Skip to main content

ZDI Advisories

1275 advisories

Zero Day Initiative vulnerability advisories – published disclosures and upcoming publications.

ZDI-CAN-29409 7.8 Upcoming – 10d Adobe Mar 30, 2026

Adobe

Adobe, a major software company known for creative and productivity applications, has a high-severity local vulnerability (CVSS 7.8) that requires…

ZDI-CAN-29522 7.8 Upcoming – 10d libgme Mar 30, 2026

libgme

libgme is an audio processing library used for video game music emulation and playback.

ZDI-26-246 9.8 CVE-2026-5058 aws-mcp-server Mar 30, 2026

aws-mcp-server Command Injection Remote Code Execution Vulnerability

ZDI-CAN-29939 7.8 Upcoming – 10d MLflow Mar 30, 2026

MLflow

MLflow, an open-source machine learning platform for experiment tracking and model management, has a high-severity vulnerability (CVSS 7.8) that…

ZDI-CAN-29494 3.3 Upcoming – 10d Foxit Mar 30, 2026

Foxit

Foxit is a well-known provider of PDF software and solutions, including PDF readers and editors used across enterprises.

ZDI-26-247 7.1 CVE-2026-5053 NoMachine Mar 30, 2026

NoMachine External Control of File Path Arbitrary File Deletion Vulnerability

ZDI-26-249 7.8 CVE-2026-5055 NoMachine Mar 30, 2026

NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

ZDI-26-239 5.6 CVE-2025-62844 QNAP Mar 30, 2026

QNAP QHora-322 login.newAuthMiddleware.Authenticator Authentication Bypass Vulnerability

QNAP QHora-322 routers contain an authentication bypass vulnerability (CVE-2025-62844) that allows remote attackers to access the device without…

ZDI-26-232 8.8 CVE-2025-40277 Red Mar 30, 2026

Red Hat Enterprise Linux vmwgfx Driver Integer Overflow Local Privilege Escalation Vulnerability

A privilege escalation vulnerability identified as CVE-2025-40277 affects Red Hat Enterprise Linux, allowing local attackers with low-privileged code…

ZDI-26-230 8.8 CVE-2026-20690 Apple Mar 30, 2026

Apple macOS CoreMedia Framework Out-Of-Bounds Write Remote Code Execution Vulnerability

Apple macOS contains a remote code execution vulnerability (CVE-2026-20690) with a CVSS score of 8.8 that allows attackers to execute arbitrary code…

ZDI-26-227 6.5 CVE-2026-3689 OpenClaw Mar 30, 2026

OpenClaw Canvas Path Traversal Information Disclosure Vulnerability

OpenClaw contains a medium-severity information disclosure vulnerability (CVE-2026-3689, CVSS 6.5) that allows authenticated remote attackers to…

ZDI-26-228 7.4 CVE-2026-3690 OpenClaw Mar 30, 2026

OpenClaw Canvas Authentication Bypass Vulnerability

OpenClaw contains a critical authentication bypass vulnerability (CVE-2026-3690) that allows unauthenticated remote attackers to gain unauthorized…

ZDI-26-236 7.8 CVE-2026-0954 Digilent Mar 30, 2026

Digilent DASYLab DSB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Digilent DASYLab contains a remote code execution vulnerability (CVE-2026-0954) that allows attackers to execute arbitrary code on affected systems…

ZDI-26-244 5.0 CVE-2024-13088 QNAP Mar 30, 2026

QNAP QHora-322 miro_webserver_controllers_api_login_singIn Authentication Bypass Vulnerability

QNAP QHora-322 routers contain an authentication bypass vulnerability (CVE-2024-13088) that allows network-adjacent attackers to gain unauthorized…

ZDI-26-243 6.8 CVE-2025-62842 QNAP Mar 30, 2026

QNAP TS-453E write_file_to_svr External Control of File Path Remote Code Execution Vulnerability

QNAP TS-453E devices contain a code execution vulnerability (CVE-2025-62842) that can be exploited by network-adjacent attackers who can bypass the…

ZDI-26-231 3.8 CVE-2026-20695 Apple Mar 30, 2026

Apple macOS Exposure of Sensitive Information to Unauthorized Sphere Information Disclosure Vulnerability

CVE-2026-20695 is a local information disclosure vulnerability affecting Apple macOS that requires an attacker to already have low-privileged code…

ZDI-26-242 3.5 CVE-2025-62840 QNAP Mar 30, 2026

QNAP TS-453E server_handlers.pyc rr2s.kwargs Error Message Information Disclosure Vulnerability

A network-adjacent attacker can bypass authentication on QNAP TS-453E NAS devices to disclose sensitive information, despite the normally required…

ZDI-26-238 7.8 CVE-2023-6270 Linux Mar 30, 2026

Linux Kernel AoE Driver Use-After-Free Local Privilege Escalation Vulnerability

This vulnerability is a privilege escalation flaw in the Linux Kernel (CVE-2023-6270) that allows local attackers with low-level code execution to…

ZDI-26-234 7.8 CVE-2026-0956 Digilent Mar 30, 2026

Digilent DASYLab DSA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Digilent DASYLab contains a remote code execution vulnerability (CVE-2026-0956) that allows attackers to execute arbitrary code on affected systems…

ZDI-26-241 8.8 CVE-2025-62846 QNAP Mar 30, 2026

QNAP QHora-322 qvpn_db_mgr username SQL Injection Remote Code Execution Vulnerability

A critical vulnerability in QNAP QHora-322 routers (CVE-2025-62846) allows remote attackers to execute arbitrary code despite the presence of…

ZDI-26-240 6.3 CVE-2025-62845 QNAP Mar 30, 2026

QNAP QHora-322 qvpn_db_mgr role_type Improper Neutralization of Escape Sequences Authentication Bypass Vulnerability

QNAP QHora-322 routers contain an authentication bypass vulnerability (CVE-2025-62845) that allows remote attackers to circumvent the device's…

ZDI-26-237 6.3 CVE-2025-62843 QNAP Mar 30, 2026

QNAP QHora-322 ip6_wanifset Improper Restriction of Communication Channel to Intended Endpoints Firewall Bypass Vulnerability

QNAP QHora-322 routers contain a firewall bypass vulnerability (CVE-2025-62843) that allows network-adjacent attackers to circumvent configured…

ZDI-26-229 5.3 CVE-2026-3691 OpenClaw Mar 30, 2026

OpenClaw Client PKCE Verifier Information Disclosure Vulnerability

OpenClaw contains a credential disclosure vulnerability (CVE-2026-3691) that allows remote attackers to access stored credentials when a user…

ZDI-CAN-29790 8.5 Upcoming – 10d Linux Mar 30, 2026

Linux

Linux is the open-source operating system kernel used across servers, desktops, and embedded systems worldwide.

ZDI-26-245 9.8 CVE-2026-5059 aws-mcp-server Mar 30, 2026

aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability

ZDI-CAN-29838 6.4 Upcoming – 10d LiteLLM Mar 30, 2026

LiteLLM

LiteLLM is an open-source library that provides a unified interface for large language model APIs.

ZDI-CAN-29299 7.5 Upcoming – 10d OpenPrinting Mar 30, 2026

OpenPrinting

OpenPrinting is a widely-used open-source printing system commonly integrated into Linux distributions and enterprise print servers.

ZDI-CAN-29413 7.5 Upcoming – 10d Linux Mar 30, 2026

Linux

A high-severity vulnerability (CVSS 7.5) has been discovered in Linux that requires local access and high-level privileges to exploit, but can result…

ZDI-CAN-29491 7.8 Upcoming – 10d Foxit Mar 30, 2026

Foxit

Foxit is a well-known software company specializing in PDF readers and document management solutions.

ZDI-26-233 7.8 CVE-2026-0955 Digilent Mar 30, 2026

Digilent DASYLab DSA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Digilent DASYLab contains a remote code execution vulnerability (CVE-2026-0955) rated HIGH with a CVSS score of 7.8 that allows attackers to execute…

Prev Page 24 of 43 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy