ZDI Advisories
722 advisoriesZero Day Initiative vulnerability advisories – published disclosures and upcoming publications.
Oracle VirtualBox LsiLogic Uninitialized Memory Information Disclosure Vulnerability
Oracle VirtualBox contains a local information disclosure vulnerability (CVE-2026-21985) that allows privileged attackers to access sensitive data on…
Oracle VirtualBox VMSVGA Race Condition Local Privilege Escalation Vulnerability
Oracle VirtualBox contains a privilege escalation vulnerability (CVE-2026-21984) that allows local attackers with high-privileged code execution on a…
MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability
MLflow Tracking Server contains a remote code execution vulnerability (CVE-2026-2033) that allows unauthenticated attackers to execute arbitrary code…
Sante DICOM Viewer Pro DCM File Parsing Buffer Overflow Remote Code Execution Vulnerability
A remote code execution vulnerability (CVE-2026-2034) has been identified in Sante DICOM Viewer Pro, rated as HIGH severity with a CVSS score of 7.8.
Oracle VirtualBox VMSVGA Use-After-Free Local Privilege Escalation Vulnerability
CVE-2026-21955 is a privilege escalation vulnerability affecting Oracle VirtualBox that allows local attackers with high-privilege code execution on…
Oracle VirtualBox BusLogic Uninitialized Memory Information Disclosure Vulnerability
Oracle VirtualBox contains a local information disclosure vulnerability (CVE-2026-21963) that allows attackers with high-privilege code execution on…
Microsoft Windows searchConnector-ms NTLM Response Information Disclosure Vulnerability
This vulnerability in Microsoft Windows allows attackers to capture and disclose NTLM authentication responses, a critical component used for network…
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
Schneider Electric EcoStruxure Power Build contains a remote code execution vulnerability (CVE-2025-13845) that allows attackers to execute arbitrary…
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
A high-severity remote code execution vulnerability (CVE-2025-13845) affects Schneider Electric EcoStruxure Power Build, allowing attackers to…
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-13845 is a high-severity remote code execution vulnerability in Schneider Electric EcoStruxure Power Build that allows attackers to execute…
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
Schneider Electric EcoStruxure Power Build contains a remote code execution vulnerability (CVE-2025-13845) that allows attackers to execute arbitrary…
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-13845 is a high-severity remote code execution vulnerability in Schneider Electric EcoStruxure Power Build that requires user interaction,…
Nagios Host zabbixagent_configwizard_func Command Injection Remote Code Execution Vulnerability
A high-severity remote code execution vulnerability exists in Nagios Host (CVE-2026-2041) that allows authenticated attackers to execute arbitrary…
GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability
GFI Archiver contains an authentication bypass vulnerability (CVE-2026-2038) that allows remote attackers to gain unauthorized access without…
GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability
GFI Archiver contains an authentication bypass vulnerability (CVE-2026-2039) that allows remote attackers to gain unauthorized access without valid…
Ivanti Endpoint Manager ROI SQL Injection Remote Code Execution Vulnerability
Ivanti Endpoint Manager contains a high-severity vulnerability (CVE-2026-1602, CVSS 7.2) that allows authenticated remote attackers to execute…
Microsoft Windows win32kfull Use-After-Free Local Privilege Escalation Vulnerability
A local privilege escalation vulnerability in Microsoft Windows (CVE-2026-21235) allows attackers with low-level code execution capabilities to gain…
G DATA
G DATA is a well-known German cybersecurity and antivirus software company.
Gen Digital
Gen Digital, known for Norton antivirus and LifeLock identity protection services, has a high-severity local privilege escalation vulnerability (CVSS…
Cisco
Cisco is a major networking and cybersecurity company whose products are widely deployed in enterprise environments.
Cisco
Cisco, a major networking and cybersecurity equipment manufacturer, has a local privilege escalation vulnerability (CVE pending) with a high CVSS…
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
Schneider Electric's EcoStruxure Power Build contains a remote code execution vulnerability (CVE-2025-13845) that allows attackers to execute…
Schneider Electric EcoStruxure Power Build SSD File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2025-13845 is a remote code execution vulnerability affecting Schneider Electric EcoStruxure Power Build that allows attackers to execute…
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
A remote code execution vulnerability (CVE-2025-13845) has been discovered in Schneider Electric EcoStruxure Power Build with a CVSS score of 7.8,…
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
A high-severity remote code execution vulnerability (CVE-2025-13845) has been discovered in Schneider Electric EcoStruxure Power Build that allows…
G DATA
G DATA is a well-known German antivirus and cybersecurity software company.
DeepSpeed
DeepSpeed is an AI/machine learning optimization library developed by Microsoft that accelerates training of large language models.
Heimdall Data
Heimdall Data is a database security and encryption company. This high-severity vulnerability (CVSS 7.2) can be exploited remotely by an…
Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability
A high-severity remote code execution vulnerability exists in Nagios Host that allows authenticated attackers to execute arbitrary code on affected…
Nagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution Vulnerability
A high-severity remote code execution vulnerability (CVE-2026-2043) has been identified in Nagios Host that allows authenticated attackers to execute…