Zero Day Initiative Advisories - Page 6

ZDI-CAN-29790 8.5 Upcoming – 103d Linux Mar 30, 2026

Linux

Linux is the open-source operating system kernel used across servers, desktops, and embedded systems worldwide.

ZDI-26-230 8.8 CVE-2026-20690 Apple Mar 30, 2026

Apple macOS CoreMedia Framework Out-Of-Bounds Write Remote Code Execution Vulnerability

Apple macOS contains a remote code execution vulnerability (CVE-2026-20690) with a CVSS score of 8.8 that allows attackers to execute arbitrary code…

ZDI-CAN-29838 6.4 Upcoming – 103d LiteLLM Mar 30, 2026

LiteLLM

LiteLLM is an open-source library that provides a unified interface for large language model APIs.

ZDI-CAN-29491 7.8 Upcoming – 103d Foxit Mar 30, 2026

Foxit

Foxit is a well-known software company specializing in PDF readers and document management solutions.

ZDI-26-234 7.8 CVE-2026-0956 Digilent Mar 30, 2026

Digilent DASYLab DSA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Digilent DASYLab contains a remote code execution vulnerability (CVE-2026-0956) that allows attackers to execute arbitrary code on affected systems…

ZDI-26-247 7.1 CVE-2026-5053 NoMachine Mar 30, 2026

NoMachine External Control of File Path Arbitrary File Deletion Vulnerability

ZDI-CAN-29663 7.4 Upcoming – 103d oFono Mar 30, 2026

oFono

oFono is an open-source telephony framework for Linux that manages mobile broadband and voice communication.

ZDI-CAN-29299 7.5 Upcoming – 103d OpenPrinting Mar 30, 2026

OpenPrinting

OpenPrinting is a widely-used open-source printing system commonly integrated into Linux distributions and enterprise print servers.

ZDI-26-245 9.8 CVE-2026-5059 aws-mcp-server Mar 30, 2026

aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability

ZDI-26-241 8.8 CVE-2025-62846 QNAP Mar 30, 2026

QNAP QHora-322 qvpn_db_mgr username SQL Injection Remote Code Execution Vulnerability

A critical vulnerability in QNAP QHora-322 routers (CVE-2025-62846) allows remote attackers to execute arbitrary code despite the presence of…

ZDI-CAN-29495 7.8 Upcoming – 103d Foxit Mar 30, 2026

Foxit

Foxit is a well-known software company that develops PDF readers and document management solutions widely used in enterprise environments.

ZDI-26-248 7.8 CVE-2026-5054 NoMachine Mar 30, 2026

NoMachine External Control of File Path Local Privilege Escalation Vulnerability

ZDI-26-232 8.8 CVE-2025-40277 Red Mar 30, 2026

Red Hat Enterprise Linux vmwgfx Driver Integer Overflow Local Privilege Escalation Vulnerability

A privilege escalation vulnerability identified as CVE-2025-40277 affects Red Hat Enterprise Linux, allowing local attackers with low-privileged code…

ZDI-26-240 6.3 CVE-2025-62845 QNAP Mar 30, 2026

QNAP QHora-322 qvpn_db_mgr role_type Improper Neutralization of Escape Sequences Authentication Bypass Vulnerability

QNAP QHora-322 routers contain an authentication bypass vulnerability (CVE-2025-62845) that allows remote attackers to circumvent the device's…

ZDI-CAN-29409 7.8 Upcoming – 103d Adobe Mar 30, 2026

Adobe

Adobe, a major software company known for creative and productivity applications, has a high-severity local vulnerability (CVSS 7.8) that requires…

ZDI-CAN-30015 7.8 Upcoming – 103d Adobe Mar 30, 2026

Adobe

Adobe, a major software vendor known for creative and productivity applications, has a high-severity vulnerability (CVSS 7.8) that requires local…

ZDI-CAN-29433 3.3 Upcoming – 103d Adobe Mar 30, 2026

Adobe

Adobe has disclosed a low-severity local information disclosure vulnerability (CVE details pending) that requires user interaction to exploit but no…

ZDI-CAN-29477 3.3 Upcoming – 103d Adobe Mar 30, 2026

Adobe

Adobe, a leading software company known for creative and productivity applications, has a low-severity local vulnerability (CVSS 3.3) that requires…

ZDI-CAN-29793 7.8 Upcoming – -20d TrendAI Mar 27, 2026

TrendAI

TrendAI is a vendor in the artificial intelligence and machine learning security space.

ZDI-CAN-29910 7.8 Upcoming – -20d TrendAI Mar 27, 2026

TrendAI

TrendAI is a vendor in the artificial intelligence security space.

ZDI-CAN-29593 7.8 Upcoming – -21d Meta Mar 26, 2026

Meta

Meta, the social media and technology company behind Facebook, Instagram, and other platforms, has a high-severity vulnerability (CVSS 7.8) that…

ZDI-CAN-29436 7.8 Upcoming – -21d Meta Mar 26, 2026

Meta

Meta, a major social media and technology company, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but no…

ZDI-CAN-29437 7.8 Upcoming – -21d Meta Mar 26, 2026

Meta

Meta, a major social media and technology company, has a high-severity vulnerability (CVSS 7.8) that requires local access and user interaction to…

ZDI-CAN-29365 7.8 Upcoming – -21d Meta Mar 26, 2026

Meta

Meta, the social media and technology conglomerate, has a high-severity vulnerability (CVSS 7.8) that requires local access and user interaction but…

ZDI-CAN-29596 7.8 Upcoming – -21d Meta Mar 26, 2026

Meta

Meta, the social media and technology conglomerate, has a local privilege escalation vulnerability (CVSS 7.8) that requires user interaction but no…

ZDI-CAN-29499 7.8 Upcoming – -21d Meta Mar 26, 2026

Meta

Meta, the parent company of Facebook, Instagram, and WhatsApp, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but…

ZDI-CAN-29233 7.8 Upcoming – -21d Meta Mar 26, 2026

Meta

Meta, a major social media and technology company, has a high-severity vulnerability (CVSS 7.8) that requires local access and user interaction to…

ZDI-CAN-29630 7.8 Upcoming – -21d Meta Mar 26, 2026

Meta

Meta, the social media and technology conglomerate, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but requires no…

ZDI-CAN-29435 7.8 Upcoming – -21d Meta Mar 26, 2026

Meta

Meta, a major social media and technology company, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but no…

ZDI-CAN-29447 7.8 Upcoming – -21d Meta Mar 26, 2026

Meta

Meta, the social media and technology conglomerate, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction to exploit but…

ZDI Advisories