ZDI Advisories
875 advisoriesZero Day Initiative vulnerability advisories – published disclosures and upcoming publications.
DriveLock
DriveLock is a German endpoint security and data protection software vendor.
Krita
Krita is a popular open-source digital painting and illustration software application.
DriveLock
DriveLock is a German endpoint security and data protection company known for device control and encryption solutions.
Krita
Krita is a popular open-source digital painting and illustration software.
Hugging Face
Hugging Face is a well-known AI/machine learning platform that provides pretrained models and collaborative tools for developers.
Intel
Intel, a major semiconductor and processor manufacturer, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but no…
MLflow
MLflow is an open-source machine learning platform used for experiment tracking and model management.
DeepSpeed
DeepSpeed is a deep learning optimization library developed by Microsoft for training large-scale AI models.
Microsoft
Microsoft has a medium-severity information disclosure vulnerability (CVSS 4.3) that can be exploited remotely by an unauthenticated attacker through…
npm
npm is the JavaScript package manager and repository used by millions of developers worldwide.
verl
A high-severity vulnerability (CVSS 7.8) has been discovered in Verl, affecting the confidentiality, integrity, and availability of systems.
npm
npm is the largest package manager for JavaScript and Node.js, used by millions of developers worldwide.
verl
This advisory concerns a high-severity vulnerability (CVSS 7.8) in Verl, a lesser-known vendor product.
NVIDIA
NVIDIA, a leading manufacturer of graphics processors and AI computing hardware, has a high-severity local vulnerability (CVSS 7.8) that requires…
NVIDIA
NVIDIA is a major technology company known for graphics processors, AI chips, and data center hardware.
Hugging Face
Hugging Face is a well-known AI/ML platform that hosts machine learning models and provides collaborative tools for developers.
Adobe
Adobe has released a high-severity vulnerability (CVSS 7.8) affecting one of their products that requires local access and user interaction to…
Apple
Apple, a major technology company known for iPhones, Macs, and iOS/macOS operating systems, has a high-severity vulnerability (CVSS 8.8) reported by…
Medplum
Medplum is a healthcare data platform that manages patient records and medical information systems.
ATEN
ATEN is a Taiwan-based manufacturer of IT infrastructure and KVM switch products widely used in data centers and enterprise environments.
Medplum
Medplum is a healthcare data platform that manages patient health records and medical information systems.
pdfforge
pdfforge is a vendor known for PDF manipulation and conversion software tools.
Netdata
Netdata is a popular open-source real-time system monitoring and visualization platform.
Siemens
Siemens, a major industrial automation and control systems manufacturer, has a high-severity vulnerability (CVSS 8.8) that can be exploited remotely…
Ashlar-Vellum
Ashlar-Vellum is a software company known for design and visualization tools used in architecture and engineering.
QNAP
QNAP is a leading manufacturer of network-attached storage (NAS) devices used by businesses and consumers for data backup and management.
Delta Electronics
Delta Electronics, a major industrial automation and power management company, has a high-severity local vulnerability (CVSS 7.8) that requires user…
NI
National Instruments (NI) has a high-severity vulnerability (CVSS 7.8) that requires local access and user interaction to exploit, but when…
Linux
A medium-severity vulnerability (CVSS 6.7) has been discovered in Linux that requires local access and high-level privileges to exploit, resulting in…
Linux
A high-severity vulnerability (CVSS 8.2) has been discovered in Linux that requires local access and high-level privileges to exploit, but once…