Skip to main content

ZDI Advisories

1275 advisories

Zero Day Initiative vulnerability advisories – published disclosures and upcoming publications.

ZDI-CAN-29475 8.6 Upcoming – -144d OpenAI Feb 24, 2026

OpenAI

OpenAI, the artificial intelligence company behind ChatGPT and related AI services, has a high-severity local vulnerability (CVSS 8.6) that requires…

ZDI-CAN-29081 7.8 Upcoming – -144d Meta Feb 24, 2026

Meta

Meta, the parent company of Facebook, Instagram, and WhatsApp, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but…

ZDI-CAN-29178 7.8 Upcoming – -144d Adobe Feb 24, 2026

Adobe

Adobe, a major software vendor known for creative and productivity applications, has a high-severity local vulnerability (CVSS 7.8) that requires…

ZDI-CAN-29222 8.8 Upcoming – -145d Progress Software Feb 23, 2026

Progress Software

Progress Software is a well-known vendor of enterprise integration, workflow automation, and database solutions widely used across organizations…

ZDI-26-123 5.5 Docker Feb 23, 2026

Docker Desktop MCP Server Cleartext Storage of Sensitive Information Vulnerability

Docker Desktop contains a local information disclosure vulnerability (ZDI-26-123) that allows low-privileged attackers to access sensitive…

ZDI-CAN-29249 8.8 Upcoming – -145d Progress Software Feb 23, 2026

Progress Software

Progress Software is a well-known vendor of enterprise application development and management solutions.

ZDI-CAN-29225 9.8 Upcoming – -148d n8n Feb 20, 2026

n8n

n8n, a popular open-source workflow automation and integration platform, contains a critical remote code execution vulnerability with a CVSS score of…

ZDI-CAN-29369 9.3 Upcoming – -148d Hong Kong University Data Intelligence Lab Feb 20, 2026

Hong Kong University Data Intelligence Lab

A critical vulnerability (CVSS 9.3) has been discovered in the Hong Kong University Data Intelligence Lab's products or services, which focuses on…

ZDI-CAN-29368 7.5 Upcoming – -148d Hong Kong University Data Intelligence Lab Feb 20, 2026

Hong Kong University Data Intelligence Lab

Hong Kong University Data Intelligence Lab has a high-severity vulnerability (CVSS 7.5) that allows remote attackers to gain unauthorized access to…

ZDI-CAN-29226 8.1 Upcoming – -148d n8n Feb 20, 2026

n8n

n8n is a workflow automation platform that allows users to connect and automate tasks across multiple applications.

ZDI-26-118 7.8 CVE-2026-2044 GIMP Feb 19, 2026

GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability

GIMP contains a remote code execution vulnerability (CVE-2026-2044, CVSS 7.8) that allows attackers to execute arbitrary code when a user opens a…

ZDI-26-110 7.8 CVE-2025-60037 Bosch Feb 19, 2026

Bosch Rexroth IndraWorks Print Settings File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability

Bosch Rexroth IndraWorks contains a remote code execution vulnerability (CVE-2025-60037) that allows attackers to execute arbitrary code if a user…

ZDI-CAN-29252 7.8 Upcoming – -149d Apple Feb 19, 2026

Apple

Apple has a high-severity vulnerability (CVSS 7.8) that requires local access to a user's device but no authentication or user privileges to exploit,…

ZDI-CAN-28762 8.1 Upcoming – -149d Flowise Feb 19, 2026

Flowise

Flowise is an open-source low-code platform for building AI applications and chatbots.

ZDI-26-115 7.8 CVE-2025-62676 Fortinet Feb 19, 2026

Fortinet FortiClient VPN FCConfig Utility Link Following Local Privilege Escalation Vulnerability

Fortinet FortiClient VPN contains a local privilege escalation vulnerability (CVE-2025-62676) that allows attackers with low-level code execution to…

ZDI-26-121 7.8 CVE-2026-2048 GIMP Feb 19, 2026

GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

GIMP contains a remote code execution vulnerability (CVE-2026-2048) rated as HIGH severity with a CVSS score of 7.8 that allows attackers to execute…

ZDI-26-119 7.8 CVE-2026-2045 GIMP Feb 19, 2026

GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

GIMP contains a remote code execution vulnerability (CVE-2026-2045) with a CVSS score of 7.8 that allows attackers to execute arbitrary code if a…

ZDI-26-117 5.5 CVE-2026-2490 RustDesk Feb 19, 2026

RustDesk Client for Windows Transfer File Link Following Information Disclosure Vulnerability

RustDesk Client for Windows contains a local information disclosure vulnerability (CVE-2026-2490) that allows attackers with low-privileged code…

ZDI-CAN-29159 7.8 Upcoming – -149d aeon Feb 19, 2026

aeon

This vulnerability affects Aeon, a vendor whose specific product details aren't widely established in public databases.

ZDI-CAN-28736 7.8 Upcoming – -149d X.Org Feb 19, 2026

X.Org

X.Org is the open-source organization behind the X Window System, a fundamental display server used across Linux and Unix environments.

ZDI-CAN-29219 7.8 Upcoming – -149d pdfforge Feb 19, 2026

pdfforge

pdfforge is a software company known for PDF creation and manipulation tools.

ZDI-26-122 7.3 CVE-2026-2040 PDF-XChange Feb 19, 2026

PDF-XChange Editor TrackerUpdate Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

PDF-XChange Editor contains a local privilege escalation vulnerability (CVE-2026-2040) rated as HIGH severity with a CVSS score of 7.3.

ZDI-26-111 9.8 CVE-2026-2635 MLflow Feb 19, 2026

MLflow Use of Default Password Authentication Bypass Vulnerability

MLflow contains a critical authentication bypass vulnerability (CVE-2026-2635) with a CVSS score of 9.8 that allows unauthenticated remote attackers…

ZDI-26-108 7.8 CVE-2025-60036 Bosch Feb 19, 2026

Bosch Rexroth IndraWorks UA.TestClient XML File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability

Bosch Rexroth IndraWorks contains a remote code execution vulnerability (CVE-2025-60036) that allows attackers to execute arbitrary code if a user…

ZDI-26-112 7.8 CVE-2026-1333 Dassault Feb 19, 2026

Dassault Systèmes eDrawings Viewer EPRT File Parsing Uninitialized Variable Remote Code Execution Vulnerability

A remote code execution vulnerability (CVE-2026-1333) exists in Dassault Systèmes eDrawings Viewer that allows attackers to execute arbitrary code if…

ZDI-26-120 7.8 CVE-2026-2047 GIMP Feb 19, 2026

GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

A remote code execution vulnerability has been discovered in GIMP (CVE-2026-2047) with a high CVSS score of 7.8, allowing attackers to execute…

ZDI-CAN-29160 7.8 Upcoming – -149d aeon Feb 19, 2026

aeon

This vulnerability affects aeon, a vendor whose specific product line is not widely documented in major security databases.

ZDI-26-114 7.8 CVE-2026-1335 Dassault Feb 19, 2026

Dassault Systèmes eDrawings Viewer EPRT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

A high-severity remote code execution vulnerability (CVE-2026-1335) affects Dassault Systèmes eDrawings Viewer, allowing attackers to execute…

ZDI-CAN-29240 3.3 Upcoming – -149d Apple Feb 19, 2026

Apple

Apple has a low-severity local vulnerability (CVSS 3.3) that requires user interaction to exploit but poses minimal risk, affecting only…

ZDI-26-109 7.8 CVE-2025-60035 Bosch Feb 19, 2026

Bosch Rexroth IndraWorks OPC.TestClient XML File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability

A high-severity remote code execution vulnerability (CVE-2025-60035) has been identified in Bosch Rexroth IndraWorks that allows attackers to execute…

Prev Page 33 of 43 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy