Skip to main content

ZDI Advisories

400 advisories

Zero Day Initiative vulnerability advisories – published disclosures and upcoming publications.

ZDI-26-370 8.8 CVE-2026-9781 Quest Jun 24, 2026

Quest NetVault Backup NVBURASDevice SQL Injection Remote Code Execution Vulnerability

ZDI-26-375 8.8 CVE-2026-9786 Quest Jun 24, 2026

Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability

ZDI-26-388 7.5 CVE-2026-35273 Oracle Jun 24, 2026

Oracle PeopleSoft HubMBeanPersistance Deserialization of Untrusted Data Remote Code Execution Vulnerability

ZDI-26-389 8.8 CVE-2026-35273 Oracle Jun 24, 2026

Oracle PeopleSoft ExecuteProcessActivityCommand External Control of File Path Remote Code Execution Vulnerability

ZDI-26-392 7.8 CVE-2026-50258 X.Org Jun 24, 2026

X.Org Server Xkb Key Types Stack-based Buffer Overflow Privilege Escalation Vulnerability

ZDI-26-391 7.8 CVE-2026-50257 X.Org Jun 24, 2026

X.Org Server miSyncDestroyFence Use-After-Free Privilege Escalation Vulnerability

ZDI-26-390 7.8 CVE-2026-50256 X.Org Jun 24, 2026

X.Org Server Font Alias Stack-based Buffer Overflow Privilege Escalation Vulnerability

ZDI-26-368 8.8 CVE-2026-7570 Quest Jun 24, 2026

Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability

ZDI-26-394 7.8 CVE-2026-50260 X.Org Jun 24, 2026

X.Org Server FreeCounter Use-After-Free Privilege Escalation Vulnerability

ZDI-26-369 8.8 CVE-2026-9780 Quest Jun 24, 2026

Quest NetVault Backup addclient3 Cross-Site Scripting Authentication Bypass Vulnerability

ZDI-26-387 9.3 CVE-2026-35273 Oracle Jun 24, 2026

Oracle PeopleSoft HttpListeningConnector Server-Side Request Forgery Vulnerability

ZDI-26-373 8.8 CVE-2026-9784 Quest Jun 24, 2026

Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code Execution Vulnerability

ZDI-26-371 8.8 CVE-2026-9782 Quest Jun 24, 2026

Quest NetVault Backup NVBUDeviceDrive SQL Injection Remote Code Execution Vulnerability

ZDI-26-386 8.8 CVE-2026-9773 Unraid Jun 24, 2026

Unraid Web Server ToggleState Command Injection Remote Code Execution Vulnerability

ZDI-26-367 7.8 CVE-2026-8108 Fuji Jun 24, 2026

Fuji Electric Tellus pcid64 Driver Registry APIs Exposed Dangerous Method Local Privilege Escalation Vulnerability

ZDI-26-364 9.8 CVE-2026-41264 FlowiseAI Jun 24, 2026

FlowiseAI Flowise CSV Agent Prompt Injection Remote Code Execution Vulnerability

ZDI-26-363 8.6 CVE-2026-55887 Docker Jun 24, 2026

Docker MCP Plugin OCI Image Label Parsing Argument Injection Remote Code Execution Vulnerability

ZDI-26-362 7.5 CVE-2026-46873 Oracle Jun 24, 2026

Oracle VirtualBox VMSVGA Stack-based Buffer Overflow Local Privilege Escalation Vulnerability

ZDI-26-397 5.5 CVE-2026-50263 X.Org Jun 24, 2026

X.Org Server CreateSaverWindow Use-After-Free Information Disclosure Vulnerability

ZDI-26-361 7.8 CVE-2026-27278 Adobe Jun 24, 2026

Adobe Acrobat Reader DC Field signatureInfo Use-After-Free Remote Code Execution Vulnerability

ZDI-26-393 7.8 CVE-2026-50259 X.Org Jun 24, 2026

X.Org Server SetMap Request Stack-based Buffer Overflow Privilege Escalation Vulnerability

ZDI-26-372 8.8 CVE-2026-9783 Quest Jun 24, 2026

Quest NetVault Backup NVBURemovableMedia SQL Injection Remote Code Execution Vulnerability

ZDI-26-396 5.5 CVE-2026-50262 X.Org Jun 24, 2026

X.Org Server ChangeDrawableAttributes Out-Of-Bounds Read Information Disclosure Vulnerability

ZDI-26-395 7.8 CVE-2026-50261 X.Org Jun 24, 2026

X.Org Server SyncChangeCounter Use-After-Free Privilege Escalation Vulnerability

ZDI-26-358 4.6 CVE-2026-11443 Allegra Jun 11, 2026

Allegra downloadAttachment Cross-Site Scripting Authentication Bypass Vulnerability

ZDI-26-357 6.5 CVE-2026-11442 Allegra Jun 11, 2026

Allegra exportReport Directory Traversal Information Disclosure Vulnerability

ZDI-26-359 7.8 CVE-2026-8916 Samsung Jun 11, 2026

Samsung rlottie Numeric Truncation Remote Code Execution Vulnerability

ZDI-26-360 7.8 CVE-2026-52849 MATE Jun 11, 2026

MATE Desktop Atril Document Viewer EPUB File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

ZDI-26-356 3.7 CVE-2026-34032 Apache Jun 11, 2026

Apache HTTP Server mod_proxy_ajp Out-Of-Bounds Read Information Disclosure Vulnerability

ZDI-26-355 7.8 CVE-2026-27220 Adobe Jun 10, 2026

Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability

Prev Page 3 of 14 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy