Skip to main content

ZDI Advisories

1275 advisories

Zero Day Initiative vulnerability advisories – published disclosures and upcoming publications.

ZDI-26-138 7.8 CVE-2025-71212 Trend Mar 03, 2026

Trend Micro Apex One Virus Scan Engine Link Following Local Privilege Escalation Vulnerability

Trend Micro Apex One Security Agent contains a privilege escalation vulnerability (CVE-2025-71212) that allows attackers with low-level code…

ZDI-26-143 7.8 CVE-2025-71217 Trend Mar 03, 2026

Trend Micro Apex One Security Agent TmSelfProtect Origin Validation Error Local Privilege Escalation Vulnerability

This advisory describes a privilege escalation vulnerability in Trend Micro Apex One Security Agent that allows an attacker with low-privileged code…

ZDI-CAN-29177 7.8 Upcoming – -138d Trend Micro Mar 02, 2026

Trend Micro

Trend Micro is a major cybersecurity vendor that provides antivirus, endpoint protection, and cloud security solutions.

ZDI-CAN-29262 4.7 Upcoming – -138d Trend Micro Mar 02, 2026

Trend Micro

Trend Micro is a well-known cybersecurity software vendor specializing in antivirus, endpoint protection, and threat defense solutions.

ZDI-CAN-29223 3.3 Upcoming – -138d Microsoft Mar 02, 2026

Microsoft

Microsoft has disclosed a low-severity local information disclosure vulnerability (CVSS 3.3) that requires user interaction to exploit but no…

ZDI-CAN-28876 7.8 Upcoming – -138d AzeoTech Mar 02, 2026

AzeoTech

AzeoTech is a software company known for industrial automation and SCADA control systems.

ZDI-CAN-28769 7.8 Upcoming – -138d Microsoft Mar 02, 2026

Microsoft

Microsoft has a high-severity local privilege escalation vulnerability (CVSS 7.8) that requires local access and low-level user privileges to…

ZDI-CAN-28792 7.0 Upcoming – -138d Microsoft Mar 02, 2026

Microsoft

Microsoft has a high-severity vulnerability (CVSS 7.0) that requires local access and low-level user privileges to exploit, with potential to…

ZDI-CAN-28831 7.8 Upcoming – -138d AzeoTech Mar 02, 2026

AzeoTech

AzeoTech is a software company known for industrial automation and SCADA/HMI (human-machine interface) platforms.

ZDI-CAN-29301 8.8 Upcoming – -138d Mozilla Mar 02, 2026

Mozilla

Mozilla, the company behind the Firefox browser and related internet services, has a critical vulnerability (CVSS 8.8) that can be exploited remotely…

ZDI-CAN-29132 7.5 Upcoming – -142d Linux Feb 26, 2026

Linux

Linux kernel vulnerability CVE classified as HIGH severity (CVSS 7.5) requires local access and high-level privileges to exploit, but can result in…

ZDI-CAN-29411 9.8 Upcoming – -142d Flowise Feb 26, 2026

Flowise

Flowise is a popular open-source low-code platform for building AI applications and chatbots.

ZDI-CAN-29412 9.8 Upcoming – -142d Flowise Feb 26, 2026

Flowise

Flowise is an open-source platform for building AI applications and workflows.

ZDI-CAN-28886 7.8 Upcoming – -143d Parallels Feb 25, 2026

Parallels

Parallels, known for virtualization and remote access software, has a high-severity vulnerability (CVSS 7.8) that requires local access and valid…

ZDI-26-124 9.8 CVE-2025-15060 claude-hovercraft Feb 25, 2026

claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vulnerability

Claude-hovercraft contains a critical remote code execution vulnerability (CVE-2025-15060) that allows unauthenticated attackers to execute arbitrary…

ZDI-26-125 6.5 CVE-2026-2664 Docker Feb 25, 2026

Docker Desktop grpcfuse Kernel Module Out-Of-Bounds Read Information Disclosure Vulnerability

CVE-2026-2664 is a medium-severity information disclosure vulnerability in Docker Desktop that allows local attackers with low-privileged code…

ZDI-26-132 7.8 CVE-2026-25656 Siemens Feb 25, 2026

Siemens SINEC NMS Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

A privilege escalation vulnerability exists in Siemens SINEC NMS that allows local attackers with low-level code execution capabilities to elevate…

ZDI-CAN-29220 7.8 Upcoming – -143d Parallels Feb 25, 2026

Parallels

Parallels, known for virtualization and desktop software solutions, has a high-severity vulnerability (CVSS 7.8) that requires local access and…

ZDI-CAN-28568 7.5 Upcoming – -143d AOMEI Feb 25, 2026

AOMEI

AOMEI, known for backup and disk utility software, has a high-severity vulnerability (CVSS 7.5) that allows unauthenticated remote attackers to…

ZDI-26-130 7.5 CVE-2026-2493 IceWarp Feb 25, 2026

IceWarp collaboration Directory Traversal Information Disclosure Vulnerability

IceWarp contains a high-severity information disclosure vulnerability (CVE-2026-2493) that allows unauthenticated remote attackers to access…

ZDI-26-131 7.8 CVE-2026-25655 Siemens Feb 25, 2026

Siemens SINEC NMS Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

A local privilege escalation vulnerability has been discovered in Siemens SINEC NMS (CVE-2026-25655) that allows attackers with low-level code…

ZDI-CAN-28267 7.8 Upcoming – -143d Microsoft Feb 25, 2026

Microsoft

Microsoft has a high-severity local privilege escalation vulnerability (CVSS 7.8) that requires local access and low-level user privileges to…

ZDI-CAN-28885 7.8 Upcoming – -143d Parallels Feb 25, 2026

Parallels

Parallels, a well-known provider of virtualization and desktop management software, has a high-severity vulnerability (CVSS 7.8) that requires local…

ZDI-CAN-27906 8.8 Upcoming – -143d AOMEI Feb 25, 2026

AOMEI

AOMEI is a software vendor known for backup, cloning, and disk management utilities commonly used in enterprise and consumer environments.

ZDI-26-127 5.3 CVE-2026-21633 Ubiquiti Feb 25, 2026

Ubiquiti Networks AI Pro Cleartext Transmission Information Disclosure Vulnerability

Ubiquiti Networks AI Pro contains an information disclosure vulnerability (CVE-2026-21633) that allows nearby network attackers to access sensitive…

ZDI-CAN-29308 8.8 Upcoming – -143d Docker Feb 25, 2026

Docker

Docker, a leading containerization platform, has a high-severity vulnerability (CVSS 8.8) that requires local access and low-level user privileges to…

ZDI-26-129 6.3 CVE-2026-2491 Socomec Feb 25, 2026

Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability

A medium-severity authentication bypass vulnerability (CVE-2026-2491) affects Socomec DIRIS A-40 power monitoring devices, allowing network-adjacent…

ZDI-26-128 6.5 CVE-2026-21634 Ubiquiti Feb 25, 2026

Ubiquiti Networks AI Pro Uncaught Exception Denial-of-Service Vulnerability

A denial-of-service vulnerability affecting Ubiquiti Networks AI Pro allows network-adjacent attackers to crash or disable the device without…

ZDI-26-126 5.4 CVE-2026-21633 Ubiquiti Feb 25, 2026

Ubiquiti Networks AI Pro Discovery Protocol Missing Encryption Protocol Downgrade Vulnerability

Ubiquiti Networks AI Pro contains a medium-severity protocol downgrade vulnerability (CVE-2026-21633) that allows network-adjacent attackers to force…

ZDI-CAN-29410 8.8 Upcoming – -144d Flowise Feb 24, 2026

Flowise

Flowise is an open-source low-code platform for building AI applications, and this vulnerability has a high severity rating of 8.8.

Prev Page 32 of 43 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy