ZDI Advisories
400 advisoriesZero Day Initiative vulnerability advisories – published disclosures and upcoming publications.
Linux Kernel ETS Scheduler Race Condition Local Privilege Escalation Vulnerability
DriveLock Directory Traversal Information Disclosure Vulnerability
DriveLock Directory Traversal Information Disclosure Vulnerability
DriveLock Directory Traversal Information Disclosure Vulnerability
DriveLock Directory Traversal Information Disclosure Vulnerability
GStreamer qtdemux Stack-based Buffer Overflow Remote Code Execution Vulnerability
GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability
Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Mozilla Firefox IonMonkey Switch Statement Optimization Type Confusion Remote Code Execution Vulnerability
Microsoft Visual Studio Code mcp.json Command Injection Remote Code Execution Vulnerability
Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
Linux Kernel Analog Device Driver Improper Validation of Array Index Local Privilege Escalation Vulnerability
aws-mcp-server Command Injection Remote Code Execution Vulnerability
NoMachine External Control of File Path Local Privilege Escalation Vulnerability
NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability
NoMachine External Control of File Path Arbitrary File Deletion Vulnerability
OpenClaw Canvas Path Traversal Information Disclosure Vulnerability
OpenClaw contains a medium-severity information disclosure vulnerability (CVE-2026-3689, CVSS 6.5) that allows authenticated remote attackers to…
OpenClaw Canvas Authentication Bypass Vulnerability
OpenClaw contains a critical authentication bypass vulnerability (CVE-2026-3690) that allows unauthenticated remote attackers to gain unauthorized…
Digilent DASYLab DSB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Digilent DASYLab contains a remote code execution vulnerability (CVE-2026-0954) that allows attackers to execute arbitrary code on affected systems…
QNAP QHora-322 miro_webserver_controllers_api_login_singIn Authentication Bypass Vulnerability
QNAP QHora-322 routers contain an authentication bypass vulnerability (CVE-2024-13088) that allows network-adjacent attackers to gain unauthorized…
QNAP TS-453E write_file_to_svr External Control of File Path Remote Code Execution Vulnerability
QNAP TS-453E devices contain a code execution vulnerability (CVE-2025-62842) that can be exploited by network-adjacent attackers who can bypass the…
Apple macOS Exposure of Sensitive Information to Unauthorized Sphere Information Disclosure Vulnerability
CVE-2026-20695 is a local information disclosure vulnerability affecting Apple macOS that requires an attacker to already have low-privileged code…
QNAP TS-453E server_handlers.pyc rr2s.kwargs Error Message Information Disclosure Vulnerability
A network-adjacent attacker can bypass authentication on QNAP TS-453E NAS devices to disclose sensitive information, despite the normally required…
Linux Kernel AoE Driver Use-After-Free Local Privilege Escalation Vulnerability
This vulnerability is a privilege escalation flaw in the Linux Kernel (CVE-2023-6270) that allows local attackers with low-level code execution to…
QNAP QHora-322 login.newAuthMiddleware.Authenticator Authentication Bypass Vulnerability
QNAP QHora-322 routers contain an authentication bypass vulnerability (CVE-2025-62844) that allows remote attackers to access the device without…
Red Hat Enterprise Linux vmwgfx Driver Integer Overflow Local Privilege Escalation Vulnerability
A privilege escalation vulnerability identified as CVE-2025-40277 affects Red Hat Enterprise Linux, allowing local attackers with low-privileged code…