Skip to main content

ZDI Advisories

1275 advisories

Zero Day Initiative vulnerability advisories – published disclosures and upcoming publications.

ZDI-CAN-28663 7.8 Upcoming – -156d G DATA Feb 12, 2026

G DATA

G DATA is a well-known German cybersecurity and antivirus software company.

ZDI-26-079 7.2 CVE-2026-1602 Ivanti Feb 12, 2026

Ivanti Endpoint Manager ROI SQL Injection Remote Code Execution Vulnerability

Ivanti Endpoint Manager contains a high-severity vulnerability (CVE-2026-1602, CVSS 7.2) that allows authenticated remote attackers to execute…

ZDI-26-081 8.8 CVE-2026-21235 Microsoft Feb 12, 2026

Microsoft Windows win32kfull Use-After-Free Local Privilege Escalation Vulnerability

A local privilege escalation vulnerability in Microsoft Windows (CVE-2026-21235) allows attackers with low-level code execution capabilities to gain…

ZDI-CAN-28463 7.8 Upcoming – -157d NI Feb 11, 2026

NI

National Instruments (NI) has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but no authentication, allowing an…

ZDI-CAN-28746 7.5 Upcoming – -162d DriveLock Feb 06, 2026

DriveLock

DriveLock is a German endpoint security and data protection vendor.

ZDI-CAN-28719 5.3 Upcoming – -162d DriveLock Feb 06, 2026

DriveLock

DriveLock is a German endpoint security and data protection company known for device control and encryption solutions.

ZDI-CAN-28692 7.8 Upcoming – -162d Delta Electronics Feb 06, 2026

Delta Electronics

Delta Electronics, a major manufacturer of power supplies and industrial automation components, has a high-severity vulnerability (CVSS 7.8) that…

ZDI-CAN-28757 7.8 Upcoming – -162d Ashlar-Vellum Feb 06, 2026

Ashlar-Vellum

Ashlar-Vellum is a software company known for CAD and design tools.

ZDI-CAN-28644 7.1 Upcoming – -162d NoMachine Feb 06, 2026

NoMachine

NoMachine, a remote desktop and access software vendor, has a high-severity vulnerability (CVSS 7.1) that requires local access and low-level user…

ZDI-CAN-28630 7.8 Upcoming – -162d NoMachine Feb 06, 2026

NoMachine

NoMachine, a remote desktop and access software provider, has a high-severity vulnerability (CVSS 7.8) that requires local access and low-level user…

ZDI-CAN-28713 6.5 Upcoming – -162d DriveLock Feb 06, 2026

DriveLock

DriveLock is a German endpoint security and data protection vendor.

ZDI-CAN-28752 7.8 Upcoming – -162d Krita Feb 06, 2026

Krita

Krita is a widely-used open-source digital painting and illustration software.

ZDI-CAN-28726 8.8 Upcoming – -162d DriveLock Feb 06, 2026

DriveLock

DriveLock is a German endpoint security and data protection vendor.

ZDI-CAN-28771 7.8 Upcoming – -162d Krita Feb 06, 2026

Krita

Krita is a popular open-source digital painting and illustration software application.

ZDI-26-069 7.8 CVE-2026-0777 Xmind Feb 06, 2026

Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnerability

A remote code execution vulnerability in Xmind (CVE-2026-0777) with a high CVSS score of 7.8 allows attackers to execute arbitrary code if users are…

ZDI-CAN-28906 7.8 Upcoming – -162d Krita Feb 06, 2026

Krita

Krita is a popular open-source digital painting and illustration software application.

ZDI-CAN-28722 7.5 Upcoming – -162d DriveLock Feb 06, 2026

DriveLock

DriveLock is a German endpoint security and data protection software vendor.

ZDI-CAN-28905 7.8 Upcoming – -162d Krita Feb 06, 2026

Krita

Krita is a free, open-source digital painting and illustration software commonly used by artists and designers.

ZDI-26-070 7.2 CVE-2025-61808 Adobe Feb 06, 2026

Adobe ColdFusion CAR File Parsing Directory Traversal Remote Code Execution Vulnerability

Adobe ColdFusion contains a vulnerability (CVE-2025-61808) that allows authenticated attackers to execute arbitrary code on affected systems, rated…

ZDI-CAN-28785 7.8 Upcoming – -162d Krita Feb 06, 2026

Krita

Krita is a popular open-source digital painting and illustration software.

ZDI-CAN-28090 7.8 Upcoming – -163d NVIDIA Feb 05, 2026

NVIDIA

NVIDIA is a major technology company known for graphics processors, AI chips, and data center hardware.

ZDI-26-065 8.8 CVE-2025-65080 Lexmark Feb 05, 2026

Lexmark CX532adwe usecmap Type Confusion Remote Code Execution Vulnerability

A critical unauthenticated remote code execution vulnerability (CVE-2025-65080) has been discovered in Lexmark CX532adwe multifunction printers,…

ZDI-CAN-28092 7.8 Upcoming – -163d verl Feb 05, 2026

verl

This advisory concerns a high-severity vulnerability (CVSS 7.8) in Verl, a lesser-known vendor product.

ZDI-CAN-27466 7.8 Upcoming – -163d verl Feb 05, 2026

verl

A high-severity vulnerability (CVSS 7.8) has been discovered in Verl, affecting the confidentiality, integrity, and availability of systems.

ZDI-CAN-29171 7.8 Upcoming – -163d npm Feb 05, 2026

npm

npm is the JavaScript package manager and repository used by millions of developers worldwide.

ZDI-CAN-27986 7.8 Upcoming – -163d Hugging Face Feb 05, 2026

Hugging Face

Hugging Face is a well-known AI/ML platform that hosts machine learning models and provides collaborative tools for developers.

ZDI-CAN-29187 7.8 Upcoming – -163d npm Feb 05, 2026

npm

npm is the largest package manager for JavaScript and Node.js, used by millions of developers worldwide.

ZDI-CAN-28651 4.3 Upcoming – -163d Microsoft Feb 05, 2026

Microsoft

Microsoft has a medium-severity information disclosure vulnerability (CVSS 4.3) that can be exploited remotely by an unauthenticated attacker through…

ZDI-26-063 8.8 CVE-2025-65077 Lexmark Feb 05, 2026

Lexmark CX532adwe libesffls Directory Traversal Remote Code Execution Vulnerability

A critical vulnerability in Lexmark CX532adwe printers allows unauthenticated attackers on the same network to execute arbitrary code with a CVSS…

ZDI-26-062 7.8 CVE-2025-65078 Lexmark Feb 05, 2026

Lexmark CX532adwe esfhelper Untrusted Search Path Local Privilege Escalation Vulnerability

A high-severity privilege escalation vulnerability (CVE-2025-65078) has been identified in Lexmark CX532adwe printers that allows local attackers…

Prev Page 36 of 43 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy