Skip to main content

ZDI Advisories

400 advisories

Zero Day Initiative vulnerability advisories – published disclosures and upcoming publications.

ZDI-26-289 7.5 CVE-2025-71066 Linux Apr 15, 2026

Linux Kernel ETS Scheduler Race Condition Local Privilege Escalation Vulnerability

ZDI-26-288 6.5 CVE-2026-5492 DriveLock Apr 15, 2026

DriveLock Directory Traversal Information Disclosure Vulnerability

ZDI-26-287 7.5 CVE-2026-5491 DriveLock Apr 15, 2026

DriveLock Directory Traversal Information Disclosure Vulnerability

ZDI-26-285 5.3 CVE-2026-5489 DriveLock Apr 15, 2026

DriveLock Directory Traversal Information Disclosure Vulnerability

ZDI-26-284 7.5 CVE-2026-5487 DriveLock Apr 15, 2026

DriveLock Directory Traversal Information Disclosure Vulnerability

ZDI-26-283 7.8 CVE-2026-5056 GStreamer Apr 15, 2026

GStreamer qtdemux Stack-based Buffer Overflow Remote Code Execution Vulnerability

ZDI-26-282 7.8 CVE-2026-2050 GIMP Apr 15, 2026

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

ZDI-26-257 7.8 CVE-2026-5495 Labcenter Apr 06, 2026

Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZDI-26-254 7.8 CVE-2026-5496 Labcenter Apr 06, 2026

Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability

ZDI-26-255 7.8 CVE-2026-5493 Labcenter Apr 06, 2026

Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZDI-26-256 7.8 CVE-2026-5494 Labcenter Apr 06, 2026

Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZDI-26-252 8.8 CVE-2026-4698 Mozilla Apr 02, 2026

Mozilla Firefox IonMonkey Switch Statement Optimization Type Confusion Remote Code Execution Vulnerability

ZDI-26-253 7.8 CVE-2026-21518 Microsoft Apr 02, 2026

Microsoft Visual Studio Code mcp.json Command Injection Remote Code Execution Vulnerability

ZDI-26-251 7.8 CVE-2026-3775 Foxit Apr 02, 2026

Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

ZDI-26-250 8.2 CVE-2026-23092 Linux Mar 31, 2026

Linux Kernel Analog Device Driver Improper Validation of Array Index Local Privilege Escalation Vulnerability

ZDI-26-246 9.8 CVE-2026-5058 aws-mcp-server Mar 30, 2026

aws-mcp-server Command Injection Remote Code Execution Vulnerability

ZDI-26-248 7.8 CVE-2026-5054 NoMachine Mar 30, 2026

NoMachine External Control of File Path Local Privilege Escalation Vulnerability

ZDI-26-249 7.8 CVE-2026-5055 NoMachine Mar 30, 2026

NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

ZDI-26-245 9.8 CVE-2026-5059 aws-mcp-server Mar 30, 2026

aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability

ZDI-26-247 7.1 CVE-2026-5053 NoMachine Mar 30, 2026

NoMachine External Control of File Path Arbitrary File Deletion Vulnerability

ZDI-26-227 6.5 CVE-2026-3689 OpenClaw Mar 30, 2026

OpenClaw Canvas Path Traversal Information Disclosure Vulnerability

OpenClaw contains a medium-severity information disclosure vulnerability (CVE-2026-3689, CVSS 6.5) that allows authenticated remote attackers to…

ZDI-26-228 7.4 CVE-2026-3690 OpenClaw Mar 30, 2026

OpenClaw Canvas Authentication Bypass Vulnerability

OpenClaw contains a critical authentication bypass vulnerability (CVE-2026-3690) that allows unauthenticated remote attackers to gain unauthorized…

ZDI-26-236 7.8 CVE-2026-0954 Digilent Mar 30, 2026

Digilent DASYLab DSB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Digilent DASYLab contains a remote code execution vulnerability (CVE-2026-0954) that allows attackers to execute arbitrary code on affected systems…

ZDI-26-244 5.0 CVE-2024-13088 QNAP Mar 30, 2026

QNAP QHora-322 miro_webserver_controllers_api_login_singIn Authentication Bypass Vulnerability

QNAP QHora-322 routers contain an authentication bypass vulnerability (CVE-2024-13088) that allows network-adjacent attackers to gain unauthorized…

ZDI-26-243 6.8 CVE-2025-62842 QNAP Mar 30, 2026

QNAP TS-453E write_file_to_svr External Control of File Path Remote Code Execution Vulnerability

QNAP TS-453E devices contain a code execution vulnerability (CVE-2025-62842) that can be exploited by network-adjacent attackers who can bypass the…

ZDI-26-231 3.8 CVE-2026-20695 Apple Mar 30, 2026

Apple macOS Exposure of Sensitive Information to Unauthorized Sphere Information Disclosure Vulnerability

CVE-2026-20695 is a local information disclosure vulnerability affecting Apple macOS that requires an attacker to already have low-privileged code…

ZDI-26-242 3.5 CVE-2025-62840 QNAP Mar 30, 2026

QNAP TS-453E server_handlers.pyc rr2s.kwargs Error Message Information Disclosure Vulnerability

A network-adjacent attacker can bypass authentication on QNAP TS-453E NAS devices to disclose sensitive information, despite the normally required…

ZDI-26-238 7.8 CVE-2023-6270 Linux Mar 30, 2026

Linux Kernel AoE Driver Use-After-Free Local Privilege Escalation Vulnerability

This vulnerability is a privilege escalation flaw in the Linux Kernel (CVE-2023-6270) that allows local attackers with low-level code execution to…

ZDI-26-239 5.6 CVE-2025-62844 QNAP Mar 30, 2026

QNAP QHora-322 login.newAuthMiddleware.Authenticator Authentication Bypass Vulnerability

QNAP QHora-322 routers contain an authentication bypass vulnerability (CVE-2025-62844) that allows remote attackers to access the device without…

ZDI-26-232 8.8 CVE-2025-40277 Red Mar 30, 2026

Red Hat Enterprise Linux vmwgfx Driver Integer Overflow Local Privilege Escalation Vulnerability

A privilege escalation vulnerability identified as CVE-2025-40277 affects Red Hat Enterprise Linux, allowing local attackers with low-privileged code…

Prev Page 7 of 14 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy