ZDI Advisories
400 advisoriesZero Day Initiative vulnerability advisories – published disclosures and upcoming publications.
Apple macOS CoreMedia Framework Out-Of-Bounds Write Remote Code Execution Vulnerability
Apple macOS contains a remote code execution vulnerability (CVE-2026-20690) with a CVSS score of 8.8 that allows attackers to execute arbitrary code…
Digilent DASYLab DSA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
Digilent DASYLab contains a remote code execution vulnerability (CVE-2026-0956) that allows attackers to execute arbitrary code on affected systems…
QNAP QHora-322 qvpn_db_mgr username SQL Injection Remote Code Execution Vulnerability
A critical vulnerability in QNAP QHora-322 routers (CVE-2025-62846) allows remote attackers to execute arbitrary code despite the presence of…
QNAP QHora-322 qvpn_db_mgr role_type Improper Neutralization of Escape Sequences Authentication Bypass Vulnerability
QNAP QHora-322 routers contain an authentication bypass vulnerability (CVE-2025-62845) that allows remote attackers to circumvent the device's…
QNAP QHora-322 ip6_wanifset Improper Restriction of Communication Channel to Intended Endpoints Firewall Bypass Vulnerability
QNAP QHora-322 routers contain a firewall bypass vulnerability (CVE-2025-62843) that allows network-adjacent attackers to circumvent configured…
OpenClaw Client PKCE Verifier Information Disclosure Vulnerability
OpenClaw contains a credential disclosure vulnerability (CVE-2026-3691) that allows remote attackers to access stored credentials when a user…
Digilent DASYLab DSA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
A high-severity remote code execution vulnerability (CVE-2026-0957) affects Digilent DASYLab, allowing attackers to execute arbitrary code on…
Digilent DASYLab DSA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
Digilent DASYLab contains a remote code execution vulnerability (CVE-2026-0955) rated HIGH with a CVSS score of 7.8 that allows attackers to execute…
Microsoft Azure MCP AzureCliService Command Injection Remote Code Execution Vulnerability
A critical remote code execution vulnerability (CVSS 9.8) has been discovered in Microsoft Azure that requires no authentication to exploit, allowing…
Canon imageCLASS MF654Cdw BJNP Memory Corruption Remote Code Execution Vulnerability
CVE-2025-14233 is a critical unauthenticated remote code execution vulnerability affecting Canon imageCLASS MF654Cdw printers that allows…
Samsung Galaxy S25 Samsung Account Open Redirect Security Bypass Vulnerability
A medium-severity security bypass vulnerability (CVE-2025-58487) has been identified in Samsung Galaxy S25 devices that allows remote attackers to…
Samsung Galaxy S25 Samsung Account Cross-Site Scripting Remote Code Execution Vulnerability
This vulnerability in Samsung Galaxy S25 allows unauthenticated remote attackers to execute arbitrary scripts on affected devices, potentially…
Samsung Galaxy S25 Smart Touch Call Application Protection Mechanism Failure Information Disclosure Vulnerability
Samsung Galaxy S25 devices contain a remote information disclosure vulnerability (CVE-2025-58488) that allows attackers to access sensitive data if…
GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
GIMP contains a remote code execution vulnerability (CVE-2026-4153) that allows attackers to execute arbitrary code if a user opens a malicious file…
GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability
GIMP contains a remote code execution vulnerability (CVE-2026-4151) that allows attackers to execute arbitrary code if a user opens a malicious file…
GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability
A high-severity remote code execution vulnerability (CVE-2026-4154) affects GIMP and allows attackers to execute arbitrary code if a user opens a…
GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability
GIMP contains a remote code execution vulnerability (CVE-2026-4150) with a CVSS score of 7.8 that allows attackers to execute arbitrary code when a…
GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
GIMP contains a remote code execution vulnerability (CVE-2026-4152) with a CVSS score of 7.8 that allows attackers to execute arbitrary code when a…
QNAP TS-453E smbd domain_name Argument Injection Authentication Bypass Vulnerability
This vulnerability (CVE-2025-62847) affects QNAP TS-453E NAS devices and allows network-adjacent attackers to completely bypass authentication…
VMware ESXi VMCI Integer Underflow Local Privilege Escalation Vulnerability
VMware ESXi is vulnerable to a local privilege escalation attack (CVE-2025-41237) rated as HIGH severity with a CVSS score of 8.2, requiring…
Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability
The Sonos Era 300 speaker contains a critical remote code execution vulnerability (CVE-2026-4149) that allows unauthenticated attackers to execute…
Microsoft Exchange InterceptorSmtpAgent Improper Input Validation Security Feature Bypass Vulnerability
A medium-severity vulnerability (CVE-2026-21527) in Microsoft Exchange allows unauthenticated remote attackers to bypass a security feature,…
VMware Workstation PVSCSI Heap-based Buffer Overflow Local Privilege Escalation Vulnerability
CVE-2025-41238 is a privilege escalation vulnerability in VMware Workstation with a high severity rating of 8.2 that allows local attackers to gain…
VMware ESXi VMXNET3 Integer Overflow Local Privilege Escalation Vulnerability
VMware ESXi contains a privilege escalation vulnerability (CVE-2025-41236) with a CVSS score of 8.2 that allows attackers with high-privileged code…
Synology DiskStation Manager Netatalk Library Buffer Overflow Remote Code Execution Vulnerability
Synology DiskStation Manager contains a critical remote code execution vulnerability (CVE-2022-45188) with a CVSS score of 9.8 that requires no…
Schneider Electric EcoStruxure Data Center Expert Hard-coded Password Remote Code Execution Vulnerability
Schneider Electric EcoStruxure Data Center Expert contains a critical vulnerability (CVE-2025-13957) that allows authenticated remote attackers to…
KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
A high-severity privilege escalation vulnerability (CVE-2026-4158) has been discovered in KeePassXC that allows attackers with low-privileged code…
Samsung Galaxy S25 Samsung Members Security Feature Bypass Vulnerability
A medium-severity security feature bypass vulnerability affects Samsung Galaxy S25 devices, allowing remote attackers to circumvent protective…
GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
GIMP contains a remote code execution vulnerability (CVE-2026-2049) with a CVSS score of 7.8 that allows attackers to execute arbitrary code if a…
Delta Electronics ASDA-Soft PAR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
Delta Electronics ASDA-Soft contains a remote code execution vulnerability (CVE-2026-1361) rated 7.8 HIGH, which attackers can exploit by tricking…