ZDI Advisories
1275 advisoriesZero Day Initiative vulnerability advisories – published disclosures and upcoming publications.
Apple
Apple has a high-severity vulnerability (CVSS 7.5) that can be exploited remotely without authentication, though it requires user interaction and…
Microsoft
Microsoft has a high-severity vulnerability (CVSS 7.8) that requires local access and user interaction to exploit, but delivers complete system…
Apple
Apple has a local vulnerability (CVE pending) with low severity that requires user interaction to exploit but could lead to minor information…
Meta
Meta, the social media and technology conglomerate, has a high-severity vulnerability (CVSS 7.8) that requires local access and user interaction but…
Meta
Meta, the social media and technology conglomerate behind Facebook, Instagram, and other platforms, has a high-severity local vulnerability (CVSS…
Meta
Meta, the parent company of Facebook, Instagram, and WhatsApp, has a high-severity vulnerability (CVSS 7.8) that requires local access and user…
Meta
Meta, the parent company of Facebook, Instagram, and WhatsApp, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but…
Meta
Meta, the social media and technology conglomerate behind Facebook, Instagram, and WhatsApp, has a high-severity local vulnerability (CVSS 7.8) that…
Meta
Meta, the social media and technology conglomerate, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction to exploit but…
ASUS
ASUS, a major manufacturer of consumer and enterprise computing hardware and components, has a high-severity local privilege escalation vulnerability…
Meta
Meta, a major social media and technology company, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but no…
Trend Micro Apex One Security Agent Cache Mechanism Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
Trend Micro Apex One Security Agent contains a privilege escalation vulnerability (CVE-2025-71216) that allows local attackers with low-privileged…
Trend Micro Apex One Security Agent iCore Service Signature Verification Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
A privilege escalation vulnerability exists in Trend Micro Apex One Security Agent that allows local attackers with low-privileged code execution to…
Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability
A privilege escalation vulnerability (CVE-2025-71213) in Trend Micro Apex One Security Agent allows attackers with low-level code execution on a…
Trend Micro Apex Central Hub Server Server-Side Request Forgery Vulnerability
Trend Micro Apex Central contains an information disclosure vulnerability (CVE-2025-71205) that allows authenticated remote attackers to access…
Trend Micro Cleaner One Pro Link Following Denial-of-Service Vulnerability
Trend Micro Cleaner One Pro contains a local denial-of-service vulnerability (CVE-2025-71218) that allows low-privileged attackers to crash or…
Trend Micro Apex One Console Directory Traversal Remote Code Execution Vulnerability
Trend Micro Apex One contains a critical remote code execution vulnerability (CVE-2025-71211) that allows unauthenticated attackers to execute…
Hewlett Packard Enterprise AutoPass License Server Authentication Bypass Vulnerability
A remote authentication bypass vulnerability (CVE-2026-23600) has been discovered in Hewlett Packard Enterprise AutoPass License Server, rated as…
Trend Micro Apex One Console Directory Traversal Remote Code Execution Vulnerability
Trend Micro Apex One contains a critical remote code execution vulnerability (CVE-2025-71210) that requires no authentication to exploit, allowing…
Music Assistant _update_library_item External Control of File Path Remote Code Execution Vulnerability
Music Assistant contains a high-severity vulnerability (CVE-2026-26975) that allows network-adjacent attackers to execute arbitrary code on affected…
Trend Micro Apex Central Improper Authentication Privilege Escalation Vulnerability
A privilege escalation vulnerability affects Trend Micro Apex Central that allows authenticated remote attackers to gain elevated permissions on the…
Microsoft
Microsoft has a high-severity vulnerability (CVSS 7.5) that can be exploited remotely over the network without authentication, though it requires…
Trend Micro Apex Central Improper Authentication Privilege Escalation Vulnerability
Trend Micro Apex Central contains a high-severity privilege escalation vulnerability (CVE-2025-71209, CVSS 8.1) that allows authenticated attackers…
Trend Micro Apex Central Manual Update Server-Side Request Forgery Vulnerability
Trend Micro Apex Central contains an information disclosure vulnerability (CVE-2025-71207) that allows authenticated remote attackers to access…
Trend Micro Apex Central Scheduled Update Server-Side Request Forgery Vulnerability
A medium-severity information disclosure vulnerability exists in Trend Micro Apex Central that allows authenticated remote attackers to access…
Microsoft
Microsoft, a major software and cloud services provider, has a high-severity vulnerability (CVSS 7.6) that can be exploited remotely without…
Docker Desktop for Mac Docker Model Runner Exposed Dangerous Function Denial-of-Service Vulnerability
Docker Desktop contains a local denial-of-service vulnerability (CVE-2026-28400) that allows low-privileged attackers to crash or disable the…
GNU
GNU is the open-source software foundation behind widely-used tools like GCC compiler and core Linux utilities, making this vulnerability potentially…
LangChain LangGraph BaseCache Deserialization of Untrusted Data Remote Code Execution Vulnerability
LangChain's LangGraph component contains a remote code execution vulnerability (CVE-2026-27794) that allows unauthenticated attackers to execute…
Trend Micro Apex One Security Agent iCore Service Origin Validation Error Local Privilege Escalation Vulnerability
Trend Micro Apex One Security Agent contains a privilege escalation vulnerability (CVE-2025-71214) that allows local attackers with low-privileged…