ZDI Advisories
1275 advisoriesZero Day Initiative vulnerability advisories – published disclosures and upcoming publications.
G DATA
G DATA is a well-known German cybersecurity and antivirus software company.
Ivanti Endpoint Manager ROI SQL Injection Remote Code Execution Vulnerability
Ivanti Endpoint Manager contains a high-severity vulnerability (CVE-2026-1602, CVSS 7.2) that allows authenticated remote attackers to execute…
Microsoft Windows win32kfull Use-After-Free Local Privilege Escalation Vulnerability
A local privilege escalation vulnerability in Microsoft Windows (CVE-2026-21235) allows attackers with low-level code execution capabilities to gain…
NI
National Instruments (NI) has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but no authentication, allowing an…
DriveLock
DriveLock is a German endpoint security and data protection vendor.
DriveLock
DriveLock is a German endpoint security and data protection company known for device control and encryption solutions.
Delta Electronics
Delta Electronics, a major manufacturer of power supplies and industrial automation components, has a high-severity vulnerability (CVSS 7.8) that…
Ashlar-Vellum
Ashlar-Vellum is a software company known for CAD and design tools.
NoMachine
NoMachine, a remote desktop and access software vendor, has a high-severity vulnerability (CVSS 7.1) that requires local access and low-level user…
NoMachine
NoMachine, a remote desktop and access software provider, has a high-severity vulnerability (CVSS 7.8) that requires local access and low-level user…
DriveLock
DriveLock is a German endpoint security and data protection vendor.
Krita
Krita is a widely-used open-source digital painting and illustration software.
DriveLock
DriveLock is a German endpoint security and data protection vendor.
Krita
Krita is a popular open-source digital painting and illustration software application.
Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnerability
A remote code execution vulnerability in Xmind (CVE-2026-0777) with a high CVSS score of 7.8 allows attackers to execute arbitrary code if users are…
Krita
Krita is a popular open-source digital painting and illustration software application.
DriveLock
DriveLock is a German endpoint security and data protection software vendor.
Krita
Krita is a free, open-source digital painting and illustration software commonly used by artists and designers.
Adobe ColdFusion CAR File Parsing Directory Traversal Remote Code Execution Vulnerability
Adobe ColdFusion contains a vulnerability (CVE-2025-61808) that allows authenticated attackers to execute arbitrary code on affected systems, rated…
Krita
Krita is a popular open-source digital painting and illustration software.
NVIDIA
NVIDIA is a major technology company known for graphics processors, AI chips, and data center hardware.
Lexmark CX532adwe usecmap Type Confusion Remote Code Execution Vulnerability
A critical unauthenticated remote code execution vulnerability (CVE-2025-65080) has been discovered in Lexmark CX532adwe multifunction printers,…
verl
This advisory concerns a high-severity vulnerability (CVSS 7.8) in Verl, a lesser-known vendor product.
verl
A high-severity vulnerability (CVSS 7.8) has been discovered in Verl, affecting the confidentiality, integrity, and availability of systems.
npm
npm is the JavaScript package manager and repository used by millions of developers worldwide.
Hugging Face
Hugging Face is a well-known AI/ML platform that hosts machine learning models and provides collaborative tools for developers.
npm
npm is the largest package manager for JavaScript and Node.js, used by millions of developers worldwide.
Microsoft
Microsoft has a medium-severity information disclosure vulnerability (CVSS 4.3) that can be exploited remotely by an unauthenticated attacker through…
Lexmark CX532adwe libesffls Directory Traversal Remote Code Execution Vulnerability
A critical vulnerability in Lexmark CX532adwe printers allows unauthenticated attackers on the same network to execute arbitrary code with a CVSS…
Lexmark CX532adwe esfhelper Untrusted Search Path Local Privilege Escalation Vulnerability
A high-severity privilege escalation vulnerability (CVE-2025-65078) has been identified in Lexmark CX532adwe printers that allows local attackers…