ZDI Advisories
1275 advisoriesZero Day Initiative vulnerability advisories – published disclosures and upcoming publications.
DeepSpeed
DeepSpeed is an AI/machine learning optimization library developed by Microsoft that accelerates training of large language models.
Heimdall Data
Heimdall Data is a database security and encryption company. This high-severity vulnerability (CVSS 7.2) can be exploited remotely by an…
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-13845 is a high-severity remote code execution vulnerability in Schneider Electric EcoStruxure Power Build that requires user interaction,…
Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability
A high-severity remote code execution vulnerability exists in Nagios Host that allows authenticated attackers to execute arbitrary code on affected…
Nagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution Vulnerability
A high-severity remote code execution vulnerability (CVE-2026-2043) has been identified in Nagios Host that allows authenticated attackers to execute…
Nagios Host zabbixagent_configwizard_func Command Injection Remote Code Execution Vulnerability
A high-severity remote code execution vulnerability exists in Nagios Host (CVE-2026-2041) that allows authenticated attackers to execute arbitrary…
GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution Vulnerability
GFI Archiver contains a critical remote code execution vulnerability (CVE-2026-2036) with a CVSS score of 8.8 that allows attackers to execute…
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
Schneider Electric EcoStruxure Power Build contains a remote code execution vulnerability (CVE-2025-13845) that allows attackers to execute arbitrary…
Schneider Electric EcoStruxure Power Build SSD File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2025-13845 is a high-severity remote code execution vulnerability in Schneider Electric EcoStruxure Power Build that allows attackers to execute…
Linux
Linux has a high-severity vulnerability (CVSS 8.2) that requires local access and elevated privileges to exploit, but causes severe impact across…
Apple
This vulnerability affects Apple, a major technology company known for consumer devices and operating systems.
Databricks
Databricks, a major cloud data analytics and AI platform company, has a high-severity local vulnerability (CVSS 7.8) that requires no authentication…
GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability
GFI Archiver contains an authentication bypass vulnerability (CVE-2026-2038) that allows remote attackers to gain unauthorized access without…
GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability
GFI Archiver contains an authentication bypass vulnerability (CVE-2026-2039) that allows remote attackers to gain unauthorized access without valid…
GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution Vulnerability
GFI Archiver contains a critical remote code execution vulnerability (CVE-2026-2037) with a CVSS score of 8.8 that allows attackers to execute…
Cisco
Cisco, a major networking and cybersecurity equipment manufacturer, has a high-severity vulnerability (CVSS 7.8) that requires local access and…
Cisco
Cisco is a major networking and cybersecurity equipment manufacturer.
Cisco
Cisco, a major networking and cybersecurity company, has a high-severity vulnerability (CVSS 7.5) that can be exploited remotely over the network…
Gen Digital
Gen Digital, known for Norton antivirus and LifeLock identity protection services, has a high-severity local privilege escalation vulnerability (CVSS…
Cisco
Cisco, a major networking and cybersecurity equipment manufacturer, has a local privilege escalation vulnerability (CVE pending) with a high CVSS…
Microsoft Windows searchConnector-ms NTLM Response Information Disclosure Vulnerability
This vulnerability in Microsoft Windows allows attackers to capture and disclose NTLM authentication responses, a critical component used for network…
Cisco
Cisco is a major networking and cybersecurity equipment vendor, and this advisory covers a high-severity vulnerability in one of their products.
Cisco
Cisco, a major networking and cybersecurity equipment manufacturer, has a high-severity vulnerability (CVSS 7.2) that can be exploited remotely by…
Cisco
Cisco, a major networking and cybersecurity equipment manufacturer, has a high-severity local privilege escalation vulnerability (CVSS 7.8) that…
pdfforge
PDFforge is a software company known for PDF creation and manipulation tools.
Deciso OPNsense diag_backup.php filename Command Injection Remote Code Execution Vulnerability
Deciso OPNsense contains a code execution vulnerability (CVE-2026-2035) that allows authenticated network-adjacent attackers to execute arbitrary…
Ivanti Endpoint Manager AuthHelper Authentication Bypass Vulnerability
Ivanti Endpoint Manager contains an authentication bypass vulnerability (CVE-2026-1603) that allows remote attackers to gain unauthorized access…
Microsoft Exchange InterceptorSmtpAgent Reliance on Untrusted Inputs Security Feature Bypass Vulnerability
A medium-severity vulnerability in Microsoft Exchange (CVE-2026-21527) allows unauthenticated remote attackers to bypass a security feature without…
Cisco
Cisco is a major networking and cybersecurity company whose products are widely deployed in enterprise environments.
Cisco
Cisco is a major networking and cybersecurity company whose products are widely deployed in enterprise environments.