ZDI Advisories
1275 advisoriesZero Day Initiative vulnerability advisories – published disclosures and upcoming publications.
Lexmark CX532adwe execuserobject Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability in Lexmark CX532adwe printers allows unauthenticated network-adjacent attackers to execute arbitrary code with a CVSS score of…
Docker Desktop for Windows Incorrect Permission Assignment Privilege Escalation Vulnerability
Docker Desktop for Windows contains a local privilege escalation vulnerability (CVE-2025-14740) that allows attackers with local access to elevate…
Docker Desktop for Windows Incorrect Permission Assignment Privilege Escalation Vulnerability
Docker Desktop for Windows contains a privilege escalation vulnerability (CVE-2025-14740) that allows local attackers to gain elevated privileges if…
Hugging Face
Hugging Face is a well-known AI/machine learning platform that provides pretrained models and collaborative tools for developers.
NVIDIA
NVIDIA, a leading manufacturer of graphics processors and AI computing hardware, has a high-severity local vulnerability (CVSS 7.8) that requires…
Intel
Intel, a major semiconductor and processor manufacturer, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but no…
DeepSpeed
DeepSpeed is a deep learning optimization library developed by Microsoft for training large-scale AI models.
Lexmark CX532adwe getCFFNames Heap-based Buffer Overflow Remote Code Execution Vulnerability
A critical remote code execution vulnerability affects Lexmark CX532adwe printers, allowing network-adjacent attackers to execute arbitrary code…
MLflow
MLflow is an open-source machine learning platform used for experiment tracking and model management.
NVIDIA Megatron-LM load_base_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability
NVIDIA's Megatron-LM contains a remote code execution vulnerability (CVE-2026-24149) with a CVSS score of 7.8 that allows attackers to execute…
NVIDIA Triton Inference Server EVBufferToJson Uncaught Exception Denial-of-Service Vulnerability
NVIDIA Triton Inference Server contains a remote denial-of-service vulnerability (CVE-2025-33201) that can be exploited without authentication to…
Apple Safari JavaScriptCore FTL New Array Materialization Type Confusion Remote Code Execution Vulnerability
Apple Safari contains a remote code execution vulnerability (CVE-2025-46298) that allows attackers to execute arbitrary code on affected systems when…
CyberArk Endpoint Privilege Management Improper Privilege Management Local Privilege Escalation Vulnerability
CVE-2025-66374 is a privilege escalation vulnerability in CyberArk Endpoint Privilege Management that allows local attackers with low-privileged…
Adobe
Adobe has released a high-severity vulnerability (CVSS 7.8) affecting one of their products that requires local access and user interaction to…
AzeoTech DAQFactory Pro CTL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
A remote code execution vulnerability (CVE-2025-66589) has been discovered in AzeoTech DAQFactory that allows attackers to execute arbitrary code on…
Apple
Apple, a major technology company known for iPhones, Macs, and iOS/macOS operating systems, has a high-severity vulnerability (CVSS 8.8) reported by…
Apple macOS AppleIntelKBLGraphics Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2025-43283 is a medium-severity information disclosure vulnerability affecting Apple macOS that allows local attackers with low-privileged code…
Progress Software Kemp LoadMaster addapikey Command Injection Remote Code Execution Vulnerability
Progress Software's Kemp LoadMaster contains a code execution vulnerability (CVE-2025-13447) that allows authenticated network-adjacent attackers to…
Progress Software Kemp LoadMaster getcipherset Command Injection Remote Code Execution Vulnerability
Progress Software's Kemp LoadMaster contains a code execution vulnerability (CVE-2025-13444) that allows authenticated network-adjacent attackers to…
Progress Software Kemp LoadMaster listapikeys Command Injection Remote Code Execution Vulnerability
Progress Software's Kemp LoadMaster contains a code execution vulnerability (CVE-2025-13447) that allows authenticated network-adjacent attackers to…
Progress Software Kemp LoadMaster delcert Command Injection Remote Code Execution Vulnerability
Progress Software's Kemp LoadMaster contains a remote code execution vulnerability (CVE-2025-13447) that allows authenticated network-adjacent…
Progress Software Kemp LoadMaster delapikey OS Command Injection Remote Code Execution Vulnerability
Progress Software's Kemp LoadMaster contains a remote code execution vulnerability (CVE-2025-13447) that allows authenticated attackers to execute…
Medplum
Medplum is a healthcare data platform that manages patient records and medical information systems.
GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
A high-severity remote code execution vulnerability (CVE-2026-0797, CVSS 7.8) has been discovered in GIMP that allows attackers to execute arbitrary…
ATEN
ATEN is a Taiwan-based manufacturer of IT infrastructure and KVM switch products widely used in data centers and enterprise environments.
Medplum
Medplum is a healthcare data platform that manages patient health records and medical information systems.
Delta Electronics DIAView Exposed Dangerous Method Remote Code Execution Vulnerability
Delta Electronics DIAView contains a remote code execution vulnerability (CVE-2026-0975) that allows attackers to execute arbitrary code on affected…
Hancom Office DOC File Parsing Type Confusion Remote Code Execution Vulnerability
Hancom Office contains a remote code execution vulnerability (CVE-2025-29867) that allows attackers to execute arbitrary code if a user opens a…
Cisco Snort _bnfa_search_csparse_nfa Use-After-Free Remote Code Execution Vulnerability
Cisco Snort contains a critical remote code execution vulnerability (CVE-2026-20026, CVSS 9.8) that allows unauthenticated attackers to execute…
Fortinet FortiSandbox fortisandbox Server-Side Request Forgery Remote Code Execution Vulnerability
Fortinet FortiSandbox contains a high-severity information disclosure vulnerability (CVE-2025-67685, CVSS 8.8) that allows authenticated remote…