ZDI Advisories
722 advisoriesZero Day Initiative vulnerability advisories – published disclosures and upcoming publications.
GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution Vulnerability
GFI Archiver contains a critical remote code execution vulnerability (CVE-2026-2037) with a CVSS score of 8.8 that allows attackers to execute…
Cisco
Cisco, a major networking and cybersecurity equipment manufacturer, has a high-severity vulnerability (CVSS 7.2) that can be exploited remotely by…
Cisco
Cisco, a major networking and cybersecurity equipment manufacturer, has a high-severity local privilege escalation vulnerability (CVSS 7.8) that…
pdfforge
PDFforge is a software company known for PDF creation and manipulation tools.
Deciso OPNsense diag_backup.php filename Command Injection Remote Code Execution Vulnerability
Deciso OPNsense contains a code execution vulnerability (CVE-2026-2035) that allows authenticated network-adjacent attackers to execute arbitrary…
Ivanti Endpoint Manager AuthHelper Authentication Bypass Vulnerability
Ivanti Endpoint Manager contains an authentication bypass vulnerability (CVE-2026-1603) that allows remote attackers to gain unauthorized access…
Microsoft Exchange InterceptorSmtpAgent Reliance on Untrusted Inputs Security Feature Bypass Vulnerability
A medium-severity vulnerability in Microsoft Exchange (CVE-2026-21527) allows unauthenticated remote attackers to bypass a security feature without…
Schneider Electric EcoStruxure Power Build SSD File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2025-13845 is a high-severity remote code execution vulnerability in Schneider Electric EcoStruxure Power Build that allows attackers to execute…
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
Schneider Electric EcoStruxure Power Build contains a remote code execution vulnerability (CVE-2025-13845) that allows attackers to execute arbitrary…
GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution Vulnerability
GFI Archiver contains a critical remote code execution vulnerability (CVE-2026-2036) with a CVSS score of 8.8 that allows attackers to execute…
Linux
Linux has a high-severity vulnerability (CVSS 8.2) that requires local access and elevated privileges to exploit, but causes severe impact across…
Cisco
Cisco is a major networking and cybersecurity equipment manufacturer.
Databricks
Databricks, a major cloud data analytics and AI platform company, has a high-severity local vulnerability (CVSS 7.8) that requires no authentication…
Cisco
Cisco is a major networking and cybersecurity company whose products are widely deployed in enterprise environments.
Cisco
Cisco is a major networking and cybersecurity vendor whose products are widely deployed in enterprise environments.
Cisco
Cisco is a major networking and cybersecurity equipment vendor, and this advisory covers a high-severity vulnerability in one of their products.
Cisco
Cisco is a major networking and cybersecurity equipment manufacturer, and this vulnerability affects one of their products with a high CVSS score of…
Apple
This vulnerability affects Apple, a major technology company known for consumer devices and operating systems.
Cisco
Cisco, a major networking and cybersecurity equipment manufacturer, has a high-severity vulnerability (CVSS 7.8) that requires local access and…
Cisco
Cisco, a major networking and cybersecurity company, has a high-severity vulnerability (CVSS 7.5) that can be exploited remotely over the network…
NI
National Instruments (NI) has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but no authentication, allowing an…
DriveLock
DriveLock is a German endpoint security and data protection software vendor.
NoMachine
NoMachine, a remote desktop and access software provider, has a high-severity vulnerability (CVSS 7.8) that requires local access and low-level user…
Krita
Krita is a free, open-source digital painting and illustration software commonly used by artists and designers.
DriveLock
DriveLock is a German endpoint security and data protection vendor.
Krita
Krita is a widely-used open-source digital painting and illustration software.
DriveLock
DriveLock is a German endpoint security and data protection vendor.
DriveLock
DriveLock is a German endpoint security and data protection vendor.
Krita
Krita is a popular open-source digital painting and illustration software application.
Ashlar-Vellum
Ashlar-Vellum is a software company known for CAD and design tools.