ZDI Advisories
248 advisoriesZero Day Initiative vulnerability advisories – published disclosures and upcoming publications.
Unraid Authentication Request Path Traversal Authentication Bypass Vulnerability
A high-severity authentication bypass vulnerability (CVE-2026-3839) has been discovered in Unraid that allows remote attackers to gain unauthorized…
Unraid Update Request Path Traversal Remote Code Execution Vulnerability
This vulnerability in Unraid (CVE-2026-3838) allows authenticated remote attackers to execute arbitrary code on affected systems, earning a HIGH…
Philips Hue Bridge hap_pair_verify_handler Sub-TLV Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
A high-severity vulnerability (CVE-2026-3557) in Philips Hue Bridge allows network-adjacent attackers to execute arbitrary code by bypassing the…
Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass Vulnerability
A high-severity authentication bypass vulnerability (CVE-2026-3559) has been discovered in Philips Hue Bridge that allows network-adjacent attackers…
Philips Hue Bridge HomeKit hk_hap_pair_storage_put Heap-based Buffer Overflow Remote Code Execution Vulnerability
A critical unauthenticated remote code execution vulnerability (CVE-2026-3560) has been discovered in the Philips Hue Bridge smart home device, rated…
GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability
GStreamer contains a remote code execution vulnerability (CVE-2026-2923) with a CVSS score of 7.8 that allows attackers to execute arbitrary code on…
Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
Docker Desktop contains a local privilege escalation vulnerability (CVE-2025-15558) that allows attackers with low-level code execution access to…
Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Delta Electronics CNCSoft-G2 contains a remote code execution vulnerability (CVE-2026-3094) that allows attackers to execute arbitrary code if a user…
GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability
GStreamer contains a remote code execution vulnerability (CVE-2026-2920, CVSS 7.8) that allows attackers to execute arbitrary code on systems running…
GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability
GStreamer contains a remote code execution vulnerability (CVE-2026-3082) rated HIGH with a CVSS score of 7.8 that allows attackers to execute…
Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authentication Bypass Vulnerability
A high-severity authentication bypass vulnerability (CVE-2026-3558, CVSS 8.1) affects Philips Hue Bridge, allowing network-adjacent attackers to gain…
GStreamer H.266 Codec Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability
GStreamer contains a remote code execution vulnerability (CVE-2026-3081) rated 7.8 CVSS that allows attackers to execute arbitrary code if they can…
Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execution Vulnerability
A high-severity vulnerability (CVSS 8.0) in Philips Hue Bridge allows network-adjacent attackers to execute arbitrary code on the device if a user…
GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerability
GStreamer contains a remote code execution vulnerability (CVE-2026-3086) rated 7.8 CVSS High severity that allows attackers to execute arbitrary code…
GStreamer H.266 Codec Parser Integer Underflow Remote Code Execution Vulnerability
GStreamer contains a remote code execution vulnerability (CVE-2026-3084) rated HIGH with a CVSS score of 7.8 that allows attackers to execute…
GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability
GStreamer contains a remote code execution vulnerability (CVE-2026-2921) with a high CVSS score of 7.8 that allows attackers to execute arbitrary…
GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability
GStreamer contains a high-severity remote code execution vulnerability (CVE-2026-3085, CVSS 8.8) that allows attackers to execute arbitrary code when…
GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability
GStreamer contains a critical remote code execution vulnerability (CVE-2026-3083) rated 8.8 CVSS that allows attackers to execute arbitrary code on…
GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerability
GStreamer contains a remote code execution vulnerability (CVE-2026-2922) rated HIGH with a CVSS score of 7.8, allowing attackers to execute arbitrary…
Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability
A network-adjacent attacker can execute arbitrary code on Philips Hue Bridge devices without authentication due to CVE-2026-3562, a medium-severity…
Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability
A critical unauthenticated remote code execution vulnerability (CVE-2026-3556) affects the Philips Hue Bridge smart home hub, rated 8.8 CVSS.
Philips Hue Bridge hk_hap characteristics Heap-based Buffer Overflow Remote Code Execution Vulnerability
A high-severity vulnerability (CVSS 8.0) in Philips Hue Bridge allows network-adjacent attackers to execute arbitrary code by bypassing the device's…
Music Assistant _update_library_item External Control of File Path Remote Code Execution Vulnerability
Music Assistant contains a high-severity vulnerability (CVE-2026-26975) that allows network-adjacent attackers to execute arbitrary code on affected…
Trend Micro Apex One Console Directory Traversal Remote Code Execution Vulnerability
Trend Micro Apex One contains a critical remote code execution vulnerability (CVE-2025-71211) that allows unauthenticated attackers to execute…
Hewlett Packard Enterprise AutoPass License Server Authentication Bypass Vulnerability
A remote authentication bypass vulnerability (CVE-2026-23600) has been discovered in Hewlett Packard Enterprise AutoPass License Server, rated as…
Trend Micro Apex Central Hub Server Server-Side Request Forgery Vulnerability
Trend Micro Apex Central contains an information disclosure vulnerability (CVE-2025-71205) that allows authenticated remote attackers to access…
Trend Micro Apex Central Scheduled Update Server-Side Request Forgery Vulnerability
A medium-severity information disclosure vulnerability exists in Trend Micro Apex Central that allows authenticated remote attackers to access…
LangChain LangGraph BaseCache Deserialization of Untrusted Data Remote Code Execution Vulnerability
LangChain's LangGraph component contains a remote code execution vulnerability (CVE-2026-27794) that allows unauthenticated attackers to execute…
Trend Micro Apex One Console Directory Traversal Remote Code Execution Vulnerability
Trend Micro Apex One contains a critical remote code execution vulnerability (CVE-2025-71210) that requires no authentication to exploit, allowing…
Trend Micro Apex Central Manual Update Server-Side Request Forgery Vulnerability
Trend Micro Apex Central contains an information disclosure vulnerability (CVE-2025-71207) that allows authenticated remote attackers to access…