Zero Day Initiative Advisories - Page 2

ZDI-26-297 8.8 CVE-2026-25654 Siemens Apr 23, 2026

Siemens SINEC NMS Improper Authentication Privilege Escalation Vulnerability

ZDI-26-294 3.5 Microsoft Apr 21, 2026

Microsoft Windows library-ms NTLM Response Information Disclosure Vulnerability

ZDI-26-295 8.2 PublicCMS Apr 21, 2026

PublicCMS getXml Server-Side Request Forgery Information Disclosure Vulnerability

ZDI-26-293 4.3 Microsoft Apr 21, 2026

Microsoft Office URI Handler NTLM Response Information Disclosure Vulnerability

ZDI-26-277 7.8 CVE-2026-32073 Microsoft Apr 15, 2026

Microsoft Windows afd.sys Race Condition Local Privilege Escalation Vulnerability

ZDI-26-259 7.8 Docker Apr 15, 2026

Docker Desktop cli-plugins Incorrect Permission Assignment Local Privilege Escalation Vulnerability

ZDI-26-276 7.5 CVE-2026-26179 Microsoft Apr 15, 2026

Microsoft Windows Secure Kernel Double Free Local Privilege Escalation Vulnerability

ZDI-26-261 7.5 Docker Apr 15, 2026

Docker Desktop credentialHelper Directory Traversal Privilege Escalation Vulnerability

ZDI-26-278 7.8 CVE-2026-33104 Microsoft Apr 15, 2026

Microsoft Windows win32kfull Improper Locking Local Privilege Escalation Vulnerability

ZDI-26-275 8.8 Microsoft Apr 15, 2026

Microsoft Qlib _mount_nfs_uri Command Injection Remote Code Execution Vulnerability

ZDI-26-281 7.8 CVE-2026-34054 Microsoft Apr 15, 2026

Microsoft vcpkg OpenSSL Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

ZDI-26-280 8.8 CVE-2026-4682 HP Apr 15, 2026

HP DeskJet 2855e JobStatusEvent Stack-based Buffer Overflow Remote Code Execution Vulnerability

ZDI-26-279 7.5 CVE-2026-32183 Microsoft Apr 15, 2026

Microsoft Windows Snipping Tool Improper Input Validation Remote Code Execution Vulnerability

ZDI-26-258 8.2 Docker Apr 15, 2026

Docker Desktop extension-manager Exposed Dangerous Function Local Privilege Escalation Vulnerability

ZDI-26-274 7.8 Microsoft Apr 15, 2026

Microsoft Qlib fit Deserialization of Untrusted Data Remote Code Execution Vulnerability

ZDI-26-273 7.8 Microsoft Apr 15, 2026

Microsoft Olive Deserialization of Untrusted Data Remote Code Execution Vulnerability

ZDI-26-270 9.8 CVE-2025-54987 TrendAI Apr 15, 2026

TrendAI Apex One Console Directory Traversal Remote Code Execution Vulnerability

ZDI-26-284 7.5 CVE-2026-5487 DriveLock Apr 15, 2026

DriveLock Directory Traversal Information Disclosure Vulnerability

ZDI-26-285 5.3 CVE-2026-5489 DriveLock Apr 15, 2026

DriveLock Directory Traversal Information Disclosure Vulnerability

ZDI-26-283 7.8 CVE-2026-5056 GStreamer Apr 15, 2026

GStreamer qtdemux Stack-based Buffer Overflow Remote Code Execution Vulnerability

ZDI-26-272 7.5 CVE-2026-5057 ATEN Apr 15, 2026

ATEN Unizon RpcProvider Missing Authentication Denial-of-Service Vulnerability

ZDI-26-286 8.8 CVE-2026-5490 DriveLock Apr 15, 2026

DriveLock SQL Injection Privilege Escalation Vulnerability

ZDI-26-282 7.8 CVE-2026-2050 GIMP Apr 15, 2026

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

ZDI-26-289 7.5 CVE-2025-71066 Linux Apr 15, 2026

Linux Kernel ETS Scheduler Race Condition Local Privilege Escalation Vulnerability

ZDI-26-267 7.8 Malwarebytes Apr 15, 2026

Malwarebytes Anti-Malware Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

ZDI-26-288 6.5 CVE-2026-5492 DriveLock Apr 15, 2026

DriveLock Directory Traversal Information Disclosure Vulnerability

ZDI-26-268 7.8 CVE-2026-25203 Samsung Apr 15, 2026

Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability

ZDI-26-260 7.5 Docker Apr 15, 2026

Docker Desktop System Editor Uncontrolled Search Path Element Privilege Escalation Vulnerability

ZDI-26-287 7.5 CVE-2026-5491 DriveLock Apr 15, 2026

DriveLock Directory Traversal Information Disclosure Vulnerability

ZDI-26-262 5.4 CVE-2026-34619 Adobe Apr 15, 2026

Adobe ColdFusion deleteVersion Directory Traversal Arbitrary File Deletion Vulnerability

ZDI Advisories