ZDI Advisories
1275 advisoriesZero Day Initiative vulnerability advisories – published disclosures and upcoming publications.
VMware ESXi VMXNET3 Integer Overflow Local Privilege Escalation Vulnerability
VMware ESXi contains a privilege escalation vulnerability (CVE-2025-41236) with a CVSS score of 8.2 that allows attackers with high-privileged code…
GIMP LBM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
GIMP contains a remote code execution vulnerability (CVE-2026-2046) that allows attackers to execute arbitrary code if a user opens a malicious file…
GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
GIMP contains a remote code execution vulnerability (CVE-2026-2049) with a CVSS score of 7.8 that allows attackers to execute arbitrary code if a…
Schneider Electric EcoStruxure Data Center Expert Hard-coded Password Remote Code Execution Vulnerability
Schneider Electric EcoStruxure Data Center Expert contains a critical vulnerability (CVE-2025-13957) that allows authenticated remote attackers to…
Bitdefender
Bitdefender is a major cybersecurity software vendor known for antivirus and endpoint protection products.
ATEN
ATEN is a well-known manufacturer of IT infrastructure and KVM switch solutions used for data center and remote management.
ATEN
ATEN is a manufacturer of IT infrastructure and remote management products, particularly known for KVM switches and data center management solutions.
ATEN
ATEN is a well-known manufacturer of IT infrastructure and KVM switch solutions used in data centers and enterprise environments.
ATEN
ATEN is a Taiwan-based manufacturer of IT infrastructure and KVM switching solutions widely used in data centers and server environments.
ATEN
ATEN is a well-known manufacturer of IT infrastructure and KVM switch products used widely in data centers and enterprise environments.
Adobe
Adobe, a leading software company known for creative and document processing applications, has a high-severity local vulnerability (CVSS 7.0) that…
ATEN
ATEN is a well-known manufacturer of IT infrastructure and KVM switch solutions used in data centers and enterprise environments.
GStreamer
GStreamer is a widely-used open-source multimedia framework used for audio and video processing across many applications and operating systems.
Bosch Rexroth
Bosch Rexroth, a major industrial automation and hydraulics company, has a high-severity vulnerability (CVSS 7.8) that requires local access and user…
Bosch Rexroth
Bosch Rexroth, a major industrial automation and hydraulics manufacturer, has a high-severity vulnerability (CVSS 7.8) that requires local access and…
OriginLab
OriginLab is a scientific data analysis and graphing software company known for their Origin product suite used in research and engineering.
OriginLab
OriginLab is a software company known for scientific data analysis and graphing tools, primarily their Origin product used in research and…
Samba
Samba is a widely-used open-source software suite that enables file sharing and printing services across Windows and Unix networks.
Microsoft Windows win32full Improper Release Local Privilege Escalation Vulnerability
This vulnerability is a privilege escalation flaw in Microsoft Windows (CVE-2026-24285) that allows attackers with low-level code execution to gain…
Apple macOS libusd_ms Alembic File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
A high-severity remote code execution vulnerability (CVE-2026-20616) has been discovered in Apple macOS that allows attackers to execute arbitrary…
Microsoft Windows cdd Improper Locking Local Privilege Escalation Vulnerability
A privilege escalation vulnerability (CVE-2026-23668) in Microsoft Windows allows attackers who already have low-level code execution to gain…
Microsoft Windows cdd Improper Locking Local Privilege Escalation Vulnerability
A local privilege escalation vulnerability in Microsoft Windows (CVE-2026-23668) allows attackers with low-level code execution to gain elevated…
Microsoft Windows win32kfull Improper Locking Local Privilege Escalation Vulnerability
CVE-2026-23668 is a high-severity privilege escalation vulnerability in Microsoft Windows that allows local attackers to gain elevated system…
Microsoft Windows GDI Bitmap Parsing Out-Of-Bound Read Information Disclosure Vulnerability
This vulnerability in Microsoft Windows GDI library allows remote attackers to access sensitive information without requiring user authentication.
Microsoft
Microsoft has disclosed a high-severity vulnerability (CVSS 7.8) that requires local access and low-level user privileges to exploit, with no user…
Microsoft Windows win32full Improper Release Local Privilege Escalation Vulnerability
A privilege escalation vulnerability (CVE-2026-24285) has been identified in Microsoft Windows with a CVSS score of 7.8.
Apple macOS Audio APAC Frame Decoding Out-Of-Bounds Write Remote Code Execution Vulnerability
Apple macOS contains a remote code execution vulnerability (CVE-2026-20611) with a CVSS score of 7.8 that can be exploited when users interact with…
Microsoft Windows NDIS Driver Use-After-Free Local Privilege Escalation Vulnerability
This is a privilege escalation vulnerability affecting Microsoft Windows (CVE-2026-24289) with a CVSS score of 7.8, allowing local attackers to gain…
Array Networks MotionPro ArrayInstallManager Incorrect Permission Assignment Local Privilege Escalation Vulnerability
A privilege escalation vulnerability (CVE-2026-26364) in Array Networks MotionPro allows attackers with low-level code execution to gain elevated…
Fortinet FortiClient Link Following Local Privilege Escalation Vulnerability
A high-severity privilege escalation vulnerability exists in Fortinet FortiClient that allows local attackers with low-privileged code execution to…