Skip to main content

ZDI Advisories

400 advisories

Zero Day Initiative vulnerability advisories – published disclosures and upcoming publications.

ZDI-26-230 8.8 CVE-2026-20690 Apple Mar 30, 2026

Apple macOS CoreMedia Framework Out-Of-Bounds Write Remote Code Execution Vulnerability

Apple macOS contains a remote code execution vulnerability (CVE-2026-20690) with a CVSS score of 8.8 that allows attackers to execute arbitrary code…

ZDI-26-234 7.8 CVE-2026-0956 Digilent Mar 30, 2026

Digilent DASYLab DSA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Digilent DASYLab contains a remote code execution vulnerability (CVE-2026-0956) that allows attackers to execute arbitrary code on affected systems…

ZDI-26-241 8.8 CVE-2025-62846 QNAP Mar 30, 2026

QNAP QHora-322 qvpn_db_mgr username SQL Injection Remote Code Execution Vulnerability

A critical vulnerability in QNAP QHora-322 routers (CVE-2025-62846) allows remote attackers to execute arbitrary code despite the presence of…

ZDI-26-240 6.3 CVE-2025-62845 QNAP Mar 30, 2026

QNAP QHora-322 qvpn_db_mgr role_type Improper Neutralization of Escape Sequences Authentication Bypass Vulnerability

QNAP QHora-322 routers contain an authentication bypass vulnerability (CVE-2025-62845) that allows remote attackers to circumvent the device's…

ZDI-26-237 6.3 CVE-2025-62843 QNAP Mar 30, 2026

QNAP QHora-322 ip6_wanifset Improper Restriction of Communication Channel to Intended Endpoints Firewall Bypass Vulnerability

QNAP QHora-322 routers contain a firewall bypass vulnerability (CVE-2025-62843) that allows network-adjacent attackers to circumvent configured…

ZDI-26-229 5.3 CVE-2026-3691 OpenClaw Mar 30, 2026

OpenClaw Client PKCE Verifier Information Disclosure Vulnerability

OpenClaw contains a credential disclosure vulnerability (CVE-2026-3691) that allows remote attackers to access stored credentials when a user…

ZDI-26-235 7.8 CVE-2026-0957 Digilent Mar 30, 2026

Digilent DASYLab DSA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

A high-severity remote code execution vulnerability (CVE-2026-0957) affects Digilent DASYLab, allowing attackers to execute arbitrary code on…

ZDI-26-233 7.8 CVE-2026-0955 Digilent Mar 30, 2026

Digilent DASYLab DSA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Digilent DASYLab contains a remote code execution vulnerability (CVE-2026-0955) rated HIGH with a CVSS score of 7.8 that allows attackers to execute…

ZDI-26-226 9.8 Microsoft Mar 24, 2026

Microsoft Azure MCP AzureCliService Command Injection Remote Code Execution Vulnerability

A critical remote code execution vulnerability (CVSS 9.8) has been discovered in Microsoft Azure that requires no authentication to exploit, allowing…

ZDI-26-222 8.8 CVE-2025-14233 Canon Mar 23, 2026

Canon imageCLASS MF654Cdw BJNP Memory Corruption Remote Code Execution Vulnerability

CVE-2025-14233 is a critical unauthenticated remote code execution vulnerability affecting Canon imageCLASS MF654Cdw printers that allows…

ZDI-26-225 5.6 CVE-2025-58487 Samsung Mar 23, 2026

Samsung Galaxy S25 Samsung Account Open Redirect Security Bypass Vulnerability

A medium-severity security bypass vulnerability (CVE-2025-58487) has been identified in Samsung Galaxy S25 devices that allows remote attackers to…

ZDI-26-224 6.3 CVE-2025-58486 Samsung Mar 23, 2026

Samsung Galaxy S25 Samsung Account Cross-Site Scripting Remote Code Execution Vulnerability

This vulnerability in Samsung Galaxy S25 allows unauthenticated remote attackers to execute arbitrary scripts on affected devices, potentially…

ZDI-26-223 5.9 CVE-2025-58488 Samsung Mar 23, 2026

Samsung Galaxy S25 Smart Touch Call Application Protection Mechanism Failure Information Disclosure Vulnerability

Samsung Galaxy S25 devices contain a remote information disclosure vulnerability (CVE-2025-58488) that allows attackers to access sensitive data if…

ZDI-26-220 7.8 CVE-2026-4153 GIMP Mar 19, 2026

GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

GIMP contains a remote code execution vulnerability (CVE-2026-4153) that allows attackers to execute arbitrary code if a user opens a malicious file…

ZDI-26-218 7.8 CVE-2026-4151 GIMP Mar 19, 2026

GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability

GIMP contains a remote code execution vulnerability (CVE-2026-4151) that allows attackers to execute arbitrary code if a user opens a malicious file…

ZDI-26-221 7.8 CVE-2026-4154 GIMP Mar 19, 2026

GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability

A high-severity remote code execution vulnerability (CVE-2026-4154) affects GIMP and allows attackers to execute arbitrary code if a user opens a…

ZDI-26-217 7.8 CVE-2026-4150 GIMP Mar 19, 2026

GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability

GIMP contains a remote code execution vulnerability (CVE-2026-4150) with a CVSS score of 7.8 that allows attackers to execute arbitrary code when a…

ZDI-26-219 7.8 CVE-2026-4152 GIMP Mar 19, 2026

GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

GIMP contains a remote code execution vulnerability (CVE-2026-4152) with a CVSS score of 7.8 that allows attackers to execute arbitrary code when a…

ZDI-26-216 6.3 CVE-2025-62847 QNAP Mar 17, 2026

QNAP TS-453E smbd domain_name Argument Injection Authentication Bypass Vulnerability

This vulnerability (CVE-2025-62847) affects QNAP TS-453E NAS devices and allows network-adjacent attackers to completely bypass authentication…

ZDI-26-188 8.2 CVE-2025-41237 VMware Mar 16, 2026

VMware ESXi VMCI Integer Underflow Local Privilege Escalation Vulnerability

VMware ESXi is vulnerable to a local privilege escalation attack (CVE-2025-41237) rated as HIGH severity with a CVSS score of 8.2, requiring…

ZDI-26-192 10.0 CVE-2026-4149 Sonos Mar 16, 2026

Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability

The Sonos Era 300 speaker contains a critical remote code execution vulnerability (CVE-2026-4149) that allows unauthenticated attackers to execute…

ZDI-26-194 5.3 CVE-2026-21527 Microsoft Mar 16, 2026

Microsoft Exchange InterceptorSmtpAgent Improper Input Validation Security Feature Bypass Vulnerability

A medium-severity vulnerability (CVE-2026-21527) in Microsoft Exchange allows unauthenticated remote attackers to bypass a security feature,…

ZDI-26-190 8.2 CVE-2025-41238 VMware Mar 16, 2026

VMware Workstation PVSCSI Heap-based Buffer Overflow Local Privilege Escalation Vulnerability

CVE-2025-41238 is a privilege escalation vulnerability in VMware Workstation with a high severity rating of 8.2 that allows local attackers to gain…

ZDI-26-189 8.2 CVE-2025-41236 VMware Mar 16, 2026

VMware ESXi VMXNET3 Integer Overflow Local Privilege Escalation Vulnerability

VMware ESXi contains a privilege escalation vulnerability (CVE-2025-41236) with a CVSS score of 8.2 that allows attackers with high-privileged code…

ZDI-26-187 9.8 CVE-2022-45188 Synology Mar 16, 2026

Synology DiskStation Manager Netatalk Library Buffer Overflow Remote Code Execution Vulnerability

Synology DiskStation Manager contains a critical remote code execution vulnerability (CVE-2022-45188) with a CVSS score of 9.8 that requires no…

ZDI-26-212 8.8 CVE-2025-13957 Schneider Mar 16, 2026

Schneider Electric EcoStruxure Data Center Expert Hard-coded Password Remote Code Execution Vulnerability

Schneider Electric EcoStruxure Data Center Expert contains a critical vulnerability (CVE-2025-13957) that allows authenticated remote attackers to…

ZDI-26-215 7.3 CVE-2026-4158 KeePassXC Mar 16, 2026

KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

A high-severity privilege escalation vulnerability (CVE-2026-4158) has been discovered in KeePassXC that allows attackers with low-privileged code…

ZDI-26-210 5.4 CVE-2025-21079 Samsung Mar 16, 2026

Samsung Galaxy S25 Samsung Members Security Feature Bypass Vulnerability

A medium-severity security feature bypass vulnerability affects Samsung Galaxy S25 devices, allowing remote attackers to circumvent protective…

ZDI-26-214 7.8 CVE-2026-2049 GIMP Mar 16, 2026

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

GIMP contains a remote code execution vulnerability (CVE-2026-2049) with a CVSS score of 7.8 that allows attackers to execute arbitrary code if a…

ZDI-26-211 7.8 CVE-2026-1361 Delta Mar 16, 2026

Delta Electronics ASDA-Soft PAR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Delta Electronics ASDA-Soft contains a remote code execution vulnerability (CVE-2026-1361) rated 7.8 HIGH, which attackers can exploit by tricking…

Prev Page 8 of 14 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy