Skip to main content

ZDI Advisories

1275 advisories

Zero Day Initiative vulnerability advisories – published disclosures and upcoming publications.

ZDI-26-113 7.8 CVE-2026-1334 Dassault Feb 19, 2026

Dassault Systèmes eDrawings Viewer EPRT File Parsing Memory Corruption Remote Code Execution Vulnerability

A high-severity remote code execution vulnerability (CVE-2026-1334) has been identified in Dassault Systèmes eDrawings Viewer that allows attackers…

ZDI-26-116 7.0 CVE-2026-2492 TensorFlow Feb 19, 2026

TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

CVE-2026-2492 is a high-severity privilege escalation vulnerability in TensorFlow that allows local attackers with low-privileged code execution to…

ZDI-26-107 7.8 CVE-2026-0875 Autodesk Feb 18, 2026

Autodesk AutoCAD MODEL File Out-Of-Bounds Write Remote Code Execution Vulnerability

Autodesk AutoCAD contains a remote code execution vulnerability (CVE-2026-0875) rated CVSS 7.8 that allows attackers to execute arbitrary code if…

ZDI-26-106 7.8 CVE-2026-0874 Autodesk Feb 18, 2026

Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

A high-severity remote code execution vulnerability (CVE-2026-0874) exists in Autodesk AutoCAD that allows attackers to execute arbitrary code when…

ZDI-CAN-28737 6.1 Upcoming – -151d X.Org Feb 17, 2026

X.Org

X.Org is the widely-used open-source display server software that manages graphics and input on Linux and Unix systems.

ZDI-CAN-28706 7.8 Upcoming – -151d X.Org Feb 17, 2026

X.Org

X.Org is the open-source implementation of the X Window System, the foundational display server for Linux and Unix graphical interfaces.

ZDI-CAN-28749 7.8 Upcoming – -151d aeon Feb 17, 2026

aeon

This vulnerability affects Aeon, a vendor in the industrial automation and IoT device space.

ZDI-CAN-28679 6.1 Upcoming – -151d X.Org Feb 17, 2026

X.Org

X.Org is the widely-used open-source display server that manages graphical output on Linux and Unix systems.

ZDI-26-097 7.5 CVE-2026-21983 Oracle Feb 13, 2026

Oracle VirtualBox VMSVGA Heap-based Buffer Overflow Local Privilege Escalation Vulnerability

A privilege escalation vulnerability has been discovered in Oracle VirtualBox (CVE-2026-21983) that allows local attackers with high-privileged code…

ZDI-26-104 7.8 CVE-2026-2034 Sante Feb 13, 2026

Sante DICOM Viewer Pro DCM File Parsing Buffer Overflow Remote Code Execution Vulnerability

A remote code execution vulnerability (CVE-2026-2034) has been identified in Sante DICOM Viewer Pro, rated as HIGH severity with a CVSS score of 7.8.

ZDI-26-105 8.1 CVE-2026-2033 MLflow Feb 13, 2026

MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability

MLflow Tracking Server contains a remote code execution vulnerability (CVE-2026-2033) that allows unauthenticated attackers to execute arbitrary code…

ZDI-26-103 8.2 CVE-2026-21956 Oracle Feb 13, 2026

Oracle VirtualBox VMSVGA Out-Of-Bounds Access Local Privilege Escalation Vulnerability

A privilege escalation vulnerability exists in Oracle VirtualBox (CVE-2026-21956) that allows attackers with high-privileged code execution on a…

ZDI-26-101 6.0 CVE-2026-21963 Oracle Feb 13, 2026

Oracle VirtualBox BusLogic Uninitialized Memory Information Disclosure Vulnerability

Oracle VirtualBox contains a local information disclosure vulnerability (CVE-2026-21963) that allows attackers with high-privilege code execution on…

ZDI-26-098 8.2 CVE-2026-21955 Oracle Feb 13, 2026

Oracle VirtualBox VMSVGA Use-After-Free Local Privilege Escalation Vulnerability

CVE-2026-21955 is a privilege escalation vulnerability affecting Oracle VirtualBox that allows local attackers with high-privilege code execution on…

ZDI-26-096 7.8 CVE-2026-1283 Dassault Feb 13, 2026

Dassault Systèmes eDrawings Viewer EPRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

A high-severity remote code execution vulnerability (CVE-2026-1283) has been discovered in Dassault Systèmes eDrawings Viewer that allows attackers…

ZDI-26-095 7.8 CVE-2026-1284 Dassault Feb 13, 2026

Dassault Systèmes eDrawings Viewer EPRT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

A high-severity remote code execution vulnerability (CVE-2026-1284) has been discovered in Dassault Systèmes eDrawings Viewer that allows attackers…

ZDI-26-102 7.5 CVE-2026-21957 Oracle Feb 13, 2026

Oracle VirtualBox VMSVGA Out-Of-Bounds Write Local Privilege Escalation Vulnerability

CVE-2026-21957 is a privilege escalation vulnerability in Oracle VirtualBox that allows local attackers with high-privileged code execution on a…

ZDI-26-100 6.0 CVE-2026-21985 Oracle Feb 13, 2026

Oracle VirtualBox LsiLogic Uninitialized Memory Information Disclosure Vulnerability

Oracle VirtualBox contains a local information disclosure vulnerability (CVE-2026-21985) that allows privileged attackers to access sensitive data on…

ZDI-26-099 7.5 CVE-2026-21984 Oracle Feb 13, 2026

Oracle VirtualBox VMSVGA Race Condition Local Privilege Escalation Vulnerability

Oracle VirtualBox contains a privilege escalation vulnerability (CVE-2026-21984) that allows local attackers with high-privileged code execution on a…

ZDI-CAN-29203 7.8 Upcoming – -156d Cisco Feb 12, 2026

Cisco

Cisco is a major networking and cybersecurity vendor whose products are widely deployed in enterprise environments.

ZDI-CAN-29209 7.8 Upcoming – -156d Cisco Feb 12, 2026

Cisco

Cisco is a major networking and cybersecurity equipment manufacturer, and this vulnerability affects one of their products with a high CVSS score of…

ZDI-26-086 7.8 CVE-2025-13845 Schneider Feb 12, 2026

Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

Schneider Electric's EcoStruxure Power Build contains a remote code execution vulnerability (CVE-2025-13845) that allows attackers to execute…

ZDI-26-094 7.8 CVE-2025-13845 Schneider Feb 12, 2026

Schneider Electric EcoStruxure Power Build SSD File Parsing Use-After-Free Remote Code Execution Vulnerability

CVE-2025-13845 is a remote code execution vulnerability affecting Schneider Electric EcoStruxure Power Build that allows attackers to execute…

ZDI-26-092 7.8 CVE-2025-13845 Schneider Feb 12, 2026

Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

A remote code execution vulnerability (CVE-2025-13845) has been discovered in Schneider Electric EcoStruxure Power Build with a CVSS score of 7.8,…

ZDI-26-088 7.8 CVE-2025-13845 Schneider Feb 12, 2026

Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

A high-severity remote code execution vulnerability (CVE-2025-13845) has been discovered in Schneider Electric EcoStruxure Power Build that allows…

ZDI-CAN-28665 7.8 Upcoming – -156d G DATA Feb 12, 2026

G DATA

G DATA is a well-known German antivirus and cybersecurity software company.

ZDI-26-084 7.8 CVE-2025-13845 Schneider Feb 12, 2026

Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

Schneider Electric EcoStruxure Power Build contains a remote code execution vulnerability (CVE-2025-13845) that allows attackers to execute arbitrary…

ZDI-26-087 7.8 CVE-2025-13845 Schneider Feb 12, 2026

Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

A high-severity remote code execution vulnerability (CVE-2025-13845) affects Schneider Electric EcoStruxure Power Build, allowing attackers to…

ZDI-26-091 7.8 CVE-2025-13845 Schneider Feb 12, 2026

Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

CVE-2025-13845 is a high-severity remote code execution vulnerability in Schneider Electric EcoStruxure Power Build that allows attackers to execute…

ZDI-26-089 7.8 CVE-2025-13845 Schneider Feb 12, 2026

Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

Schneider Electric EcoStruxure Power Build contains a remote code execution vulnerability (CVE-2025-13845) that allows attackers to execute arbitrary…

Prev Page 34 of 43 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy