ZDI Advisories
1275 advisoriesZero Day Initiative vulnerability advisories – published disclosures and upcoming publications.
OpenAI
OpenAI, the artificial intelligence company behind ChatGPT and related AI services, has a high-severity local vulnerability (CVSS 8.6) that requires…
Meta
Meta, the parent company of Facebook, Instagram, and WhatsApp, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but…
Adobe
Adobe, a major software vendor known for creative and productivity applications, has a high-severity local vulnerability (CVSS 7.8) that requires…
Progress Software
Progress Software is a well-known vendor of enterprise integration, workflow automation, and database solutions widely used across organizations…
Docker Desktop MCP Server Cleartext Storage of Sensitive Information Vulnerability
Docker Desktop contains a local information disclosure vulnerability (ZDI-26-123) that allows low-privileged attackers to access sensitive…
Progress Software
Progress Software is a well-known vendor of enterprise application development and management solutions.
n8n
n8n, a popular open-source workflow automation and integration platform, contains a critical remote code execution vulnerability with a CVSS score of…
Hong Kong University Data Intelligence Lab
A critical vulnerability (CVSS 9.3) has been discovered in the Hong Kong University Data Intelligence Lab's products or services, which focuses on…
Hong Kong University Data Intelligence Lab
Hong Kong University Data Intelligence Lab has a high-severity vulnerability (CVSS 7.5) that allows remote attackers to gain unauthorized access to…
n8n
n8n is a workflow automation platform that allows users to connect and automate tasks across multiple applications.
GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability
GIMP contains a remote code execution vulnerability (CVE-2026-2044, CVSS 7.8) that allows attackers to execute arbitrary code when a user opens a…
Bosch Rexroth IndraWorks Print Settings File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability
Bosch Rexroth IndraWorks contains a remote code execution vulnerability (CVE-2025-60037) that allows attackers to execute arbitrary code if a user…
Apple
Apple has a high-severity vulnerability (CVSS 7.8) that requires local access to a user's device but no authentication or user privileges to exploit,…
Flowise
Flowise is an open-source low-code platform for building AI applications and chatbots.
Fortinet FortiClient VPN FCConfig Utility Link Following Local Privilege Escalation Vulnerability
Fortinet FortiClient VPN contains a local privilege escalation vulnerability (CVE-2025-62676) that allows attackers with low-level code execution to…
GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
GIMP contains a remote code execution vulnerability (CVE-2026-2048) rated as HIGH severity with a CVSS score of 7.8 that allows attackers to execute…
GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
GIMP contains a remote code execution vulnerability (CVE-2026-2045) with a CVSS score of 7.8 that allows attackers to execute arbitrary code if a…
RustDesk Client for Windows Transfer File Link Following Information Disclosure Vulnerability
RustDesk Client for Windows contains a local information disclosure vulnerability (CVE-2026-2490) that allows attackers with low-privileged code…
aeon
This vulnerability affects Aeon, a vendor whose specific product details aren't widely established in public databases.
X.Org
X.Org is the open-source organization behind the X Window System, a fundamental display server used across Linux and Unix environments.
pdfforge
pdfforge is a software company known for PDF creation and manipulation tools.
PDF-XChange Editor TrackerUpdate Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
PDF-XChange Editor contains a local privilege escalation vulnerability (CVE-2026-2040) rated as HIGH severity with a CVSS score of 7.3.
MLflow Use of Default Password Authentication Bypass Vulnerability
MLflow contains a critical authentication bypass vulnerability (CVE-2026-2635) with a CVSS score of 9.8 that allows unauthenticated remote attackers…
Bosch Rexroth IndraWorks UA.TestClient XML File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability
Bosch Rexroth IndraWorks contains a remote code execution vulnerability (CVE-2025-60036) that allows attackers to execute arbitrary code if a user…
Dassault Systèmes eDrawings Viewer EPRT File Parsing Uninitialized Variable Remote Code Execution Vulnerability
A remote code execution vulnerability (CVE-2026-1333) exists in Dassault Systèmes eDrawings Viewer that allows attackers to execute arbitrary code if…
GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
A remote code execution vulnerability has been discovered in GIMP (CVE-2026-2047) with a high CVSS score of 7.8, allowing attackers to execute…
aeon
This vulnerability affects aeon, a vendor whose specific product line is not widely documented in major security databases.
Dassault Systèmes eDrawings Viewer EPRT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
A high-severity remote code execution vulnerability (CVE-2026-1335) affects Dassault Systèmes eDrawings Viewer, allowing attackers to execute…
Apple
Apple has a low-severity local vulnerability (CVSS 3.3) that requires user interaction to exploit but poses minimal risk, affecting only…
Bosch Rexroth IndraWorks OPC.TestClient XML File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability
A high-severity remote code execution vulnerability (CVE-2025-60035) has been identified in Bosch Rexroth IndraWorks that allows attackers to execute…