Skip to main content

ZDI Advisories

1275 advisories

Zero Day Initiative vulnerability advisories – published disclosures and upcoming publications.

ZDI-CAN-28879 7.5 Upcoming – -135d Apple Mar 05, 2026

Apple

Apple has a high-severity vulnerability (CVSS 7.5) that can be exploited remotely without authentication, though it requires user interaction and…

ZDI-CAN-29184 7.8 Upcoming – -135d Microsoft Mar 05, 2026

Microsoft

Microsoft has a high-severity vulnerability (CVSS 7.8) that requires local access and user interaction to exploit, but delivers complete system…

ZDI-CAN-28695 3.3 Upcoming – -135d Apple Mar 05, 2026

Apple

Apple has a local vulnerability (CVE pending) with low severity that requires user interaction to exploit but could lead to minor information…

ZDI-CAN-29102 7.8 Upcoming – -136d Meta Mar 04, 2026

Meta

Meta, the social media and technology conglomerate, has a high-severity vulnerability (CVSS 7.8) that requires local access and user interaction but…

ZDI-CAN-29465 7.8 Upcoming – -136d Meta Mar 04, 2026

Meta

Meta, the social media and technology conglomerate behind Facebook, Instagram, and other platforms, has a high-severity local vulnerability (CVSS…

ZDI-CAN-29104 7.8 Upcoming – -136d Meta Mar 04, 2026

Meta

Meta, the parent company of Facebook, Instagram, and WhatsApp, has a high-severity vulnerability (CVSS 7.8) that requires local access and user…

ZDI-CAN-29103 7.8 Upcoming – -136d Meta Mar 04, 2026

Meta

Meta, the parent company of Facebook, Instagram, and WhatsApp, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but…

ZDI-CAN-29257 7.8 Upcoming – -136d Meta Mar 04, 2026

Meta

Meta, the social media and technology conglomerate behind Facebook, Instagram, and WhatsApp, has a high-severity local vulnerability (CVSS 7.8) that…

ZDI-CAN-29258 7.8 Upcoming – -136d Meta Mar 04, 2026

Meta

Meta, the social media and technology conglomerate, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction to exploit but…

ZDI-CAN-28489 7.8 Upcoming – -136d ASUS Mar 04, 2026

ASUS

ASUS, a major manufacturer of consumer and enterprise computing hardware and components, has a high-severity local privilege escalation vulnerability…

ZDI-CAN-29101 7.8 Upcoming – -136d Meta Mar 04, 2026

Meta

Meta, a major social media and technology company, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but no…

ZDI-26-142 7.8 CVE-2025-71216 Trend Mar 03, 2026

Trend Micro Apex One Security Agent Cache Mechanism Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability

Trend Micro Apex One Security Agent contains a privilege escalation vulnerability (CVE-2025-71216) that allows local attackers with low-privileged…

ZDI-26-141 7.8 CVE-2025-71215 Trend Mar 03, 2026

Trend Micro Apex One Security Agent iCore Service Signature Verification Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability

A privilege escalation vulnerability exists in Trend Micro Apex One Security Agent that allows local attackers with low-privileged code execution to…

ZDI-26-140 7.8 CVE-2025-71213 Trend Mar 03, 2026

Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability

A privilege escalation vulnerability (CVE-2025-71213) in Trend Micro Apex One Security Agent allows attackers with low-level code execution on a…

ZDI-26-144 4.4 CVE-2025-71205 Trend Mar 03, 2026

Trend Micro Apex Central Hub Server Server-Side Request Forgery Vulnerability

Trend Micro Apex Central contains an information disclosure vulnerability (CVE-2025-71205) that allows authenticated remote attackers to access…

ZDI-26-149 5.0 CVE-2025-71218 Trend Mar 03, 2026

Trend Micro Cleaner One Pro Link Following Denial-of-Service Vulnerability

Trend Micro Cleaner One Pro contains a local denial-of-service vulnerability (CVE-2025-71218) that allows low-privileged attackers to crash or…

ZDI-26-137 9.8 CVE-2025-71211 Trend Mar 03, 2026

Trend Micro Apex One Console Directory Traversal Remote Code Execution Vulnerability

Trend Micro Apex One contains a critical remote code execution vulnerability (CVE-2025-71211) that allows unauthenticated attackers to execute…

ZDI-26-134 7.3 CVE-2026-23600 Hewlett Mar 03, 2026

Hewlett Packard Enterprise AutoPass License Server Authentication Bypass Vulnerability

A remote authentication bypass vulnerability (CVE-2026-23600) has been discovered in Hewlett Packard Enterprise AutoPass License Server, rated as…

ZDI-26-136 9.8 CVE-2025-71210 Trend Mar 03, 2026

Trend Micro Apex One Console Directory Traversal Remote Code Execution Vulnerability

Trend Micro Apex One contains a critical remote code execution vulnerability (CVE-2025-71210) that requires no authentication to exploit, allowing…

ZDI-26-133 8.8 CVE-2026-26975 Music Mar 03, 2026

Music Assistant _update_library_item External Control of File Path Remote Code Execution Vulnerability

Music Assistant contains a high-severity vulnerability (CVE-2026-26975) that allows network-adjacent attackers to execute arbitrary code on affected…

ZDI-26-147 8.1 CVE-2025-71208 Trend Mar 03, 2026

Trend Micro Apex Central Improper Authentication Privilege Escalation Vulnerability

A privilege escalation vulnerability affects Trend Micro Apex Central that allows authenticated remote attackers to gain elevated permissions on the…

ZDI-CAN-28793 7.5 Upcoming – -137d Microsoft Mar 03, 2026

Microsoft

Microsoft has a high-severity vulnerability (CVSS 7.5) that can be exploited remotely over the network without authentication, though it requires…

ZDI-26-148 8.1 CVE-2025-71209 Trend Mar 03, 2026

Trend Micro Apex Central Improper Authentication Privilege Escalation Vulnerability

Trend Micro Apex Central contains a high-severity privilege escalation vulnerability (CVE-2025-71209, CVSS 8.1) that allows authenticated attackers…

ZDI-26-146 4.4 CVE-2025-71207 Trend Mar 03, 2026

Trend Micro Apex Central Manual Update Server-Side Request Forgery Vulnerability

Trend Micro Apex Central contains an information disclosure vulnerability (CVE-2025-71207) that allows authenticated remote attackers to access…

ZDI-26-145 4.4 CVE-2025-71206 Trend Mar 03, 2026

Trend Micro Apex Central Scheduled Update Server-Side Request Forgery Vulnerability

A medium-severity information disclosure vulnerability exists in Trend Micro Apex Central that allows authenticated remote attackers to access…

ZDI-CAN-29320 7.6 Upcoming – -137d Microsoft Mar 03, 2026

Microsoft

Microsoft, a major software and cloud services provider, has a high-severity vulnerability (CVSS 7.6) that can be exploited remotely without…

ZDI-26-150 7.3 CVE-2026-28400 Docker Mar 03, 2026

Docker Desktop for Mac Docker Model Runner Exposed Dangerous Function Denial-of-Service Vulnerability

Docker Desktop contains a local denial-of-service vulnerability (CVE-2026-28400) that allows low-privileged attackers to crash or disable the…

ZDI-CAN-29119 7.5 Upcoming – -137d GNU Mar 03, 2026

GNU

GNU is the open-source software foundation behind widely-used tools like GCC compiler and core Linux utilities, making this vulnerability potentially…

ZDI-26-135 8.1 CVE-2026-27794 LangChain Mar 03, 2026

LangChain LangGraph BaseCache Deserialization of Untrusted Data Remote Code Execution Vulnerability

LangChain's LangGraph component contains a remote code execution vulnerability (CVE-2026-27794) that allows unauthenticated attackers to execute…

ZDI-26-139 7.8 CVE-2025-71214 Trend Mar 03, 2026

Trend Micro Apex One Security Agent iCore Service Origin Validation Error Local Privilege Escalation Vulnerability

Trend Micro Apex One Security Agent contains a privilege escalation vulnerability (CVE-2025-71214) that allows local attackers with low-privileged…

Prev Page 31 of 43 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy