Skip to main content

ZDI Advisories

1275 advisories

Zero Day Initiative vulnerability advisories – published disclosures and upcoming publications.

ZDI-26-064 8.8 CVE-2025-65081 Lexmark Feb 05, 2026

Lexmark CX532adwe execuserobject Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability in Lexmark CX532adwe printers allows unauthenticated network-adjacent attackers to execute arbitrary code with a CVSS score of…

ZDI-26-068 6.7 CVE-2025-14740 Docker Feb 05, 2026

Docker Desktop for Windows Incorrect Permission Assignment Privilege Escalation Vulnerability

Docker Desktop for Windows contains a local privilege escalation vulnerability (CVE-2025-14740) that allows attackers with local access to elevate…

ZDI-26-067 6.7 CVE-2025-14740 Docker Feb 05, 2026

Docker Desktop for Windows Incorrect Permission Assignment Privilege Escalation Vulnerability

Docker Desktop for Windows contains a privilege escalation vulnerability (CVE-2025-14740) that allows local attackers to gain elevated privileges if…

ZDI-CAN-27987 7.8 Upcoming – -163d Hugging Face Feb 05, 2026

Hugging Face

Hugging Face is a well-known AI/machine learning platform that provides pretrained models and collaborative tools for developers.

ZDI-CAN-28677 7.8 Upcoming – -163d NVIDIA Feb 05, 2026

NVIDIA

NVIDIA, a leading manufacturer of graphics processors and AI computing hardware, has a high-severity local vulnerability (CVSS 7.8) that requires…

ZDI-CAN-28889 7.8 Upcoming – -163d Intel Feb 05, 2026

Intel

Intel, a major semiconductor and processor manufacturer, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but no…

ZDI-CAN-28091 7.8 Upcoming – -163d DeepSpeed Feb 05, 2026

DeepSpeed

DeepSpeed is a deep learning optimization library developed by Microsoft for training large-scale AI models.

ZDI-26-066 8.8 CVE-2025-65079 Lexmark Feb 05, 2026

Lexmark CX532adwe getCFFNames Heap-based Buffer Overflow Remote Code Execution Vulnerability

A critical remote code execution vulnerability affects Lexmark CX532adwe printers, allowing network-adjacent attackers to execute arbitrary code…

ZDI-CAN-28192 8.2 Upcoming – -163d MLflow Feb 05, 2026

MLflow

MLflow is an open-source machine learning platform used for experiment tracking and model management.

ZDI-26-060 7.8 CVE-2026-24149 NVIDIA Feb 04, 2026

NVIDIA Megatron-LM load_base_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability

NVIDIA's Megatron-LM contains a remote code execution vulnerability (CVE-2026-24149) with a CVSS score of 7.8 that allows attackers to execute…

ZDI-26-061 7.5 CVE-2025-33201 NVIDIA Feb 04, 2026

NVIDIA Triton Inference Server EVBufferToJson Uncaught Exception Denial-of-Service Vulnerability

NVIDIA Triton Inference Server contains a remote denial-of-service vulnerability (CVE-2025-33201) that can be exploited without authentication to…

ZDI-26-057 8.8 CVE-2025-46298 Apple Feb 03, 2026

Apple Safari JavaScriptCore FTL New Array Materialization Type Confusion Remote Code Execution Vulnerability

Apple Safari contains a remote code execution vulnerability (CVE-2025-46298) that allows attackers to execute arbitrary code on affected systems when…

ZDI-26-059 7.0 CVE-2025-66374 CyberArk Feb 03, 2026

CyberArk Endpoint Privilege Management Improper Privilege Management Local Privilege Escalation Vulnerability

CVE-2025-66374 is a privilege escalation vulnerability in CyberArk Endpoint Privilege Management that allows local attackers with low-privileged…

ZDI-CAN-28816 7.8 Upcoming – -165d Adobe Feb 03, 2026

Adobe

Adobe has released a high-severity vulnerability (CVSS 7.8) affecting one of their products that requires local access and user interaction to…

ZDI-26-058 7.8 CVE-2025-66589 AzeoTech Feb 03, 2026

AzeoTech DAQFactory Pro CTL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

A remote code execution vulnerability (CVE-2025-66589) has been discovered in AzeoTech DAQFactory that allows attackers to execute arbitrary code on…

ZDI-CAN-29162 8.8 Upcoming – -165d Apple Feb 03, 2026

Apple

Apple, a major technology company known for iPhones, Macs, and iOS/macOS operating systems, has a high-severity vulnerability (CVSS 8.8) reported by…

ZDI-26-056 6.5 CVE-2025-43283 Apple Feb 03, 2026

Apple macOS AppleIntelKBLGraphics Out-Of-Bounds Read Information Disclosure Vulnerability

CVE-2025-43283 is a medium-severity information disclosure vulnerability affecting Apple macOS that allows local attackers with low-privileged code…

ZDI-26-055 6.4 CVE-2025-13447 Progress Feb 02, 2026

Progress Software Kemp LoadMaster addapikey Command Injection Remote Code Execution Vulnerability

Progress Software's Kemp LoadMaster contains a code execution vulnerability (CVE-2025-13447) that allows authenticated network-adjacent attackers to…

ZDI-26-052 7.1 CVE-2025-13444 Progress Feb 02, 2026

Progress Software Kemp LoadMaster getcipherset Command Injection Remote Code Execution Vulnerability

Progress Software's Kemp LoadMaster contains a code execution vulnerability (CVE-2025-13444) that allows authenticated network-adjacent attackers to…

ZDI-26-053 6.4 CVE-2025-13447 Progress Feb 02, 2026

Progress Software Kemp LoadMaster listapikeys Command Injection Remote Code Execution Vulnerability

Progress Software's Kemp LoadMaster contains a code execution vulnerability (CVE-2025-13447) that allows authenticated network-adjacent attackers to…

ZDI-26-051 7.1 CVE-2025-13447 Progress Feb 02, 2026

Progress Software Kemp LoadMaster delcert Command Injection Remote Code Execution Vulnerability

Progress Software's Kemp LoadMaster contains a remote code execution vulnerability (CVE-2025-13447) that allows authenticated network-adjacent…

ZDI-26-054 6.8 CVE-2025-13447 Progress Feb 02, 2026

Progress Software Kemp LoadMaster delapikey OS Command Injection Remote Code Execution Vulnerability

Progress Software's Kemp LoadMaster contains a remote code execution vulnerability (CVE-2025-13447) that allows authenticated attackers to execute…

ZDI-CAN-28734 7.7 Upcoming – -169d Medplum Jan 30, 2026

Medplum

Medplum is a healthcare data platform that manages patient records and medical information systems.

ZDI-26-050 7.8 CVE-2026-0797 GIMP Jan 30, 2026

GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

A high-severity remote code execution vulnerability (CVE-2026-0797, CVSS 7.8) has been discovered in GIMP that allows attackers to execute arbitrary…

ZDI-CAN-29041 7.5 Upcoming – -49d ATEN Jan 30, 2026

ATEN

ATEN is a Taiwan-based manufacturer of IT infrastructure and KVM switch products widely used in data centers and enterprise environments.

ZDI-CAN-28733 7.2 Upcoming – -49d Medplum Jan 30, 2026

Medplum

Medplum is a healthcare data platform that manages patient health records and medical information systems.

ZDI-26-049 7.8 CVE-2026-0975 Delta Jan 28, 2026

Delta Electronics DIAView Exposed Dangerous Method Remote Code Execution Vulnerability

Delta Electronics DIAView contains a remote code execution vulnerability (CVE-2026-0975) that allows attackers to execute arbitrary code on affected…

ZDI-26-047 7.8 CVE-2025-29867 Hancom Jan 28, 2026

Hancom Office DOC File Parsing Type Confusion Remote Code Execution Vulnerability

Hancom Office contains a remote code execution vulnerability (CVE-2025-29867) that allows attackers to execute arbitrary code if a user opens a…

ZDI-26-046 9.8 CVE-2026-20026 Cisco Jan 28, 2026

Cisco Snort _bnfa_search_csparse_nfa Use-After-Free Remote Code Execution Vulnerability

Cisco Snort contains a critical remote code execution vulnerability (CVE-2026-20026, CVSS 9.8) that allows unauthenticated attackers to execute…

ZDI-26-048 8.8 CVE-2025-67685 Fortinet Jan 28, 2026

Fortinet FortiSandbox fortisandbox Server-Side Request Forgery Remote Code Execution Vulnerability

Fortinet FortiSandbox contains a high-severity information disclosure vulnerability (CVE-2025-67685, CVSS 8.8) that allows authenticated remote…

Prev Page 37 of 43 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy