ZDI Advisories
1275 advisoriesZero Day Initiative vulnerability advisories – published disclosures and upcoming publications.
G DATA
G DATA is a well-known German cybersecurity company that develops antivirus and endpoint protection software.
Microsoft Windows win32full Improper Release Local Privilege Escalation Vulnerability
Microsoft Windows contains a privilege escalation vulnerability (CVE-2026-24285) that allows local attackers with low-privileged code execution to…
Apple macOS ImageIO SGI File Parsing Integer Overflow Remote Code Execution Vulnerability
CVE-2026-20675 is a high-severity remote code execution vulnerability in Apple's macOS ImageIO library that allows attackers to execute arbitrary…
Apple macOS ImageIO SGI File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
A low-severity information disclosure vulnerability exists in Apple's macOS ImageIO framework (CVE-2026-20634) that allows remote attackers to access…
Unraid Authentication Request Path Traversal Authentication Bypass Vulnerability
A high-severity authentication bypass vulnerability (CVE-2026-3839) has been discovered in Unraid that allows remote attackers to gain unauthorized…
MSI
MSI, a well-known manufacturer of motherboards, graphics cards, and gaming hardware, has a local privilege escalation vulnerability (CVSS 7.8) that…
Unraid Update Request Path Traversal Remote Code Execution Vulnerability
This vulnerability in Unraid (CVE-2026-3838) allows authenticated remote attackers to execute arbitrary code on affected systems, earning a HIGH…
GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability
GStreamer contains a remote code execution vulnerability (CVE-2026-2920, CVSS 7.8) that allows attackers to execute arbitrary code on systems running…
Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass Vulnerability
A high-severity authentication bypass vulnerability (CVE-2026-3559) has been discovered in Philips Hue Bridge that allows network-adjacent attackers…
Philips Hue Bridge HomeKit hk_hap_pair_storage_put Heap-based Buffer Overflow Remote Code Execution Vulnerability
A critical unauthenticated remote code execution vulnerability (CVE-2026-3560) has been discovered in the Philips Hue Bridge smart home device, rated…
GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerability
GStreamer contains a remote code execution vulnerability (CVE-2026-3086) rated 7.8 CVSS High severity that allows attackers to execute arbitrary code…
GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability
GStreamer contains a remote code execution vulnerability (CVE-2026-2921) with a high CVSS score of 7.8 that allows attackers to execute arbitrary…
GStreamer H.266 Codec Parser Integer Underflow Remote Code Execution Vulnerability
GStreamer contains a remote code execution vulnerability (CVE-2026-3084) rated HIGH with a CVSS score of 7.8 that allows attackers to execute…
GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerability
GStreamer contains a remote code execution vulnerability (CVE-2026-2922) rated HIGH with a CVSS score of 7.8, allowing attackers to execute arbitrary…
GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability
GStreamer contains a critical remote code execution vulnerability (CVE-2026-3083) rated 8.8 CVSS that allows attackers to execute arbitrary code on…
Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability
A network-adjacent attacker can execute arbitrary code on Philips Hue Bridge devices without authentication due to CVE-2026-3562, a medium-severity…
GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability
GStreamer contains a high-severity remote code execution vulnerability (CVE-2026-3085, CVSS 8.8) that allows attackers to execute arbitrary code when…
Adminer
Adminer is a popular web-based database management tool that allows remote administration of databases.
Philips Hue Bridge hap_pair_verify_handler Sub-TLV Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
A high-severity vulnerability (CVE-2026-3557) in Philips Hue Bridge allows network-adjacent attackers to execute arbitrary code by bypassing the…
Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability
A critical unauthenticated remote code execution vulnerability (CVE-2026-3556) affects the Philips Hue Bridge smart home hub, rated 8.8 CVSS.
verl
A high-severity vulnerability (CVSS 8.1) has been identified in Verl, affecting the confidentiality, integrity, and availability of impacted systems.
NGINX
NGINX is a widely-used open-source web server and reverse proxy software that handles traffic for millions of websites globally.
GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability
GStreamer contains a remote code execution vulnerability (CVE-2026-2923) with a CVSS score of 7.8 that allows attackers to execute arbitrary code on…
Philips Hue Bridge hk_hap characteristics Heap-based Buffer Overflow Remote Code Execution Vulnerability
A high-severity vulnerability (CVSS 8.0) in Philips Hue Bridge allows network-adjacent attackers to execute arbitrary code by bypassing the device's…
Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execution Vulnerability
A high-severity vulnerability (CVSS 8.0) in Philips Hue Bridge allows network-adjacent attackers to execute arbitrary code on the device if a user…
GStreamer H.266 Codec Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability
GStreamer contains a remote code execution vulnerability (CVE-2026-3081) rated 7.8 CVSS that allows attackers to execute arbitrary code if they can…
Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authentication Bypass Vulnerability
A high-severity authentication bypass vulnerability (CVE-2026-3558, CVSS 8.1) affects Philips Hue Bridge, allowing network-adjacent attackers to gain…
GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability
GStreamer contains a remote code execution vulnerability (CVE-2026-3082) rated HIGH with a CVSS score of 7.8 that allows attackers to execute…
Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Delta Electronics CNCSoft-G2 contains a remote code execution vulnerability (CVE-2026-3094) that allows attackers to execute arbitrary code if a user…
Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
Docker Desktop contains a local privilege escalation vulnerability (CVE-2025-15558) that allows attackers with low-level code execution access to…