Skip to main content

ZDI Advisories

1275 advisories

Zero Day Initiative vulnerability advisories – published disclosures and upcoming publications.

ZDI-CAN-28662 6.1 Upcoming – -130d G DATA Mar 10, 2026

G DATA

G DATA is a well-known German cybersecurity company that develops antivirus and endpoint protection software.

ZDI-26-181 7.8 CVE-2026-24285 Microsoft Mar 10, 2026

Microsoft Windows win32full Improper Release Local Privilege Escalation Vulnerability

Microsoft Windows contains a privilege escalation vulnerability (CVE-2026-24285) that allows local attackers with low-privileged code execution to…

ZDI-26-174 7.8 CVE-2026-20675 Apple Mar 10, 2026

Apple macOS ImageIO SGI File Parsing Integer Overflow Remote Code Execution Vulnerability

CVE-2026-20675 is a high-severity remote code execution vulnerability in Apple's macOS ImageIO library that allows attackers to execute arbitrary…

ZDI-26-175 3.3 CVE-2026-20634 Apple Mar 10, 2026

Apple macOS ImageIO SGI File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

A low-severity information disclosure vulnerability exists in Apple's macOS ImageIO framework (CVE-2026-20634) that allows remote attackers to access…

ZDI-26-172 7.3 CVE-2026-3839 Unraid Mar 09, 2026

Unraid Authentication Request Path Traversal Authentication Bypass Vulnerability

A high-severity authentication bypass vulnerability (CVE-2026-3839) has been discovered in Unraid that allows remote attackers to gain unauthorized…

ZDI-CAN-28935 7.8 Upcoming – -131d MSI Mar 09, 2026

MSI

MSI, a well-known manufacturer of motherboards, graphics cards, and gaming hardware, has a local privilege escalation vulnerability (CVSS 7.8) that…

ZDI-26-171 8.8 CVE-2026-3838 Unraid Mar 09, 2026

Unraid Update Request Path Traversal Remote Code Execution Vulnerability

This vulnerability in Unraid (CVE-2026-3838) allows authenticated remote attackers to execute arbitrary code on affected systems, earning a HIGH…

ZDI-26-164 7.8 CVE-2026-2920 GStreamer Mar 06, 2026

GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability

GStreamer contains a remote code execution vulnerability (CVE-2026-2920, CVSS 7.8) that allows attackers to execute arbitrary code on systems running…

ZDI-26-157 8.1 CVE-2026-3559 Philips Mar 06, 2026

Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass Vulnerability

A high-severity authentication bypass vulnerability (CVE-2026-3559) has been discovered in Philips Hue Bridge that allows network-adjacent attackers…

ZDI-26-158 8.8 CVE-2026-3560 Philips Mar 06, 2026

Philips Hue Bridge HomeKit hk_hap_pair_storage_put Heap-based Buffer Overflow Remote Code Execution Vulnerability

A critical unauthenticated remote code execution vulnerability (CVE-2026-3560) has been discovered in the Philips Hue Bridge smart home device, rated…

ZDI-26-170 7.8 CVE-2026-3086 GStreamer Mar 06, 2026

GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerability

GStreamer contains a remote code execution vulnerability (CVE-2026-3086) rated 7.8 CVSS High severity that allows attackers to execute arbitrary code…

ZDI-26-168 7.8 CVE-2026-2921 GStreamer Mar 06, 2026

GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability

GStreamer contains a remote code execution vulnerability (CVE-2026-2921) with a high CVSS score of 7.8 that allows attackers to execute arbitrary…

ZDI-26-169 7.8 CVE-2026-3084 GStreamer Mar 06, 2026

GStreamer H.266 Codec Parser Integer Underflow Remote Code Execution Vulnerability

GStreamer contains a remote code execution vulnerability (CVE-2026-3084) rated HIGH with a CVSS score of 7.8 that allows attackers to execute…

ZDI-26-165 7.8 CVE-2026-2922 GStreamer Mar 06, 2026

GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerability

GStreamer contains a remote code execution vulnerability (CVE-2026-2922) rated HIGH with a CVSS score of 7.8, allowing attackers to execute arbitrary…

ZDI-26-166 8.8 CVE-2026-3083 GStreamer Mar 06, 2026

GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability

GStreamer contains a critical remote code execution vulnerability (CVE-2026-3083) rated 8.8 CVSS that allows attackers to execute arbitrary code on…

ZDI-26-160 6.3 CVE-2026-3562 Philips Mar 06, 2026

Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability

A network-adjacent attacker can execute arbitrary code on Philips Hue Bridge devices without authentication due to CVE-2026-3562, a medium-severity…

ZDI-26-167 8.8 CVE-2026-3085 GStreamer Mar 06, 2026

GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability

GStreamer contains a high-severity remote code execution vulnerability (CVE-2026-3085, CVSS 8.8) that allows attackers to execute arbitrary code when…

ZDI-CAN-28201 7.2 Upcoming – -134d Adminer Mar 06, 2026

Adminer

Adminer is a popular web-based database management tool that allows remote administration of databases.

ZDI-26-155 8.0 CVE-2026-3557 Philips Mar 06, 2026

Philips Hue Bridge hap_pair_verify_handler Sub-TLV Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

A high-severity vulnerability (CVE-2026-3557) in Philips Hue Bridge allows network-adjacent attackers to execute arbitrary code by bypassing the…

ZDI-26-154 8.8 CVE-2026-3556 Philips Mar 06, 2026

Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability

A critical unauthenticated remote code execution vulnerability (CVE-2026-3556) affects the Philips Hue Bridge smart home hub, rated 8.8 CVSS.

ZDI-CAN-29144 8.1 Upcoming – -134d verl Mar 06, 2026

verl

A high-severity vulnerability (CVSS 8.1) has been identified in Verl, affecting the confidentiality, integrity, and availability of impacted systems.

ZDI-CAN-29287 8.1 Upcoming – -134d NGINX Mar 06, 2026

NGINX

NGINX is a widely-used open-source web server and reverse proxy software that handles traffic for millions of websites globally.

ZDI-26-161 7.8 CVE-2026-2923 GStreamer Mar 06, 2026

GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability

GStreamer contains a remote code execution vulnerability (CVE-2026-2923) with a CVSS score of 7.8 that allows attackers to execute arbitrary code on…

ZDI-26-159 8.0 CVE-2026-3561 Philips Mar 06, 2026

Philips Hue Bridge hk_hap characteristics Heap-based Buffer Overflow Remote Code Execution Vulnerability

A high-severity vulnerability (CVSS 8.0) in Philips Hue Bridge allows network-adjacent attackers to execute arbitrary code by bypassing the device's…

ZDI-26-153 8.0 CVE-2026-3555 Philips Mar 06, 2026

Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execution Vulnerability

A high-severity vulnerability (CVSS 8.0) in Philips Hue Bridge allows network-adjacent attackers to execute arbitrary code on the device if a user…

ZDI-26-162 7.8 CVE-2026-3081 GStreamer Mar 06, 2026

GStreamer H.266 Codec Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability

GStreamer contains a remote code execution vulnerability (CVE-2026-3081) rated 7.8 CVSS that allows attackers to execute arbitrary code if they can…

ZDI-26-156 8.1 CVE-2026-3558 Philips Mar 06, 2026

Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authentication Bypass Vulnerability

A high-severity authentication bypass vulnerability (CVE-2026-3558, CVSS 8.1) affects Philips Hue Bridge, allowing network-adjacent attackers to gain…

ZDI-26-163 7.8 CVE-2026-3082 GStreamer Mar 06, 2026

GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability

GStreamer contains a remote code execution vulnerability (CVE-2026-3082) rated HIGH with a CVSS score of 7.8 that allows attackers to execute…

ZDI-26-151 7.8 CVE-2026-3094 Delta Mar 06, 2026

Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Delta Electronics CNCSoft-G2 contains a remote code execution vulnerability (CVE-2026-3094) that allows attackers to execute arbitrary code if a user…

ZDI-26-152 7.8 CVE-2025-15558 Docker Mar 06, 2026

Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Docker Desktop contains a local privilege escalation vulnerability (CVE-2025-15558) that allows attackers with low-level code execution access to…

Prev Page 30 of 43 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy