ZDI Advisories
1275 advisoriesZero Day Initiative vulnerability advisories – published disclosures and upcoming publications.
Adobe
Adobe, a major software company known for creative and productivity applications, has a high-severity local vulnerability (CVSS 7.8) that requires…
libgme
libgme is an audio processing library used for video game music emulation and playback.
aws-mcp-server Command Injection Remote Code Execution Vulnerability
MLflow
MLflow, an open-source machine learning platform for experiment tracking and model management, has a high-severity vulnerability (CVSS 7.8) that…
Foxit
Foxit is a well-known provider of PDF software and solutions, including PDF readers and editors used across enterprises.
NoMachine External Control of File Path Arbitrary File Deletion Vulnerability
NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
QNAP QHora-322 login.newAuthMiddleware.Authenticator Authentication Bypass Vulnerability
QNAP QHora-322 routers contain an authentication bypass vulnerability (CVE-2025-62844) that allows remote attackers to access the device without…
Red Hat Enterprise Linux vmwgfx Driver Integer Overflow Local Privilege Escalation Vulnerability
A privilege escalation vulnerability identified as CVE-2025-40277 affects Red Hat Enterprise Linux, allowing local attackers with low-privileged code…
Apple macOS CoreMedia Framework Out-Of-Bounds Write Remote Code Execution Vulnerability
Apple macOS contains a remote code execution vulnerability (CVE-2026-20690) with a CVSS score of 8.8 that allows attackers to execute arbitrary code…
OpenClaw Canvas Path Traversal Information Disclosure Vulnerability
OpenClaw contains a medium-severity information disclosure vulnerability (CVE-2026-3689, CVSS 6.5) that allows authenticated remote attackers to…
OpenClaw Canvas Authentication Bypass Vulnerability
OpenClaw contains a critical authentication bypass vulnerability (CVE-2026-3690) that allows unauthenticated remote attackers to gain unauthorized…
Digilent DASYLab DSB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Digilent DASYLab contains a remote code execution vulnerability (CVE-2026-0954) that allows attackers to execute arbitrary code on affected systems…
QNAP QHora-322 miro_webserver_controllers_api_login_singIn Authentication Bypass Vulnerability
QNAP QHora-322 routers contain an authentication bypass vulnerability (CVE-2024-13088) that allows network-adjacent attackers to gain unauthorized…
QNAP TS-453E write_file_to_svr External Control of File Path Remote Code Execution Vulnerability
QNAP TS-453E devices contain a code execution vulnerability (CVE-2025-62842) that can be exploited by network-adjacent attackers who can bypass the…
Apple macOS Exposure of Sensitive Information to Unauthorized Sphere Information Disclosure Vulnerability
CVE-2026-20695 is a local information disclosure vulnerability affecting Apple macOS that requires an attacker to already have low-privileged code…
QNAP TS-453E server_handlers.pyc rr2s.kwargs Error Message Information Disclosure Vulnerability
A network-adjacent attacker can bypass authentication on QNAP TS-453E NAS devices to disclose sensitive information, despite the normally required…
Linux Kernel AoE Driver Use-After-Free Local Privilege Escalation Vulnerability
This vulnerability is a privilege escalation flaw in the Linux Kernel (CVE-2023-6270) that allows local attackers with low-level code execution to…
Digilent DASYLab DSA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
Digilent DASYLab contains a remote code execution vulnerability (CVE-2026-0956) that allows attackers to execute arbitrary code on affected systems…
QNAP QHora-322 qvpn_db_mgr username SQL Injection Remote Code Execution Vulnerability
A critical vulnerability in QNAP QHora-322 routers (CVE-2025-62846) allows remote attackers to execute arbitrary code despite the presence of…
QNAP QHora-322 qvpn_db_mgr role_type Improper Neutralization of Escape Sequences Authentication Bypass Vulnerability
QNAP QHora-322 routers contain an authentication bypass vulnerability (CVE-2025-62845) that allows remote attackers to circumvent the device's…
QNAP QHora-322 ip6_wanifset Improper Restriction of Communication Channel to Intended Endpoints Firewall Bypass Vulnerability
QNAP QHora-322 routers contain a firewall bypass vulnerability (CVE-2025-62843) that allows network-adjacent attackers to circumvent configured…
OpenClaw Client PKCE Verifier Information Disclosure Vulnerability
OpenClaw contains a credential disclosure vulnerability (CVE-2026-3691) that allows remote attackers to access stored credentials when a user…
Linux
Linux is the open-source operating system kernel used across servers, desktops, and embedded systems worldwide.
aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability
LiteLLM
LiteLLM is an open-source library that provides a unified interface for large language model APIs.
OpenPrinting
OpenPrinting is a widely-used open-source printing system commonly integrated into Linux distributions and enterprise print servers.
Linux
A high-severity vulnerability (CVSS 7.5) has been discovered in Linux that requires local access and high-level privileges to exploit, but can result…
Foxit
Foxit is a well-known software company specializing in PDF readers and document management solutions.
Digilent DASYLab DSA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
Digilent DASYLab contains a remote code execution vulnerability (CVE-2026-0955) rated HIGH with a CVSS score of 7.8 that allows attackers to execute…