ZDI Advisories
1275 advisoriesZero Day Initiative vulnerability advisories – published disclosures and upcoming publications.
Meta
Meta, the social media and technology conglomerate, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction to exploit but…
Meta
Meta, the social media and technology conglomerate, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but no…
Meta
Meta, the social media and technology company behind Facebook, Instagram, and other platforms, has a local vulnerability with a CVSS score of 7.8…
Meta
Meta, the social media and technology conglomerate, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but no…
Meta
Meta, the major social media and technology company, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but no…
Meta
Meta, the technology company behind Facebook and related services, has a local vulnerability (CVE pending) with a high severity rating of 7.8 that…
Meta
Meta, a major social media and technology company, has a local privilege escalation vulnerability with a CVSS score of 7.8 that requires user…
Meta
Meta, the social media and technology company, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but no…
Meta
Meta, the social media and technology conglomerate, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but no…
WatchGuard
WatchGuard is a network security company known for firewalls and threat management solutions.
OriginLab
OriginLab Corporation develops OriginPro, a widely-used data analysis and graphing software popular in scientific and engineering communities.
vLLM
vLLM is an open-source library for running large language models efficiently.
Oracle
Oracle, a major software and cloud services provider, has a high-severity vulnerability (CVSS 7.5) that requires local access and high-level…
MLflow
MLflow is an open-source machine learning platform used for experiment tracking, model management, and deployment.
ASUS
ASUS, a major Taiwanese manufacturer of computers, networking equipment, and consumer electronics, has a high-severity local privilege escalation…
Adobe
Adobe, a leading software company known for creative and productivity applications, has a medium-severity vulnerability (CVSS 5.4) that can be…
Dify
Dify is an open-source low-code platform for building AI applications and workflows.
MLflow
MLflow is an open-source machine learning platform used for experiment tracking and model management.
Adobe
Adobe, a leading software company known for creative and productivity applications, has a high-severity local privilege escalation vulnerability…
Microsoft Azure MCP AzureCliService Command Injection Remote Code Execution Vulnerability
A critical remote code execution vulnerability (CVSS 9.8) has been discovered in Microsoft Azure that requires no authentication to exploit, allowing…
Fortinet
Fortinet is a well-known cybersecurity vendor specializing in network security appliances and firewall solutions.
TrendAI
TrendAI is a vendor in the artificial intelligence/machine learning security space.
Canon imageCLASS MF654Cdw BJNP Memory Corruption Remote Code Execution Vulnerability
CVE-2025-14233 is a critical unauthenticated remote code execution vulnerability affecting Canon imageCLASS MF654Cdw printers that allows…
Samsung Galaxy S25 Smart Touch Call Application Protection Mechanism Failure Information Disclosure Vulnerability
Samsung Galaxy S25 devices contain a remote information disclosure vulnerability (CVE-2025-58488) that allows attackers to access sensitive data if…
Samsung Galaxy S25 Samsung Account Cross-Site Scripting Remote Code Execution Vulnerability
This vulnerability in Samsung Galaxy S25 allows unauthenticated remote attackers to execute arbitrary scripts on affected devices, potentially…
Samsung Galaxy S25 Samsung Account Open Redirect Security Bypass Vulnerability
A medium-severity security bypass vulnerability (CVE-2025-58487) has been identified in Samsung Galaxy S25 devices that allows remote attackers to…
Arista
Arista is a well-known networking equipment vendor that produces switches, routers, and cloud networking solutions.
G DATA
G DATA is a German cybersecurity firm known for antivirus and endpoint protection software.
Adobe
Adobe, a major software company known for creative and document processing applications, has a high-severity vulnerability (CVSS 7.5) that can be…
GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
GIMP contains a remote code execution vulnerability (CVE-2026-4153) that allows attackers to execute arbitrary code if a user opens a malicious file…