ZDI Advisories
1275 advisoriesZero Day Initiative vulnerability advisories – published disclosures and upcoming publications.
Trend Micro Apex One Virus Scan Engine Link Following Local Privilege Escalation Vulnerability
Trend Micro Apex One Security Agent contains a privilege escalation vulnerability (CVE-2025-71212) that allows attackers with low-level code…
Trend Micro Apex One Security Agent TmSelfProtect Origin Validation Error Local Privilege Escalation Vulnerability
This advisory describes a privilege escalation vulnerability in Trend Micro Apex One Security Agent that allows an attacker with low-privileged code…
Trend Micro
Trend Micro is a major cybersecurity vendor that provides antivirus, endpoint protection, and cloud security solutions.
Trend Micro
Trend Micro is a well-known cybersecurity software vendor specializing in antivirus, endpoint protection, and threat defense solutions.
Microsoft
Microsoft has disclosed a low-severity local information disclosure vulnerability (CVSS 3.3) that requires user interaction to exploit but no…
AzeoTech
AzeoTech is a software company known for industrial automation and SCADA control systems.
Microsoft
Microsoft has a high-severity local privilege escalation vulnerability (CVSS 7.8) that requires local access and low-level user privileges to…
Microsoft
Microsoft has a high-severity vulnerability (CVSS 7.0) that requires local access and low-level user privileges to exploit, with potential to…
AzeoTech
AzeoTech is a software company known for industrial automation and SCADA/HMI (human-machine interface) platforms.
Mozilla
Mozilla, the company behind the Firefox browser and related internet services, has a critical vulnerability (CVSS 8.8) that can be exploited remotely…
Linux
Linux kernel vulnerability CVE classified as HIGH severity (CVSS 7.5) requires local access and high-level privileges to exploit, but can result in…
Flowise
Flowise is a popular open-source low-code platform for building AI applications and chatbots.
Flowise
Flowise is an open-source platform for building AI applications and workflows.
Parallels
Parallels, known for virtualization and remote access software, has a high-severity vulnerability (CVSS 7.8) that requires local access and valid…
claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vulnerability
Claude-hovercraft contains a critical remote code execution vulnerability (CVE-2025-15060) that allows unauthenticated attackers to execute arbitrary…
Docker Desktop grpcfuse Kernel Module Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2026-2664 is a medium-severity information disclosure vulnerability in Docker Desktop that allows local attackers with low-privileged code…
Siemens SINEC NMS Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
A privilege escalation vulnerability exists in Siemens SINEC NMS that allows local attackers with low-level code execution capabilities to elevate…
Parallels
Parallels, known for virtualization and desktop software solutions, has a high-severity vulnerability (CVSS 7.8) that requires local access and…
AOMEI
AOMEI, known for backup and disk utility software, has a high-severity vulnerability (CVSS 7.5) that allows unauthenticated remote attackers to…
IceWarp collaboration Directory Traversal Information Disclosure Vulnerability
IceWarp contains a high-severity information disclosure vulnerability (CVE-2026-2493) that allows unauthenticated remote attackers to access…
Siemens SINEC NMS Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
A local privilege escalation vulnerability has been discovered in Siemens SINEC NMS (CVE-2026-25655) that allows attackers with low-level code…
Microsoft
Microsoft has a high-severity local privilege escalation vulnerability (CVSS 7.8) that requires local access and low-level user privileges to…
Parallels
Parallels, a well-known provider of virtualization and desktop management software, has a high-severity vulnerability (CVSS 7.8) that requires local…
AOMEI
AOMEI is a software vendor known for backup, cloning, and disk management utilities commonly used in enterprise and consumer environments.
Ubiquiti Networks AI Pro Cleartext Transmission Information Disclosure Vulnerability
Ubiquiti Networks AI Pro contains an information disclosure vulnerability (CVE-2026-21633) that allows nearby network attackers to access sensitive…
Docker
Docker, a leading containerization platform, has a high-severity vulnerability (CVSS 8.8) that requires local access and low-level user privileges to…
Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability
A medium-severity authentication bypass vulnerability (CVE-2026-2491) affects Socomec DIRIS A-40 power monitoring devices, allowing network-adjacent…
Ubiquiti Networks AI Pro Uncaught Exception Denial-of-Service Vulnerability
A denial-of-service vulnerability affecting Ubiquiti Networks AI Pro allows network-adjacent attackers to crash or disable the device without…
Ubiquiti Networks AI Pro Discovery Protocol Missing Encryption Protocol Downgrade Vulnerability
Ubiquiti Networks AI Pro contains a medium-severity protocol downgrade vulnerability (CVE-2026-21633) that allows network-adjacent attackers to force…
Flowise
Flowise is an open-source low-code platform for building AI applications, and this vulnerability has a high severity rating of 8.8.