ZDI Advisories
722 advisoriesZero Day Initiative vulnerability advisories – published disclosures and upcoming publications.
WatchGuard
WatchGuard is a network security company known for firewalls and threat management solutions.
MLflow
MLflow is an open-source machine learning platform used for experiment tracking and model management.
OriginLab
OriginLab Corporation develops OriginPro, a widely-used data analysis and graphing software popular in scientific and engineering communities.
Adobe
Adobe, a leading software company known for creative and productivity applications, has a medium-severity vulnerability (CVSS 5.4) that can be…
Dify
Dify is an open-source low-code platform for building AI applications and workflows.
Adobe
Adobe, a leading software company known for creative and productivity applications, has a high-severity local privilege escalation vulnerability…
TrendAI
TrendAI is a vendor in the artificial intelligence/machine learning security space.
Microsoft Azure MCP AzureCliService Command Injection Remote Code Execution Vulnerability
A critical remote code execution vulnerability (CVSS 9.8) has been discovered in Microsoft Azure that requires no authentication to exploit, allowing…
Fortinet
Fortinet is a well-known cybersecurity vendor specializing in network security appliances and firewall solutions.
Canon imageCLASS MF654Cdw BJNP Memory Corruption Remote Code Execution Vulnerability
CVE-2025-14233 is a critical unauthenticated remote code execution vulnerability affecting Canon imageCLASS MF654Cdw printers that allows…
Samsung Galaxy S25 Samsung Account Open Redirect Security Bypass Vulnerability
A medium-severity security bypass vulnerability (CVE-2025-58487) has been identified in Samsung Galaxy S25 devices that allows remote attackers to…
Samsung Galaxy S25 Samsung Account Cross-Site Scripting Remote Code Execution Vulnerability
This vulnerability in Samsung Galaxy S25 allows unauthenticated remote attackers to execute arbitrary scripts on affected devices, potentially…
Samsung Galaxy S25 Smart Touch Call Application Protection Mechanism Failure Information Disclosure Vulnerability
Samsung Galaxy S25 devices contain a remote information disclosure vulnerability (CVE-2025-58488) that allows attackers to access sensitive data if…
G DATA
G DATA is a German cybersecurity firm known for antivirus and endpoint protection software.
Adobe
Adobe, a major software company known for creative and document processing applications, has a high-severity vulnerability (CVSS 7.5) that can be…
Arista
Arista is a well-known networking equipment vendor that produces switches, routers, and cloud networking solutions.
GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
GIMP contains a remote code execution vulnerability (CVE-2026-4153) that allows attackers to execute arbitrary code if a user opens a malicious file…
GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
GIMP contains a remote code execution vulnerability (CVE-2026-4152) with a CVSS score of 7.8 that allows attackers to execute arbitrary code when a…
GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability
GIMP contains a remote code execution vulnerability (CVE-2026-4150) with a CVSS score of 7.8 that allows attackers to execute arbitrary code when a…
GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability
A high-severity remote code execution vulnerability (CVE-2026-4154) affects GIMP and allows attackers to execute arbitrary code if a user opens a…
GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability
GIMP contains a remote code execution vulnerability (CVE-2026-4151) that allows attackers to execute arbitrary code if a user opens a malicious file…
QNAP TS-453E smbd domain_name Argument Injection Authentication Bypass Vulnerability
This vulnerability (CVE-2025-62847) affects QNAP TS-453E NAS devices and allows network-adjacent attackers to completely bypass authentication…
Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability
The Sonos Era 300 speaker contains a critical remote code execution vulnerability (CVE-2026-4149) that allows unauthenticated attackers to execute…
Microsoft Exchange InterceptorSmtpAgent Improper Input Validation Security Feature Bypass Vulnerability
A medium-severity vulnerability (CVE-2026-21527) in Microsoft Exchange allows unauthenticated remote attackers to bypass a security feature,…
Delta Electronics ASDA-Soft PAR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
Delta Electronics ASDA-Soft contains a remote code execution vulnerability (CVE-2026-1361) rated 7.8 HIGH, which attackers can exploit by tricking…
Samsung Galaxy S25 Samsung Members Open Redirect Security Bypass Vulnerability
A medium-severity security bypass vulnerability exists in Samsung Galaxy S25 devices that allows remote attackers to circumvent security controls…
GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
GIMP contains a remote code execution vulnerability (CVE-2026-2049) with a CVSS score of 7.8 that allows attackers to execute arbitrary code if a…
QNAP TS-453E conn_log_tool Format String Remote Code Execution Vulnerability
A network-adjacent attacker can execute arbitrary code on QNAP TS-453E NAS devices (CVE-2025-62848) by bypassing the authentication mechanism,…
Canon imageCLASS MF654Cdw PJCC Request Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
Canon imageCLASS MF654Cdw printers contain a critical remote code execution vulnerability (CVE-2025-14234) that allows network-adjacent attackers to…
Schneider Electric EcoStruxure Data Center Expert Hard-coded Password Remote Code Execution Vulnerability
Schneider Electric EcoStruxure Data Center Expert contains a critical vulnerability (CVE-2025-13957) that allows authenticated remote attackers to…