ZDI Advisories
706 advisoriesZero Day Initiative vulnerability advisories – published disclosures and upcoming publications.
NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
MLflow
MLflow is an open-source machine learning platform used for experiment tracking, model management, and deployment.
QNAP TS-453E write_file_to_svr External Control of File Path Remote Code Execution Vulnerability
QNAP TS-453E devices contain a code execution vulnerability (CVE-2025-62842) that can be exploited by network-adjacent attackers who can bypass the…
QNAP QHora-322 miro_webserver_controllers_api_login_singIn Authentication Bypass Vulnerability
QNAP QHora-322 routers contain an authentication bypass vulnerability (CVE-2024-13088) that allows network-adjacent attackers to gain unauthorized…
Linux
A high-severity vulnerability (CVSS 7.5) has been discovered in Linux that requires local access and high-level privileges to exploit, but can result…
Foxit
Foxit is a well-known software company that develops PDF readers and document management solutions widely used in enterprise environments.
Digilent DASYLab DSB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Digilent DASYLab contains a remote code execution vulnerability (CVE-2026-0954) that allows attackers to execute arbitrary code on affected systems…
OpenClaw Canvas Authentication Bypass Vulnerability
OpenClaw contains a critical authentication bypass vulnerability (CVE-2026-3690) that allows unauthenticated remote attackers to gain unauthorized…
Foxit
Foxit is a well-known software company specializing in PDF readers and document management solutions.
OpenClaw Canvas Path Traversal Information Disclosure Vulnerability
OpenClaw contains a medium-severity information disclosure vulnerability (CVE-2026-3689, CVSS 6.5) that allows authenticated remote attackers to…
OpenPrinting
OpenPrinting is a widely-used open-source printing system commonly integrated into Linux distributions and enterprise print servers.
oFono
oFono is an open-source telephony framework for Linux that manages mobile broadband and voice communication.
Adobe
Adobe, a major software company known for creative and productivity applications, has a high-severity local vulnerability (CVSS 7.8) that requires…
aws-mcp-server Command Injection Remote Code Execution Vulnerability
Linux
Linux is the open-source operating system kernel used across servers, desktops, and embedded systems worldwide.
Apple macOS CoreMedia Framework Out-Of-Bounds Write Remote Code Execution Vulnerability
Apple macOS contains a remote code execution vulnerability (CVE-2026-20690) with a CVSS score of 8.8 that allows attackers to execute arbitrary code…
Digilent DASYLab DSA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
Digilent DASYLab contains a remote code execution vulnerability (CVE-2026-0956) that allows attackers to execute arbitrary code on affected systems…
LiteLLM
LiteLLM is an open-source library that provides a unified interface for large language model APIs.
MLflow
MLflow is an open-source machine learning platform used for managing ML experiments, models, and deployments.
QNAP QHora-322 login.newAuthMiddleware.Authenticator Authentication Bypass Vulnerability
QNAP QHora-322 routers contain an authentication bypass vulnerability (CVE-2025-62844) that allows remote attackers to access the device without…
NoMachine External Control of File Path Arbitrary File Deletion Vulnerability
aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability
Foxit
Foxit is a widely-used PDF software company, and this high-severity vulnerability (CVSS 7.8) requires local access and user interaction but requires…
NoMachine External Control of File Path Local Privilege Escalation Vulnerability
OpenClaw Client PKCE Verifier Information Disclosure Vulnerability
OpenClaw contains a credential disclosure vulnerability (CVE-2026-3691) that allows remote attackers to access stored credentials when a user…
QNAP QHora-322 qvpn_db_mgr role_type Improper Neutralization of Escape Sequences Authentication Bypass Vulnerability
QNAP QHora-322 routers contain an authentication bypass vulnerability (CVE-2025-62845) that allows remote attackers to circumvent the device's…
QNAP QHora-322 ip6_wanifset Improper Restriction of Communication Channel to Intended Endpoints Firewall Bypass Vulnerability
QNAP QHora-322 routers contain a firewall bypass vulnerability (CVE-2025-62843) that allows network-adjacent attackers to circumvent configured…
Red Hat Enterprise Linux vmwgfx Driver Integer Overflow Local Privilege Escalation Vulnerability
A privilege escalation vulnerability identified as CVE-2025-40277 affects Red Hat Enterprise Linux, allowing local attackers with low-privileged code…
QNAP QHora-322 qvpn_db_mgr username SQL Injection Remote Code Execution Vulnerability
A critical vulnerability in QNAP QHora-322 routers (CVE-2025-62846) allows remote attackers to execute arbitrary code despite the presence of…
Adobe
Adobe has disclosed a high-severity vulnerability (CVSS 7.8) that requires local access and user interaction to exploit, but delivers significant…