Skip to main content

ZDI Advisories

1275 advisories

Zero Day Initiative vulnerability advisories – published disclosures and upcoming publications.

ZDI-26-189 8.2 CVE-2025-41236 VMware Mar 16, 2026

VMware ESXi VMXNET3 Integer Overflow Local Privilege Escalation Vulnerability

VMware ESXi contains a privilege escalation vulnerability (CVE-2025-41236) with a CVSS score of 8.2 that allows attackers with high-privileged code…

ZDI-26-213 7.8 CVE-2026-2046 GIMP Mar 16, 2026

GIMP LBM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

GIMP contains a remote code execution vulnerability (CVE-2026-2046) that allows attackers to execute arbitrary code if a user opens a malicious file…

ZDI-26-214 7.8 CVE-2026-2049 GIMP Mar 16, 2026

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

GIMP contains a remote code execution vulnerability (CVE-2026-2049) with a CVSS score of 7.8 that allows attackers to execute arbitrary code if a…

ZDI-26-212 8.8 CVE-2025-13957 Schneider Mar 16, 2026

Schneider Electric EcoStruxure Data Center Expert Hard-coded Password Remote Code Execution Vulnerability

Schneider Electric EcoStruxure Data Center Expert contains a critical vulnerability (CVE-2025-13957) that allows authenticated remote attackers to…

ZDI-CAN-28703 7.3 Upcoming – -127d Bitdefender Mar 13, 2026

Bitdefender

Bitdefender is a major cybersecurity software vendor known for antivirus and endpoint protection products.

ZDI-CAN-28503 5.5 Upcoming – -127d ATEN Mar 13, 2026

ATEN

ATEN is a well-known manufacturer of IT infrastructure and KVM switch solutions used for data center and remote management.

ZDI-CAN-28505 7.5 Upcoming – -127d ATEN Mar 13, 2026

ATEN

ATEN is a manufacturer of IT infrastructure and remote management products, particularly known for KVM switches and data center management solutions.

ZDI-CAN-28578 7.2 Upcoming – -127d ATEN Mar 13, 2026

ATEN

ATEN is a well-known manufacturer of IT infrastructure and KVM switch solutions used in data centers and enterprise environments.

ZDI-CAN-28590 7.2 Upcoming – -127d ATEN Mar 13, 2026

ATEN

ATEN is a Taiwan-based manufacturer of IT infrastructure and KVM switching solutions widely used in data centers and server environments.

ZDI-CAN-28502 5.5 Upcoming – -127d ATEN Mar 13, 2026

ATEN

ATEN is a well-known manufacturer of IT infrastructure and KVM switch products used widely in data centers and enterprise environments.

ZDI-CAN-29588 7.0 Upcoming – -127d Adobe Mar 13, 2026

Adobe

Adobe, a leading software company known for creative and document processing applications, has a high-severity local vulnerability (CVSS 7.0) that…

ZDI-CAN-28579 7.2 Upcoming – -127d ATEN Mar 13, 2026

ATEN

ATEN is a well-known manufacturer of IT infrastructure and KVM switch solutions used in data centers and enterprise environments.

ZDI-CAN-29392 7.8 Upcoming – -128d GStreamer Mar 12, 2026

GStreamer

GStreamer is a widely-used open-source multimedia framework used for audio and video processing across many applications and operating systems.

ZDI-CAN-28242 7.8 Upcoming – -129d Bosch Rexroth Mar 11, 2026

Bosch Rexroth

Bosch Rexroth, a major industrial automation and hydraulics company, has a high-severity vulnerability (CVSS 7.8) that requires local access and user…

ZDI-CAN-28243 7.8 Upcoming – -129d Bosch Rexroth Mar 11, 2026

Bosch Rexroth

Bosch Rexroth, a major industrial automation and hydraulics manufacturer, has a high-severity vulnerability (CVSS 7.8) that requires local access and…

ZDI-CAN-29332 7.8 Upcoming – -129d OriginLab Mar 11, 2026

OriginLab

OriginLab is a scientific data analysis and graphing software company known for their Origin product suite used in research and engineering.

ZDI-CAN-29331 7.8 Upcoming – -129d OriginLab Mar 11, 2026

OriginLab

OriginLab is a software company known for scientific data analysis and graphing tools, primarily their Origin product used in research and…

ZDI-CAN-29200 6.5 Upcoming – -129d Samba Mar 11, 2026

Samba

Samba is a widely-used open-source software suite that enables file sharing and printing services across Windows and Unix networks.

ZDI-26-182 7.8 CVE-2026-24285 Microsoft Mar 10, 2026

Microsoft Windows win32full Improper Release Local Privilege Escalation Vulnerability

This vulnerability is a privilege escalation flaw in Microsoft Windows (CVE-2026-24285) that allows attackers with low-level code execution to gain…

ZDI-26-176 7.8 CVE-2026-20616 Apple Mar 10, 2026

Apple macOS libusd_ms Alembic File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

A high-severity remote code execution vulnerability (CVE-2026-20616) has been discovered in Apple macOS that allows attackers to execute arbitrary…

ZDI-26-178 8.8 CVE-2026-23668 Microsoft Mar 10, 2026

Microsoft Windows cdd Improper Locking Local Privilege Escalation Vulnerability

A privilege escalation vulnerability (CVE-2026-23668) in Microsoft Windows allows attackers who already have low-level code execution to gain…

ZDI-26-180 8.8 CVE-2026-23668 Microsoft Mar 10, 2026

Microsoft Windows cdd Improper Locking Local Privilege Escalation Vulnerability

A local privilege escalation vulnerability in Microsoft Windows (CVE-2026-23668) allows attackers with low-level code execution to gain elevated…

ZDI-26-179 8.8 CVE-2026-23668 Microsoft Mar 10, 2026

Microsoft Windows win32kfull Improper Locking Local Privilege Escalation Vulnerability

CVE-2026-23668 is a high-severity privilege escalation vulnerability in Microsoft Windows that allows local attackers to gain elevated system…

ZDI-26-185 3.3 CVE-2026-25181 Microsoft Mar 10, 2026

Microsoft Windows GDI Bitmap Parsing Out-Of-Bound Read Information Disclosure Vulnerability

This vulnerability in Microsoft Windows GDI library allows remote attackers to access sensitive information without requiring user authentication.

ZDI-CAN-29616 7.8 Upcoming – -130d Microsoft Mar 10, 2026

Microsoft

Microsoft has disclosed a high-severity vulnerability (CVSS 7.8) that requires local access and low-level user privileges to exploit, with no user…

ZDI-26-183 7.8 CVE-2026-24285 Microsoft Mar 10, 2026

Microsoft Windows win32full Improper Release Local Privilege Escalation Vulnerability

A privilege escalation vulnerability (CVE-2026-24285) has been identified in Microsoft Windows with a CVSS score of 7.8.

ZDI-26-173 7.8 CVE-2026-20611 Apple Mar 10, 2026

Apple macOS Audio APAC Frame Decoding Out-Of-Bounds Write Remote Code Execution Vulnerability

Apple macOS contains a remote code execution vulnerability (CVE-2026-20611) with a CVSS score of 7.8 that can be exploited when users interact with…

ZDI-26-184 7.8 CVE-2026-24289 Microsoft Mar 10, 2026

Microsoft Windows NDIS Driver Use-After-Free Local Privilege Escalation Vulnerability

This is a privilege escalation vulnerability affecting Microsoft Windows (CVE-2026-24289) with a CVSS score of 7.8, allowing local attackers to gain…

ZDI-26-177 7.8 CVE-2026-26364 Array Mar 10, 2026

Array Networks MotionPro ArrayInstallManager Incorrect Permission Assignment Local Privilege Escalation Vulnerability

A privilege escalation vulnerability (CVE-2026-26364) in Array Networks MotionPro allows attackers with low-level code execution to gain elevated…

ZDI-26-186 7.8 CVE-2026-24018 Fortinet Mar 10, 2026

Fortinet FortiClient Link Following Local Privilege Escalation Vulnerability

A high-severity privilege escalation vulnerability exists in Fortinet FortiClient that allows local attackers with low-privileged code execution to…

Prev Page 29 of 43 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy