ZDI Advisories
722 advisoriesZero Day Initiative vulnerability advisories – published disclosures and upcoming publications.
Krita
Krita is a popular open-source digital painting and illustration software.
DriveLock
DriveLock is a German endpoint security and data protection company known for device control and encryption solutions.
NoMachine
NoMachine, a remote desktop and access software vendor, has a high-severity vulnerability (CVSS 7.1) that requires local access and low-level user…
Delta Electronics
Delta Electronics, a major manufacturer of power supplies and industrial automation components, has a high-severity vulnerability (CVSS 7.8) that…
Adobe ColdFusion CAR File Parsing Directory Traversal Remote Code Execution Vulnerability
Adobe ColdFusion contains a vulnerability (CVE-2025-61808) that allows authenticated attackers to execute arbitrary code on affected systems, rated…
Krita
Krita is a popular open-source digital painting and illustration software application.
Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnerability
A remote code execution vulnerability in Xmind (CVE-2026-0777) with a high CVSS score of 7.8 allows attackers to execute arbitrary code if users are…
Hugging Face
Hugging Face is a well-known AI/machine learning platform that provides pretrained models and collaborative tools for developers.
DeepSpeed
DeepSpeed is a deep learning optimization library developed by Microsoft for training large-scale AI models.
NVIDIA
NVIDIA, a leading manufacturer of graphics processors and AI computing hardware, has a high-severity local vulnerability (CVSS 7.8) that requires…
npm
npm is the largest package manager for JavaScript and Node.js, used by millions of developers worldwide.
Docker Desktop for Windows Incorrect Permission Assignment Privilege Escalation Vulnerability
Docker Desktop for Windows contains a local privilege escalation vulnerability (CVE-2025-14740) that allows attackers with local access to elevate…
Lexmark CX532adwe usecmap Type Confusion Remote Code Execution Vulnerability
A critical unauthenticated remote code execution vulnerability (CVE-2025-65080) has been discovered in Lexmark CX532adwe multifunction printers,…
Lexmark CX532adwe getCFFNames Heap-based Buffer Overflow Remote Code Execution Vulnerability
A critical remote code execution vulnerability affects Lexmark CX532adwe printers, allowing network-adjacent attackers to execute arbitrary code…
Lexmark CX532adwe esfhelper Untrusted Search Path Local Privilege Escalation Vulnerability
A high-severity privilege escalation vulnerability (CVE-2025-65078) has been identified in Lexmark CX532adwe printers that allows local attackers…
Lexmark CX532adwe libesffls Directory Traversal Remote Code Execution Vulnerability
A critical vulnerability in Lexmark CX532adwe printers allows unauthenticated attackers on the same network to execute arbitrary code with a CVSS…
NVIDIA
NVIDIA is a major technology company known for graphics processors, AI chips, and data center hardware.
Intel
Intel, a major semiconductor and processor manufacturer, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but no…
Lexmark CX532adwe execuserobject Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability in Lexmark CX532adwe printers allows unauthenticated network-adjacent attackers to execute arbitrary code with a CVSS score of…
MLflow
MLflow is an open-source machine learning platform used for experiment tracking and model management.
verl
This advisory concerns a high-severity vulnerability (CVSS 7.8) in Verl, a lesser-known vendor product.
Docker Desktop for Windows Incorrect Permission Assignment Privilege Escalation Vulnerability
Docker Desktop for Windows contains a privilege escalation vulnerability (CVE-2025-14740) that allows local attackers to gain elevated privileges if…
Microsoft
Microsoft has a medium-severity information disclosure vulnerability (CVSS 4.3) that can be exploited remotely by an unauthenticated attacker through…
Hugging Face
Hugging Face is a well-known AI/ML platform that hosts machine learning models and provides collaborative tools for developers.
npm
npm is the JavaScript package manager and repository used by millions of developers worldwide.
verl
A high-severity vulnerability (CVSS 7.8) has been discovered in Verl, affecting the confidentiality, integrity, and availability of systems.
NVIDIA Megatron-LM load_base_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability
NVIDIA's Megatron-LM contains a remote code execution vulnerability (CVE-2026-24149) with a CVSS score of 7.8 that allows attackers to execute…
NVIDIA Triton Inference Server EVBufferToJson Uncaught Exception Denial-of-Service Vulnerability
NVIDIA Triton Inference Server contains a remote denial-of-service vulnerability (CVE-2025-33201) that can be exploited without authentication to…
Apple macOS AppleIntelKBLGraphics Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2025-43283 is a medium-severity information disclosure vulnerability affecting Apple macOS that allows local attackers with low-privileged code…
Apple Safari JavaScriptCore FTL New Array Materialization Type Confusion Remote Code Execution Vulnerability
Apple Safari contains a remote code execution vulnerability (CVE-2025-46298) that allows attackers to execute arbitrary code on affected systems when…