databases.
X.Org
X.Org is the open-source organization behind the X Window System, a fundamental display server used across Linux and Unix environments.
RustDesk Client for Windows Transfer File Link Following Information Disclosure Vulnerability
RustDesk Client for Windows contains a local information disclosure vulnerability (CVE-2026-2490) that allows attackers with low-privileged code…
GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
GIMP contains a remote code execution vulnerability (CVE-2026-2045) with a CVSS score of 7.8 that allows attackers to execute arbitrary code if a…
GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability
GIMP contains a remote code execution vulnerability (CVE-2026-2044, CVSS 7.8) that allows attackers to execute arbitrary code when a user opens a…
Fortinet FortiClient VPN FCConfig Utility Link Following Local Privilege Escalation Vulnerability
Fortinet FortiClient VPN contains a local privilege escalation vulnerability (CVE-2025-62676) that allows attackers with low-level code execution to…
Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
A high-severity remote code execution vulnerability (CVE-2026-0874) exists in Autodesk AutoCAD that allows attackers to execute arbitrary code when…
Autodesk AutoCAD MODEL File Out-Of-Bounds Write Remote Code Execution Vulnerability
Autodesk AutoCAD contains a remote code execution vulnerability (CVE-2026-0875) rated CVSS 7.8 that allows attackers to execute arbitrary code if…
X.Org
X.Org is the open-source implementation of the X Window System, the foundational display server for Linux and Unix graphical interfaces.
X.Org
X.Org is the widely-used open-source display server software that manages graphics and input on Linux and Unix systems.
aeon
This vulnerability affects Aeon, a vendor in the industrial automation and IoT device space.
X.Org
X.Org is the widely-used open-source display server that manages graphical output on Linux and Unix systems.
Oracle VirtualBox VMSVGA Out-Of-Bounds Access Local Privilege Escalation Vulnerability
A privilege escalation vulnerability exists in Oracle VirtualBox (CVE-2026-21956) that allows attackers with high-privileged code execution on a…
Dassault Systèmes eDrawings Viewer EPRT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
A high-severity remote code execution vulnerability (CVE-2026-1284) has been discovered in Dassault Systèmes eDrawings Viewer that allows attackers…
Dassault Systèmes eDrawings Viewer EPRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
A high-severity remote code execution vulnerability (CVE-2026-1283) has been discovered in Dassault Systèmes eDrawings Viewer that allows attackers…
Oracle VirtualBox VMSVGA Heap-based Buffer Overflow Local Privilege Escalation Vulnerability
A privilege escalation vulnerability has been discovered in Oracle VirtualBox (CVE-2026-21983) that allows local attackers with high-privileged code…
Oracle VirtualBox VMSVGA Out-Of-Bounds Write Local Privilege Escalation Vulnerability
CVE-2026-21957 is a privilege escalation vulnerability in Oracle VirtualBox that allows local attackers with high-privileged code execution on a…