Skip to main content

ZDI Advisories

400 advisories

Zero Day Initiative vulnerability advisories – published disclosures and upcoming publications.

ZDI-26-294 3.5 Microsoft Apr 21, 2026

Microsoft Windows library-ms NTLM Response Information Disclosure Vulnerability

ZDI-26-293 4.3 Microsoft Apr 21, 2026

Microsoft Office URI Handler NTLM Response Information Disclosure Vulnerability

ZDI-26-276 7.5 CVE-2026-26179 Microsoft Apr 15, 2026

Microsoft Windows Secure Kernel Double Free Local Privilege Escalation Vulnerability

ZDI-26-258 8.2 Docker Apr 15, 2026

Docker Desktop extension-manager Exposed Dangerous Function Local Privilege Escalation Vulnerability

ZDI-26-259 7.8 Docker Apr 15, 2026

Docker Desktop cli-plugins Incorrect Permission Assignment Local Privilege Escalation Vulnerability

ZDI-26-260 7.5 Docker Apr 15, 2026

Docker Desktop System Editor Uncontrolled Search Path Element Privilege Escalation Vulnerability

ZDI-26-277 7.8 CVE-2026-32073 Microsoft Apr 15, 2026

Microsoft Windows afd.sys Race Condition Local Privilege Escalation Vulnerability

ZDI-26-278 7.8 CVE-2026-33104 Microsoft Apr 15, 2026

Microsoft Windows win32kfull Improper Locking Local Privilege Escalation Vulnerability

ZDI-26-261 7.5 Docker Apr 15, 2026

Docker Desktop credentialHelper Directory Traversal Privilege Escalation Vulnerability

ZDI-26-279 7.5 CVE-2026-32183 Microsoft Apr 15, 2026

Microsoft Windows Snipping Tool Improper Input Validation Remote Code Execution Vulnerability

ZDI-26-280 8.8 CVE-2026-4682 HP Apr 15, 2026

HP DeskJet 2855e JobStatusEvent Stack-based Buffer Overflow Remote Code Execution Vulnerability

ZDI-26-281 7.8 CVE-2026-34054 Microsoft Apr 15, 2026

Microsoft vcpkg OpenSSL Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

ZDI-26-267 7.8 Malwarebytes Apr 15, 2026

Malwarebytes Anti-Malware Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

ZDI-26-268 7.8 CVE-2026-25203 Samsung Apr 15, 2026

Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability

ZDI-26-264 7.5 CVE-2026-27305 Adobe Apr 15, 2026

Adobe ColdFusion fetchCFSettingFile Directory Traversal Information Disclosure Vulnerability

ZDI-26-269 9.8 CVE-2025-54948 TrendAI Apr 15, 2026

TrendAI Apex One Console Directory Traversal Remote Code Execution Vulnerability

ZDI-26-270 9.8 CVE-2025-54987 TrendAI Apr 15, 2026

TrendAI Apex One Console Directory Traversal Remote Code Execution Vulnerability

ZDI-26-266 8.8 CVE-2026-40688 Fortinet Apr 15, 2026

Fortinet FortiWeb cat_cgi_paths Out-Of-Bounds Write Remote Code Execution Vulnerability

ZDI-26-263 6.5 CVE-2026-27282 Adobe Apr 15, 2026

Adobe ColdFusion subscribeToEndpoints Authentication Bypass Vulnerability

ZDI-26-265 6.5 CVE-2026-39811 Fortinet Apr 15, 2026

Fortinet FortiWeb cgi_buf_alloc Integer Overflow Denial-of-Service Vulnerability

ZDI-26-262 5.4 CVE-2026-34619 Adobe Apr 15, 2026

Adobe ColdFusion deleteVersion Directory Traversal Arbitrary File Deletion Vulnerability

ZDI-26-288 6.5 CVE-2026-5492 DriveLock Apr 15, 2026

DriveLock Directory Traversal Information Disclosure Vulnerability

ZDI-26-287 7.5 CVE-2026-5491 DriveLock Apr 15, 2026

DriveLock Directory Traversal Information Disclosure Vulnerability

ZDI-26-289 7.5 CVE-2025-71066 Linux Apr 15, 2026

Linux Kernel ETS Scheduler Race Condition Local Privilege Escalation Vulnerability

ZDI-26-292 8.8 CVE-2026-22898 QNAP Apr 15, 2026

QNAP TS-453E QVRPro excpostgres Exposed Dangerous Method Remote Code Execution Vulnerability

ZDI-26-291 7.8 CVE-2026-32861 NI Apr 15, 2026

NI LabVIEW LVCLASS File Parsing Memory Corruption Remote Code Execution Vulnerability

ZDI-26-290 7.8 CVE-2026-32860 NI Apr 15, 2026

NI LabVIEW LVLIB File Parsing Memory Corruption Remote Code Execution Vulnerability

ZDI-26-286 8.8 CVE-2026-5490 DriveLock Apr 15, 2026

DriveLock SQL Injection Privilege Escalation Vulnerability

ZDI-26-285 5.3 CVE-2026-5489 DriveLock Apr 15, 2026

DriveLock Directory Traversal Information Disclosure Vulnerability

ZDI-26-284 7.5 CVE-2026-5487 DriveLock Apr 15, 2026

DriveLock Directory Traversal Information Disclosure Vulnerability

Prev Page 6 of 14 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy