ZDI Advisories
722 advisoriesZero Day Initiative vulnerability advisories – published disclosures and upcoming publications.
AzeoTech DAQFactory Pro CTL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
A remote code execution vulnerability (CVE-2025-66589) has been discovered in AzeoTech DAQFactory that allows attackers to execute arbitrary code on…
Apple
Apple, a major technology company known for iPhones, Macs, and iOS/macOS operating systems, has a high-severity vulnerability (CVSS 8.8) reported by…
CyberArk Endpoint Privilege Management Improper Privilege Management Local Privilege Escalation Vulnerability
CVE-2025-66374 is a privilege escalation vulnerability in CyberArk Endpoint Privilege Management that allows local attackers with low-privileged…
Adobe
Adobe has released a high-severity vulnerability (CVSS 7.8) affecting one of their products that requires local access and user interaction to…
Progress Software Kemp LoadMaster addapikey Command Injection Remote Code Execution Vulnerability
Progress Software's Kemp LoadMaster contains a code execution vulnerability (CVE-2025-13447) that allows authenticated network-adjacent attackers to…
Progress Software Kemp LoadMaster listapikeys Command Injection Remote Code Execution Vulnerability
Progress Software's Kemp LoadMaster contains a code execution vulnerability (CVE-2025-13447) that allows authenticated network-adjacent attackers to…
Progress Software Kemp LoadMaster getcipherset Command Injection Remote Code Execution Vulnerability
Progress Software's Kemp LoadMaster contains a code execution vulnerability (CVE-2025-13444) that allows authenticated network-adjacent attackers to…
Progress Software Kemp LoadMaster delapikey OS Command Injection Remote Code Execution Vulnerability
Progress Software's Kemp LoadMaster contains a remote code execution vulnerability (CVE-2025-13447) that allows authenticated attackers to execute…
Progress Software Kemp LoadMaster delcert Command Injection Remote Code Execution Vulnerability
Progress Software's Kemp LoadMaster contains a remote code execution vulnerability (CVE-2025-13447) that allows authenticated network-adjacent…
Medplum
Medplum is a healthcare data platform that manages patient records and medical information systems.
GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
A high-severity remote code execution vulnerability (CVE-2026-0797, CVSS 7.8) has been discovered in GIMP that allows attackers to execute arbitrary…
Medplum
Medplum is a healthcare data platform that manages patient health records and medical information systems.
ATEN
ATEN is a Taiwan-based manufacturer of IT infrastructure and KVM switch products widely used in data centers and enterprise environments.
Cisco Snort _bnfa_search_csparse_nfa Use-After-Free Remote Code Execution Vulnerability
Cisco Snort contains a critical remote code execution vulnerability (CVE-2026-20026, CVSS 9.8) that allows unauthenticated attackers to execute…
Hancom Office DOC File Parsing Type Confusion Remote Code Execution Vulnerability
Hancom Office contains a remote code execution vulnerability (CVE-2025-29867) that allows attackers to execute arbitrary code if a user opens a…
Fortinet FortiSandbox fortisandbox Server-Side Request Forgery Remote Code Execution Vulnerability
Fortinet FortiSandbox contains a high-severity information disclosure vulnerability (CVE-2025-67685, CVSS 8.8) that allows authenticated remote…
Cisco Snort _bnfa_search_csparse_nfa Out-Of-Bounds Read Information Disclosure Vulnerability
Cisco Snort contains a medium-severity information disclosure vulnerability (CVE-2026-20027) that allows unauthenticated remote attackers to access…
Delta Electronics DIAView Exposed Dangerous Method Remote Code Execution Vulnerability
Delta Electronics DIAView contains a remote code execution vulnerability (CVE-2026-0975) that allows attackers to execute arbitrary code on affected…
pdfforge
pdfforge is a vendor known for PDF manipulation and conversion software tools.
Delta Electronics
Delta Electronics, a major industrial automation and power management company, has a high-severity local vulnerability (CVSS 7.8) that requires user…
Siemens
Siemens, a major industrial automation and control systems manufacturer, has a high-severity vulnerability (CVSS 8.8) that can be exploited remotely…
Netdata
Netdata is a popular open-source real-time system monitoring and visualization platform.
QNAP
QNAP is a leading manufacturer of network-attached storage (NAS) devices used by businesses and consumers for data backup and management.
Ashlar-Vellum
Ashlar-Vellum is a software company known for design and visualization tools used in architecture and engineering.
NI
National Instruments (NI) has a high-severity vulnerability (CVSS 7.8) that requires local access and user interaction to exploit, but when…
Linux
A medium-severity vulnerability (CVSS 6.7) has been discovered in Linux that requires local access and high-level privileges to exploit, resulting in…
Linux
A high-severity vulnerability (CVSS 8.2) has been discovered in Linux that requires local access and high-level privileges to exploit, but once…
Microsoft
Microsoft has released a medium-severity vulnerability (CVSS 4.4) that requires local access and low-level user privileges to exploit, with no user…
Microsoft
Microsoft has disclosed a high-severity vulnerability (CVSS 7.8) that requires local access and low-level user privileges to exploit, but delivers…
Docker
A high-severity privilege escalation vulnerability (CVSS 8.8) has been discovered in Docker, the widely-used containerization platform, requiring…