ZDI Advisories
248 advisoriesZero Day Initiative vulnerability advisories – published disclosures and upcoming publications.
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-13845 is a high-severity remote code execution vulnerability in Schneider Electric EcoStruxure Power Build that allows attackers to execute…
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
Schneider Electric's EcoStruxure Power Build contains a remote code execution vulnerability (CVE-2025-13845) that allows attackers to execute…
Schneider Electric EcoStruxure Power Build SSD File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2025-13845 is a remote code execution vulnerability affecting Schneider Electric EcoStruxure Power Build that allows attackers to execute…
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
A high-severity remote code execution vulnerability (CVE-2025-13845) has been discovered in Schneider Electric EcoStruxure Power Build that allows…
Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability
A high-severity remote code execution vulnerability exists in Nagios Host that allows authenticated attackers to execute arbitrary code on affected…
Nagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution Vulnerability
A high-severity remote code execution vulnerability (CVE-2026-2043) has been identified in Nagios Host that allows authenticated attackers to execute…
GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution Vulnerability
GFI Archiver contains a critical remote code execution vulnerability (CVE-2026-2037) with a CVSS score of 8.8 that allows attackers to execute…
Deciso OPNsense diag_backup.php filename Command Injection Remote Code Execution Vulnerability
Deciso OPNsense contains a code execution vulnerability (CVE-2026-2035) that allows authenticated network-adjacent attackers to execute arbitrary…
Ivanti Endpoint Manager AuthHelper Authentication Bypass Vulnerability
Ivanti Endpoint Manager contains an authentication bypass vulnerability (CVE-2026-1603) that allows remote attackers to gain unauthorized access…
Microsoft Exchange InterceptorSmtpAgent Reliance on Untrusted Inputs Security Feature Bypass Vulnerability
A medium-severity vulnerability in Microsoft Exchange (CVE-2026-21527) allows unauthenticated remote attackers to bypass a security feature without…
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
Schneider Electric EcoStruxure Power Build contains a remote code execution vulnerability (CVE-2025-13845) that allows attackers to execute arbitrary…
GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution Vulnerability
GFI Archiver contains a critical remote code execution vulnerability (CVE-2026-2036) with a CVSS score of 8.8 that allows attackers to execute…
Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnerability
A remote code execution vulnerability in Xmind (CVE-2026-0777) with a high CVSS score of 7.8 allows attackers to execute arbitrary code if users are…
Adobe ColdFusion CAR File Parsing Directory Traversal Remote Code Execution Vulnerability
Adobe ColdFusion contains a vulnerability (CVE-2025-61808) that allows authenticated attackers to execute arbitrary code on affected systems, rated…
Lexmark CX532adwe esfhelper Untrusted Search Path Local Privilege Escalation Vulnerability
A high-severity privilege escalation vulnerability (CVE-2025-65078) has been identified in Lexmark CX532adwe printers that allows local attackers…
Lexmark CX532adwe execuserobject Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability in Lexmark CX532adwe printers allows unauthenticated network-adjacent attackers to execute arbitrary code with a CVSS score of…
Docker Desktop for Windows Incorrect Permission Assignment Privilege Escalation Vulnerability
Docker Desktop for Windows contains a local privilege escalation vulnerability (CVE-2025-14740) that allows attackers with local access to elevate…
Docker Desktop for Windows Incorrect Permission Assignment Privilege Escalation Vulnerability
Docker Desktop for Windows contains a privilege escalation vulnerability (CVE-2025-14740) that allows local attackers to gain elevated privileges if…
Lexmark CX532adwe libesffls Directory Traversal Remote Code Execution Vulnerability
A critical vulnerability in Lexmark CX532adwe printers allows unauthenticated attackers on the same network to execute arbitrary code with a CVSS…
Lexmark CX532adwe getCFFNames Heap-based Buffer Overflow Remote Code Execution Vulnerability
A critical remote code execution vulnerability affects Lexmark CX532adwe printers, allowing network-adjacent attackers to execute arbitrary code…
Lexmark CX532adwe usecmap Type Confusion Remote Code Execution Vulnerability
A critical unauthenticated remote code execution vulnerability (CVE-2025-65080) has been discovered in Lexmark CX532adwe multifunction printers,…
NVIDIA Megatron-LM load_base_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability
NVIDIA's Megatron-LM contains a remote code execution vulnerability (CVE-2026-24149) with a CVSS score of 7.8 that allows attackers to execute…
NVIDIA Triton Inference Server EVBufferToJson Uncaught Exception Denial-of-Service Vulnerability
NVIDIA Triton Inference Server contains a remote denial-of-service vulnerability (CVE-2025-33201) that can be exploited without authentication to…
CyberArk Endpoint Privilege Management Improper Privilege Management Local Privilege Escalation Vulnerability
CVE-2025-66374 is a privilege escalation vulnerability in CyberArk Endpoint Privilege Management that allows local attackers with low-privileged…
Apple Safari JavaScriptCore FTL New Array Materialization Type Confusion Remote Code Execution Vulnerability
Apple Safari contains a remote code execution vulnerability (CVE-2025-46298) that allows attackers to execute arbitrary code on affected systems when…
AzeoTech DAQFactory Pro CTL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
A remote code execution vulnerability (CVE-2025-66589) has been discovered in AzeoTech DAQFactory that allows attackers to execute arbitrary code on…
Apple macOS AppleIntelKBLGraphics Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2025-43283 is a medium-severity information disclosure vulnerability affecting Apple macOS that allows local attackers with low-privileged code…
Progress Software Kemp LoadMaster delcert Command Injection Remote Code Execution Vulnerability
Progress Software's Kemp LoadMaster contains a remote code execution vulnerability (CVE-2025-13447) that allows authenticated network-adjacent…
Progress Software Kemp LoadMaster addapikey Command Injection Remote Code Execution Vulnerability
Progress Software's Kemp LoadMaster contains a code execution vulnerability (CVE-2025-13447) that allows authenticated network-adjacent attackers to…
Progress Software Kemp LoadMaster getcipherset Command Injection Remote Code Execution Vulnerability
Progress Software's Kemp LoadMaster contains a code execution vulnerability (CVE-2025-13444) that allows authenticated network-adjacent attackers to…