Published Advisories

The following is a list of all publicly disclosed vulnerabilities discovered by TrendAI™ Zero Day Initiative™ (ZDI) researchers. While the affected vendor is working on a patch for these vulnerabilities, TrendAI™ customers are protected from exploitation by security filters delivered ahead of public disclosure.

All security vulnerabilities that are acquired by TrendAI™ ZDI are handled according to TrendAI™ ZDI's disclosure policy. Once the affected vendor patches the vulnerability, we publish an accompanying security advisory that describes the issue, including links to the vendor's fixes.

Published Upcoming

ZDI ID	ZDI CAN	Vendor/Product	CVE	CVSS	Published	Updated
ZDI-26-360	ZDI-CAN-30289	MATE Desktop	CVE-2026-52849	7.8	2026-06-11	2026-06-11	MATE Desktop Atril Document Viewer EPUB File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-359	ZDI-CAN-30288	Samsung	CVE-2026-8916	7.8	2026-06-11	2026-06-11	Samsung rlottie Numeric Truncation Remote Code Execution Vulnerability
ZDI-26-358	ZDI-CAN-28236	Allegra	CVE-2026-11443	4.6	2026-06-11	2026-06-11	Allegra downloadAttachment Cross-Site Scripting Authentication Bypass Vulnerability
ZDI-26-357	ZDI-CAN-28208	Allegra	CVE-2026-11442	6.5	2026-06-11	2026-06-11	Allegra exportReport Directory Traversal Information Disclosure Vulnerability
ZDI-26-356	ZDI-CAN-30089	Apache	CVE-2026-34032	3.7	2026-06-11	2026-06-11	Apache HTTP Server mod_proxy_ajp Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-26-355	ZDI-CAN-28816	Adobe	CVE-2026-27220	7.8	2026-06-10	2026-06-10	Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability
ZDI-26-354	ZDI-CAN-29987	Adobe	CVE-2026-47919	7.8	2026-06-09	2026-06-09	Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability
ZDI-26-353	ZDI-CAN-30387	Adobe	CVE-2026-47918	7.8	2026-06-09	2026-06-09	Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability
ZDI-26-352	ZDI-CAN-30689	Adobe	CVE-2026-47917	7.8	2026-06-09	2026-06-09	Adobe Acrobat Pro DC AcroForm Use-After-Free Remote Code Execution Vulnerability
ZDI-26-351	ZDI-CAN-30375	Adobe	CVE-2026-48292	7.8	2026-06-09	2026-06-09	Adobe USD-Fileformat-plugins Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-350	ZDI-CAN-29653	Adobe	CVE-2026-48291	7.8	2026-06-09	2026-06-09	Adobe USD-Fileformat-plugins Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-349	ZDI-CAN-29886	Adobe	CVE-2026-47915	7.8	2026-06-09	2026-06-09	Adobe Acrobat Pro DC Annots.api Use-After-Free Remote Code Execution Vulnerability
ZDI-26-348	ZDI-CAN-29896	Adobe	CVE-2026-47914	7.8	2026-06-09	2026-06-09	Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability
ZDI-26-347	ZDI-CAN-29409	Adobe	CVE-2026-47913	7.8	2026-06-09	2026-06-09	Adobe Acrobat Reader DC Multimedia Rendition Use-After-Free Remote Code Execution Vulnerability
ZDI-26-346	ZDI-CAN-29433	Adobe	CVE-2026-47924	3.3	2026-06-09	2026-06-09	Adobe Acrobat Reader DC Annotation Use-After-Free Information Disclosure Vulnerability
ZDI-26-345	ZDI-CAN-30015	Adobe	CVE-2026-47912	7.8	2026-06-09	2026-06-09	Adobe Acrobat Reader DC Font Handling Use-After-Free Remote Code Execution Vulnerability
ZDI-26-344	ZDI-CAN-29477	Adobe	CVE-2026-47923	3.3	2026-06-09	2026-06-09	Adobe Acrobat Reader DC Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-26-343	ZDI-CAN-29828	Adobe	CVE-2026-47911	7.8	2026-06-09	2026-06-09	Adobe Acrobat Reader DC TIF File Parsing Integer Overflow Remote Code Execution Vulnerability
ZDI-26-342	ZDI-CAN-30437	Progress Software	CVE-2026-8037	9.8	2026-06-09	2026-06-09	Progress Software Kemp LoadMaster apiuser Uninitialized Memory Remote Code Execution Vulnerability
ZDI-26-341	ZDI-CAN-30439	Progress Software	CVE-2026-8037	7.2	2026-06-09	2026-06-09	Progress Software Kemp LoadMaster dolistapikeys Uninitialized Memory Remote Code Execution Vulnerability
ZDI-26-340	ZDI-CAN-30438	Progress Software	CVE-2026-8037	8.8	2026-06-09	2026-06-09	Progress Software Kemp LoadMaster dodelapikey Uninitialized Memory Remote Code Execution Vulnerability
ZDI-26-339	ZDI-CAN-28792	Microsoft	CVE-2026-48565	7.0	2026-06-09	2026-06-09	Microsoft Windows Narrator Braille Support brlapi Exposed Dangerous Function Local Privilege Escalation Vulnerability
ZDI-26-338	ZDI-CAN-28649	NVIDIA	CVE-2026-24162	7.8	2026-06-09	2026-06-09	NVIDIA Transformers4Rec Model.load Deserialization of Untrusted Data Remote Code Execution Vulnerability
ZDI-26-337	ZDI-CAN-28736	X.Org	CVE-2026-34003	7.8	2026-06-09	2026-06-09	X.Org Server CheckKeyTypes Buffer Overflow Privilege Escalation Vulnerability
ZDI-26-336	ZDI-CAN-28737	X.Org	CVE-2026-34002	6.1	2026-06-09	2026-06-09	X.Org Server CheckKeyActions Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-26-335	ZDI-CAN-28706	X.Org	CVE-2026-34001	7.8	2026-06-09	2026-06-09	X.Org Server SyncAwaitFence Use-After-Free Privilege Escalation Vulnerability
ZDI-26-334	ZDI-CAN-28679	X.Org	CVE-2026-34000	6.1	2026-06-09	2026-06-09	X.Org Server CheckSetGeom Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-26-333	ZDI-CAN-28593	X.Org	CVE-2026-33999	7.8	2026-06-09	2026-06-09	X.Org Server XkbSetCompatMap Integer Underflow Privilege Escalation Vulnerability
ZDI-26-332	ZDI-CAN-27578	QEMU	CVE-2026-3886	8.8	2026-06-09	2026-06-09	QEMU calc_image_hostmem Integer Overflow Local Privilege Escalation Vulnerability
ZDI-26-331	ZDI-CAN-31431	Microsoft	CVE-2026-45495	7.5	2026-06-04	2026-06-04	(Pwn2Own) Microsoft Edge Feedback Log File Handling Directory Traversal Remote Code Execution Vulnerability
ZDI-26-330	ZDI-CAN-31430	Microsoft	CVE-2026-45494	5.0	2026-06-04	2026-06-04	(Pwn2Own) Microsoft Edge Navigation Handling Universal Cross-Site Scripting Vulnerability
ZDI-26-329	ZDI-CAN-31429	Microsoft	CVE-2026-45492	4.3	2026-06-04	2026-06-04	(Pwn2Own) Microsoft Edge Origin Validation Error Security Bypass Vulnerability
ZDI-26-328	ZDI-CAN-28489	ASUS	CVE-2026-7480	7.8	2026-06-10	2026-06-10	ASUS MyASUS Origin Validation Error Local Privilege Escalation Vulnerability
ZDI-26-327	ZDI-CAN-30796	Docker	CVE-2026-8936	6.5	2026-06-03	2026-06-03	Docker Desktop grpcfuse Kernel Module Uncontrolled Recursion Denial-of-Service Vulnerability
ZDI-26-326	ZDI-CAN-27982	TrendAI	CVE-2026-45208	7.8	2026-05-28	2026-05-29	TrendAI Vision One Security Agent Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
ZDI-26-325	ZDI-CAN-29177	TrendAI	CVE-2026-45207	7.8	2026-05-28	2026-05-29	TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
ZDI-26-324	ZDI-CAN-28118	TrendAI	CVE-2026-45206	7.8	2026-05-28	2026-05-29	TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
ZDI-26-323	ZDI-CAN-28089	TrendAI	CVE-2026-34930	7.8	2026-05-28	2026-05-29	TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
ZDI-26-322	ZDI-CAN-28077	TrendAI	CVE-2026-34929	7.8	2026-05-28	2026-05-29	TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
ZDI-26-321	ZDI-CAN-28061	TrendAI	CVE-2026-34928	7.8	2026-05-28	2026-05-29	TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
ZDI-26-320	ZDI-CAN-27959	TrendAI	CVE-2026-34927	7.8	2026-05-28	2026-05-29	TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
ZDI-26-319	ZDI-CAN-29249	Progress Software	CVE-2026-3517	8.8	2026-05-21	2026-05-21	Progress Software Kemp LoadMaster addcountry Command Injection Remote Code Execution Vulnerability
ZDI-26-318	ZDI-CAN-29222	Progress Software	CVE-2026-3518	8.8	2026-05-21	2026-05-21	Progress Software Kemp LoadMaster ssodomain_killsession Command Injection Remote Code Execution Vulnerability
ZDI-26-317	ZDI-CAN-27349	Siemens	CVE-2025-12659	7.8	2026-05-12	2026-05-15	Siemens Simcenter Femap IPT File Parsing Memory Corruption Remote Code Execution Vulnerability
ZDI-26-316	ZDI-CAN-27389	Siemens	CVE-2025-12659	7.8	2026-05-12	2026-05-15	Siemens Simcenter Femap IPT File Parsing Memory Corruption Remote Code Execution Vulnerability
ZDI-26-315	ZDI-CAN-29240	Apple	CVE-2026-28941	3.3	2026-05-12	2026-05-12	Apple macOS USD Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-26-314	ZDI-CAN-29239	Apple	CVE-2026-28940	7.8	2026-05-12	2026-05-12	Apple macOS USD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-26-313	ZDI-CAN-29186	Apple	CVE-2026-28847	8.8	2026-05-12	2026-05-12	Apple Safari Regular Expression Duplicate Named Groups Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-312	ZDI-CAN-28879	Apple	CVE-2026-28955	7.5	2026-05-12	2026-05-12	Apple Safari Web Inspector WebCore Style Resolver Use-After-Free Remote Code Execution Vulnerability
ZDI-26-311	ZDI-CAN-28695	Apple	CVE-2026-28918	3.3	2026-05-12	2026-05-12	Apple macOS CoreSymbolication Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-26-310	ZDI-CAN-28605	Microsoft	CVE-2026-34342	4.4	2026-05-12	2026-05-12	Microsoft Windows splwow64 Race Condition Local Privilege Escalation Vulnerability
ZDI-26-309	ZDI-CAN-28559	Microsoft	CVE-2026-33838	7.8	2026-05-12	2026-05-12	Microsoft Windows Message Queueing Double Free Local Privilege Escalation Vulnerability
ZDI-26-308	ZDI-CAN-28617	Ivanti	CVE-2026-8109	4.9	2026-05-12	2026-05-12	Ivanti Endpoint Manager RemoteControlAuth Exposed Dangerous Method Information Disclosure Vulnerability
ZDI-26-307	ZDI-CAN-29412	Flowise	CVE-2026-41265	9.8	2026-05-01	2026-05-01	FlowiseAI Flowise Airtable_Agent Code Injection Remote Code Execution Vulnerability
ZDI-26-306	ZDI-CAN-28806	Oracle	CVE-2026-35230	7.5	2026-04-28	2026-04-28	Oracle VirtualBox SoundBlaster 16 Race Condition Local Privilege Escalation Vulnerability
ZDI-26-305	ZDI-CAN-29475	OpenAI		8.6	2026-04-28	2026-04-28	(0Day) OpenAI Codex Sandbox Escape Vulnerability
ZDI-26-304	ZDI-CAN-29495	Foxit	CVE-2026-5943	7.8	2026-04-27	2026-04-27	Foxit PDF Reader AcroForm Annotation Use-After-Free Remote Code Execution Vulnerability
ZDI-26-303	ZDI-CAN-29494	Foxit	CVE-2026-5942	3.3	2026-04-27	2026-04-27	Foxit PDF Reader AcroForm Signature Use-After-Free Information Disclosure Vulnerability
ZDI-26-302	ZDI-CAN-29492	Foxit	CVE-2026-5941	7.8	2026-04-27	2026-04-27	Foxit PDF Reader AcroForm Signature Use-After-Free Remote Code Execution Vulnerability
ZDI-26-301	ZDI-CAN-29491	Foxit	CVE-2026-5940	7.8	2026-04-27	2026-04-27	Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability
ZDI-26-300	ZDI-CAN-28762	Flowise	CVE-2026-41276	8.1	2026-04-27	2026-04-27	Flowise AccountService resetPassword Authentication Bypass Vulnerability
ZDI-26-299	ZDI-CAN-28822	Docker	CVE-2026-6406	8.8	2026-04-23	2026-04-23	Docker Desktop Enhanced Container Isolation Exposed Dangerous Function Local Privilege Escalation Vulnerability
ZDI-26-298	ZDI-CAN-27564	Siemens	CVE-2026-24032	7.3	2026-04-23	2026-04-23	Siemens SINEC NMS Authentication Bypass Vulnerability
ZDI-26-297	ZDI-CAN-28759	Siemens	CVE-2026-25654	8.8	2026-04-23	2026-04-23	Siemens SINEC NMS Improper Authentication Privilege Escalation Vulnerability
ZDI-26-296	ZDI-CAN-28692	Delta Electronics	CVE-2026-5726	7.8	2026-04-23	2026-04-23	Delta Electronics ASDA-Soft PAR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-295	ZDI-CAN-23734	PublicCMS		8.2	2026-04-21	2026-04-21	(0Day) PublicCMS getXml Server-Side Request Forgery Information Disclosure Vulnerability
ZDI-26-294	ZDI-CAN-28157	Microsoft		3.5	2026-04-21	2026-04-21	(0Day) Microsoft Windows library-ms NTLM Response Information Disclosure Vulnerability
ZDI-26-293	ZDI-CAN-28651	Microsoft		4.3	2026-04-21	2026-04-21	(0Day) Microsoft Office URI Handler NTLM Response Information Disclosure Vulnerability
ZDI-26-292	ZDI-CAN-28327	QNAP	CVE-2026-22898	8.8	2026-04-15	2026-04-15	QNAP TS-453E QVRPro excpostgres Exposed Dangerous Method Remote Code Execution Vulnerability
ZDI-26-291	ZDI-CAN-28516	NI	CVE-2026-32861	7.8	2026-04-15	2026-04-15	NI LabVIEW LVCLASS File Parsing Memory Corruption Remote Code Execution Vulnerability
ZDI-26-290	ZDI-CAN-28463	NI	CVE-2026-32860	7.8	2026-04-15	2026-04-15	NI LabVIEW LVLIB File Parsing Memory Corruption Remote Code Execution Vulnerability
ZDI-26-289	ZDI-CAN-28490	Linux	CVE-2025-71066	7.5	2026-04-15	2026-04-15	Linux Kernel ETS Scheduler Race Condition Local Privilege Escalation Vulnerability
ZDI-26-288	ZDI-CAN-28713	DriveLock	CVE-2026-5492	6.5	2026-04-15	2026-04-15	DriveLock Directory Traversal Information Disclosure Vulnerability
ZDI-26-287	ZDI-CAN-28722	DriveLock	CVE-2026-5491	7.5	2026-04-15	2026-04-15	DriveLock Directory Traversal Information Disclosure Vulnerability
ZDI-26-286	ZDI-CAN-28726	DriveLock	CVE-2026-5490	8.8	2026-04-15	2026-04-15	DriveLock SQL Injection Privilege Escalation Vulnerability
ZDI-26-285	ZDI-CAN-28719	DriveLock	CVE-2026-5489	5.3	2026-04-15	2026-04-15	DriveLock Directory Traversal Information Disclosure Vulnerability
ZDI-26-284	ZDI-CAN-28746	DriveLock	CVE-2026-5487	7.5	2026-04-15	2026-04-15	DriveLock Directory Traversal Information Disclosure Vulnerability
ZDI-26-283	ZDI-CAN-29392	GStreamer	CVE-2026-5056	7.8	2026-04-15	2026-04-15	GStreamer qtdemux Stack-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-282	ZDI-CAN-28266	GIMP	CVE-2026-2050	7.8	2026-04-15	2026-04-15	GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-281	ZDI-CAN-29616	Microsoft	CVE-2026-34054	7.8	2026-04-15	2026-04-15	Microsoft vcpkg OpenSSL Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
ZDI-26-280	ZDI-CAN-28366	HP	CVE-2026-4682	8.8	2026-04-15	2026-04-15	(Pwn2Own) HP DeskJet 2855e JobStatusEvent Stack-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-279	ZDI-CAN-28793	Microsoft	CVE-2026-32183	7.5	2026-04-15	2026-04-15	Microsoft Windows Snipping Tool Improper Input Validation Remote Code Execution Vulnerability
ZDI-26-278	ZDI-CAN-28267	Microsoft	CVE-2026-33104	7.8	2026-04-15	2026-04-15	Microsoft Windows win32kfull Improper Locking Local Privilege Escalation Vulnerability
ZDI-26-277	ZDI-CAN-28540	Microsoft	CVE-2026-32073	7.8	2026-04-15	2026-04-15	Microsoft Windows afd.sys Race Condition Local Privilege Escalation Vulnerability
ZDI-26-276	ZDI-CAN-28189	Microsoft	CVE-2026-26179	7.5	2026-04-15	2026-04-15	Microsoft Windows Secure Kernel Double Free Local Privilege Escalation Vulnerability
ZDI-26-275	ZDI-CAN-27212	Microsoft		8.8	2026-04-15	2026-04-15	Microsoft Qlib _mount_nfs_uri Command Injection Remote Code Execution Vulnerability
ZDI-26-274	ZDI-CAN-27211	Microsoft		7.8	2026-04-15	2026-04-15	Microsoft Qlib fit Deserialization of Untrusted Data Remote Code Execution Vulnerability
ZDI-26-273	ZDI-CAN-28054	Microsoft		7.8	2026-04-15	2026-04-15	Microsoft Olive Deserialization of Untrusted Data Remote Code Execution Vulnerability
ZDI-26-272	ZDI-CAN-29041	ATEN	CVE-2026-5057	7.5	2026-04-15	2026-04-15	ATEN Unizon RpcProvider Missing Authentication Denial-of-Service Vulnerability
ZDI-26-271	ZDI-CAN-29388	Avast	CVE-2026-5424	7.8	2026-04-15	2026-04-15	Avast Premium Security Gen Self Protection Driver Exposed Dangerous Function Local Privilege Escalation Vulnerability
ZDI-26-270	ZDI-CAN-27976	TrendAI	CVE-2025-54987	9.8	2026-04-15	2026-04-15	TrendAI Apex One Console Directory Traversal Remote Code Execution Vulnerability
ZDI-26-269	ZDI-CAN-27975	TrendAI	CVE-2025-54948	9.8	2026-04-15	2026-04-15	TrendAI Apex One Console Directory Traversal Remote Code Execution Vulnerability
ZDI-26-268	ZDI-CAN-28705	Samsung	CVE-2026-25203	7.8	2026-04-15	2026-04-15	Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability
ZDI-26-267	ZDI-CAN-22936	Malwarebytes		7.8	2026-04-15	2026-04-15	Malwarebytes Anti-Malware Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
ZDI-26-266	ZDI-CAN-28661	Fortinet	CVE-2026-40688	8.8	2026-04-15	2026-04-15	Fortinet FortiWeb cat_cgi_paths Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-26-265	ZDI-CAN-28660	Fortinet	CVE-2026-39811	6.5	2026-04-15	2026-04-15	Fortinet FortiWeb cgi_buf_alloc Integer Overflow Denial-of-Service Vulnerability
ZDI-26-264	ZDI-CAN-29550	Adobe	CVE-2026-27305	7.5	2026-04-15	2026-04-15	Adobe ColdFusion fetchCFSettingFile Directory Traversal Information Disclosure Vulnerability
ZDI-26-263	ZDI-CAN-30200	Adobe	CVE-2026-27282	6.5	2026-04-15	2026-04-15	Adobe ColdFusion subscribeToEndpoints Authentication Bypass Vulnerability
ZDI-26-262	ZDI-CAN-29549	Adobe	CVE-2026-34619	5.4	2026-04-15	2026-04-15	Adobe ColdFusion deleteVersion Directory Traversal Arbitrary File Deletion Vulnerability
ZDI-26-261	ZDI-CAN-27431	Docker		7.5	2026-04-15	2026-04-21	(0Day) Docker Desktop credentialHelper Directory Traversal Privilege Escalation Vulnerability
ZDI-26-260	ZDI-CAN-27571	Docker		7.5	2026-04-15	2026-04-21	(0Day) Docker Desktop System Editor Uncontrolled Search Path Element Privilege Escalation Vulnerability
ZDI-26-259	ZDI-CAN-27430	Docker		7.8	2026-04-15	2026-04-21	(0Day) Docker Desktop cli-plugins Incorrect Permission Assignment Local Privilege Escalation Vulnerability
ZDI-26-258	ZDI-CAN-27229	Docker		8.2	2026-04-15	2026-04-21	(0Day) Docker Desktop extension-manager Exposed Dangerous Function Local Privilege Escalation Vulnerability
ZDI-26-257	ZDI-CAN-25720	Labcenter Electronics	CVE-2026-5495	7.8	2026-04-06	2026-04-21	(0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-26-256	ZDI-CAN-25719	Labcenter Electronics	CVE-2026-5494	7.8	2026-04-06	2026-04-21	(0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-26-255	ZDI-CAN-25718	Labcenter Electronics	CVE-2026-5493	7.8	2026-04-06	2026-04-21	(0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-26-254	ZDI-CAN-25717	Labcenter Electronics	CVE-2026-5496	7.8	2026-04-06	2026-04-21	(0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability
ZDI-26-253	ZDI-CAN-29184	Microsoft	CVE-2026-21518	7.8	2026-04-02	2026-04-02	Microsoft Visual Studio Code mcp.json Command Injection Remote Code Execution Vulnerability
ZDI-26-252	ZDI-CAN-29301	Mozilla	CVE-2026-4698	8.8	2026-04-02	2026-04-02	Mozilla Firefox IonMonkey Switch Statement Optimization Type Confusion Remote Code Execution Vulnerability
ZDI-26-251	ZDI-CAN-28595	Foxit	CVE-2026-3775	7.8	2026-04-02	2026-04-02	Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
ZDI-26-250	ZDI-CAN-28893	Linux	CVE-2026-23092	8.2	2026-03-31	2026-03-31	Linux Kernel Analog Device Driver Improper Validation of Array Index Local Privilege Escalation Vulnerability
ZDI-26-249	ZDI-CAN-28494	NoMachine	CVE-2026-5055	7.8	2026-03-30	2026-03-30	NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
ZDI-26-248	ZDI-CAN-28630	NoMachine	CVE-2026-5054	7.8	2026-03-30	2026-03-30	NoMachine External Control of File Path Local Privilege Escalation Vulnerability
ZDI-26-247	ZDI-CAN-28644	NoMachine	CVE-2026-5053	7.1	2026-03-30	2026-03-30	NoMachine External Control of File Path Arbitrary File Deletion Vulnerability
ZDI-26-246	ZDI-CAN-27968	aws-mcp-server	CVE-2026-5058	9.8	2026-03-30	2026-04-21	(0Day) aws-mcp-server Command Injection Remote Code Execution Vulnerability
ZDI-26-245	ZDI-CAN-27969	aws-mcp-server	CVE-2026-5059	9.8	2026-04-21	2026-04-21	(0Day) aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability
ZDI-26-244	ZDI-CAN-25846	QNAP	CVE-2024-13088	5.0	2026-03-30	2026-03-30	(Pwn2Own) QNAP QHora-322 miro_webserver_controllers_api_login_singIn Authentication Bypass Vulnerability
ZDI-26-243	ZDI-CAN-28428	QNAP	CVE-2025-62842	6.8	2026-03-30	2026-03-30	(Pwn2Own) QNAP TS-453E write_file_to_svr External Control of File Path Remote Code Execution Vulnerability
ZDI-26-242	ZDI-CAN-28426	QNAP	CVE-2025-62840	3.5	2026-03-30	2026-03-30	(Pwn2Own) QNAP TS-453E server_handlers.pyc rr2s.kwargs Error Message Information Disclosure Vulnerability
ZDI-26-241	ZDI-CAN-28424	QNAP	CVE-2025-62846	8.8	2026-03-30	2026-03-30	(Pwn2Own) QNAP QHora-322 qvpn_db_mgr username SQL Injection Remote Code Execution Vulnerability
ZDI-26-240	ZDI-CAN-28423	QNAP	CVE-2025-62845	6.3	2026-03-30	2026-03-30	(Pwn2Own) QNAP QHora-322 qvpn_db_mgr role_type Improper Neutralization of Escape Sequences Authentication Bypass Vulnerability
ZDI-26-239	ZDI-CAN-28422	QNAP	CVE-2025-62844	5.6	2026-03-30	2026-03-30	(Pwn2Own) QNAP QHora-322 login.newAuthMiddleware.Authenticator Authentication Bypass Vulnerability
ZDI-26-238	ZDI-CAN-22236	Linux	CVE-2023-6270	7.8	2026-03-30	2026-03-30	Linux Kernel AoE Driver Use-After-Free Local Privilege Escalation Vulnerability
ZDI-26-237	ZDI-CAN-28371	QNAP	CVE-2025-62843	6.3	2026-03-30	2026-03-30	(Pwn2Own) QNAP QHora-322 ip6_wanifset Improper Restriction of Communication Channel to Intended Endpoints Firewall Bypass Vulnerability
ZDI-26-236	ZDI-CAN-28152	Digilent	CVE-2026-0954	7.8	2026-03-30	2026-03-30	Digilent DASYLab DSB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-26-235	ZDI-CAN-28446	Digilent	CVE-2026-0957	7.8	2026-03-30	2026-03-30	Digilent DASYLab DSA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-26-234	ZDI-CAN-28445	Digilent	CVE-2026-0956	7.8	2026-03-30	2026-03-30	Digilent DASYLab DSA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
ZDI-26-233	ZDI-CAN-28444	Digilent	CVE-2026-0955	7.8	2026-03-30	2026-03-30	Digilent DASYLab DSA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
ZDI-26-232	ZDI-CAN-27173	Red Hat	CVE-2025-40277	8.8	2026-03-30	2026-03-30	(Pwn2Own) Red Hat Enterprise Linux vmwgfx Driver Integer Overflow Local Privilege Escalation Vulnerability
ZDI-26-231	ZDI-CAN-28499	Apple	CVE-2026-20695	3.8	2026-03-30	2026-03-30	Apple macOS Exposure of Sensitive Information to Unauthorized Sphere Information Disclosure Vulnerability
ZDI-26-230	ZDI-CAN-28894	Apple	CVE-2026-20690	8.8	2026-03-30	2026-03-30	Apple macOS CoreMedia Framework Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-26-229	ZDI-CAN-29381	OpenClaw	CVE-2026-3691	5.3	2026-03-30	2026-03-30	OpenClaw Client PKCE Verifier Information Disclosure Vulnerability
ZDI-26-228	ZDI-CAN-29311	OpenClaw	CVE-2026-3690	7.4	2026-03-30	2026-03-30	OpenClaw Canvas Authentication Bypass Vulnerability
ZDI-26-227	ZDI-CAN-29312	OpenClaw	CVE-2026-3689	6.5	2026-03-30	2026-03-30	OpenClaw Canvas Path Traversal Information Disclosure Vulnerability
ZDI-26-226	ZDI-CAN-28042	Microsoft		9.8	2026-03-24	2026-04-21	(0Day) Microsoft Azure MCP AzureCliService Command Injection Remote Code Execution Vulnerability
ZDI-26-225	ZDI-CAN-28457	Samsung	CVE-2025-58487	5.6	2026-03-23	2026-03-23	(Pwn2Own) Samsung Galaxy S25 Samsung Account Open Redirect Security Bypass Vulnerability
ZDI-26-224	ZDI-CAN-28456	Samsung	CVE-2025-58486	6.3	2026-03-23	2026-03-23	(Pwn2Own) Samsung Galaxy S25 Samsung Account Cross-Site Scripting Remote Code Execution Vulnerability
ZDI-26-223	ZDI-CAN-28331	Samsung	CVE-2025-58488	5.9	2026-03-23	2026-03-23	(Pwn2Own) Samsung Galaxy S25 Smart Touch Call Application Protection Mechanism Failure Information Disclosure Vulnerability
ZDI-26-222	ZDI-CAN-28369	Canon	CVE-2025-14233	8.8	2026-03-23	2026-03-23	(Pwn2Own) Canon imageCLASS MF654Cdw BJNP Memory Corruption Remote Code Execution Vulnerability
ZDI-26-221	ZDI-CAN-28901	GIMP	CVE-2026-4154	7.8	2026-03-19	2026-03-19	GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability
ZDI-26-220	ZDI-CAN-28874	GIMP	CVE-2026-4153	7.8	2026-03-19	2026-03-19	GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-219	ZDI-CAN-28863	GIMP	CVE-2026-4152	7.8	2026-03-19	2026-03-19	GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-218	ZDI-CAN-28813	GIMP	CVE-2026-4151	7.8	2026-03-19	2026-03-19	GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability
ZDI-26-217	ZDI-CAN-28807	GIMP	CVE-2026-4150	7.8	2026-03-19	2026-03-19	GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability
ZDI-26-216	ZDI-CAN-28353	QNAP	CVE-2025-62847	6.3	2026-03-17	2026-03-17	(Pwn2Own) QNAP TS-453E smbd domain_name Argument Injection Authentication Bypass Vulnerability
ZDI-26-215	ZDI-CAN-29156	KeePassXC	CVE-2026-4158	7.3	2026-03-16	2026-03-16	KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
ZDI-26-214	ZDI-CAN-28618	GIMP	CVE-2026-2049	7.8	2026-03-16	2026-03-16	GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-213	ZDI-CAN-28405	GIMP	CVE-2026-2046	7.8	2026-03-16	2026-03-16	GIMP LBM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-212	ZDI-CAN-28034	Schneider Electric	CVE-2025-13957	8.8	2026-03-16	2026-03-16	Schneider Electric EcoStruxure Data Center Expert Hard-coded Password Remote Code Execution Vulnerability
ZDI-26-211	ZDI-CAN-28685	Delta Electronics	CVE-2026-1361	7.8	2026-03-16	2026-03-16	Delta Electronics ASDA-Soft PAR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-210	ZDI-CAN-28233	Samsung	CVE-2025-21079	5.4	2026-03-16	2026-03-16	(Pwn2Own) Samsung Galaxy S25 Samsung Members Security Feature Bypass Vulnerability
ZDI-26-209	ZDI-CAN-28455	Samsung	CVE-2025-21079	5.0	2026-03-16	2026-03-16	(Pwn2Own) Samsung Galaxy S25 Samsung Members Open Redirect Security Bypass Vulnerability
ZDI-26-208	ZDI-CAN-28363	Canon	CVE-2025-14237	8.8	2026-03-16	2026-03-16	(Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Integer Overflow Remote Code Execution Vulnerability
ZDI-26-207	ZDI-CAN-28373	Canon	CVE-2025-14236	8.8	2026-03-16	2026-03-16	(Pwn2Own) Canon imageCLASS MF654Cdw dtdc_addr_importSub Stack-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-206	ZDI-CAN-28349	Canon	CVE-2025-14235	8.8	2026-03-16	2026-03-16	(Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-26-205	ZDI-CAN-28334	Canon	CVE-2025-14234	8.8	2026-03-16	2026-03-16	(Pwn2Own) Canon imageCLASS MF654Cdw PJCC Request Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-204	ZDI-CAN-28268	Canon	CVE-2025-14232	8.8	2026-03-16	2026-03-16	(Pwn2Own) Canon imageCLASS MF654Cdw XPS Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-203	ZDI-CAN-28346	Canon	CVE-2025-14231	8.8	2026-03-16	2026-03-16	(Pwn2Own) Canon imageCLASS MF654Cdw XML SOAP Request Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-202	ZDI-CAN-28475	QNAP	CVE-2025-59389	8.0	2026-03-16	2026-03-16	(Pwn2Own) QNAP TS-453E Hyper Data Protector Plugin query_original_file_size SQL Injection Remote Code Execution Vulnerability
ZDI-26-201	ZDI-CAN-28358	QNAP	CVE-2025-59388	6.3	2026-03-16	2026-03-16	(Pwn2Own) QNAP TS-453E Hyper Data Protector Plugin Hard-Coded Credentials Authentication Bypass Vulnerability
ZDI-26-200	ZDI-CAN-28436	QNAP	CVE-2025-62849	8.0	2026-03-16	2026-03-17	(Pwn2Own) QNAP TS-453E nvrlog_event_add msg SQL Injection Remote Code Execution Vulnerability
ZDI-26-199	ZDI-CAN-28435	QNAP	CVE-2025-62848	5.5	2026-03-16	2026-03-16	(Pwn2Own) QNAP TS-453E conn_log_tool Format String Remote Code Execution Vulnerability
ZDI-26-198	ZDI-CAN-28324	QNAP	CVE-2025-11837	8.8	2026-03-16	2026-03-16	(Pwn2Own) QNAP TS-453E malware_remover Code Injection Remote Code Execution Vulnerability
ZDI-26-197	ZDI-CAN-26338	ChargePoint	CVE-2026-4157	7.5	2026-03-16	2026-03-16	(Pwn2Own) ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability
ZDI-26-196	ZDI-CAN-26339	ChargePoint	CVE-2026-4156	7.5	2026-03-16	2026-03-16	(Pwn2Own) ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-195	ZDI-CAN-26340	ChargePoint	CVE-2026-4155	7.5	2026-03-16	2026-03-16	(Pwn2Own) ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability
ZDI-26-194	ZDI-CAN-28462	Microsoft	CVE-2026-21527	5.3	2026-03-16	2026-03-16	Microsoft Exchange InterceptorSmtpAgent Improper Input Validation Security Feature Bypass Vulnerability
ZDI-26-193	ZDI-CAN-17464	Linux	CVE-2022-1972	3.8	2026-03-16	2026-03-16	(Pwn2Own) Linux Kernel nf_tables_newset Out-Of-Bounds Write Information Disclosure Vulnerability
ZDI-26-192	ZDI-CAN-28345	Sonos	CVE-2026-4149	10.0	2026-03-16	2026-03-16	Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability
ZDI-26-191	ZDI-CAN-17443	Linux	CVE-2022-32250	8.8	2026-03-16	2026-03-16	(Pwn2Own) Linux Kernel nf_tables Use-After-Free Privilege Escalation Vulnerability
ZDI-26-190	ZDI-CAN-27175	VMware	CVE-2025-41238	8.2	2026-03-16	2026-03-16	(Pwn2Own) VMware Workstation PVSCSI Heap-based Buffer Overflow Local Privilege Escalation Vulnerability
ZDI-26-189	ZDI-CAN-27157	VMware	CVE-2025-41236	8.2	2026-03-16	2026-03-16	(Pwn2Own) VMware ESXi VMXNET3 Integer Overflow Local Privilege Escalation Vulnerability
ZDI-26-188	ZDI-CAN-27176	VMware	CVE-2025-41237	8.2	2026-03-16	2026-03-16	(Pwn2Own) VMware ESXi VMCI Integer Underflow Local Privilege Escalation Vulnerability
ZDI-26-187	ZDI-CAN-19674	Synology	CVE-2022-45188	9.8	2026-03-16	2026-03-16	(Pwn2Own) Synology DiskStation Manager Netatalk Library Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-186	ZDI-CAN-27581	Fortinet	CVE-2026-24018	7.8	2026-03-10	2026-03-10	Fortinet FortiClient Link Following Local Privilege Escalation Vulnerability
ZDI-26-185	ZDI-CAN-28271	Microsoft	CVE-2026-25181	3.3	2026-03-10	2026-03-10	Microsoft Windows GDI Bitmap Parsing Out-Of-Bound Read Information Disclosure Vulnerability
ZDI-26-184	ZDI-CAN-28381	Microsoft	CVE-2026-24289	7.8	2026-03-10	2026-03-10	Microsoft Windows NDIS Driver Use-After-Free Local Privilege Escalation Vulnerability
ZDI-26-183	ZDI-CAN-28498	Microsoft	CVE-2026-24285	7.8	2026-03-10	2026-03-10	Microsoft Windows win32full Improper Release Local Privilege Escalation Vulnerability
ZDI-26-182	ZDI-CAN-28488	Microsoft	CVE-2026-24285	7.8	2026-03-10	2026-03-10	Microsoft Windows win32full Improper Release Local Privilege Escalation Vulnerability
ZDI-26-181	ZDI-CAN-28487	Microsoft	CVE-2026-24285	7.8	2026-03-10	2026-03-10	Microsoft Windows win32full Improper Release Local Privilege Escalation Vulnerability
ZDI-26-180	ZDI-CAN-28247	Microsoft	CVE-2026-23668	8.8	2026-03-10	2026-03-10	Microsoft Windows cdd Improper Locking Local Privilege Escalation Vulnerability
ZDI-26-179	ZDI-CAN-28557	Microsoft	CVE-2026-23668	8.8	2026-03-10	2026-03-10	Microsoft Windows win32kfull Improper Locking Local Privilege Escalation Vulnerability
ZDI-26-178	ZDI-CAN-28159	Microsoft	CVE-2026-23668	8.8	2026-03-10	2026-03-10	Microsoft Windows cdd Improper Locking Local Privilege Escalation Vulnerability
ZDI-26-177	ZDI-CAN-26850	Array Networks	CVE-2026-26364	7.8	2026-03-10	2026-03-10	Array Networks MotionPro ArrayInstallManager Incorrect Permission Assignment Local Privilege Escalation Vulnerability
ZDI-26-176	ZDI-CAN-28552	Apple	CVE-2026-20616	7.8	2026-03-10	2026-03-10	Apple macOS libusd_ms Alembic File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-26-175	ZDI-CAN-28081	Apple	CVE-2026-20634	3.3	2026-03-10	2026-03-10	Apple macOS ImageIO SGI File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-26-174	ZDI-CAN-28176	Apple	CVE-2026-20675	7.8	2026-03-10	2026-03-10	Apple macOS ImageIO SGI File Parsing Integer Overflow Remote Code Execution Vulnerability
ZDI-26-173	ZDI-CAN-28497	Apple	CVE-2026-20611	7.8	2026-03-10	2026-03-10	Apple macOS Audio APAC Frame Decoding Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-26-172	ZDI-CAN-28912	Unraid	CVE-2026-3839	7.3	2026-03-09	2026-03-09	Unraid Authentication Request Path Traversal Authentication Bypass Vulnerability
ZDI-26-171	ZDI-CAN-28951	Unraid	CVE-2026-3838	8.8	2026-03-09	2026-03-09	Unraid Update Request Path Traversal Remote Code Execution Vulnerability
ZDI-26-170	ZDI-CAN-28911	GStreamer	CVE-2026-3086	7.8	2026-03-06	2026-03-06	GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-26-169	ZDI-CAN-28910	GStreamer	CVE-2026-3084	7.8	2026-03-06	2026-03-06	GStreamer H.266 Codec Parser Integer Underflow Remote Code Execution Vulnerability
ZDI-26-168	ZDI-CAN-28854	GStreamer	CVE-2026-2921	7.8	2026-03-06	2026-03-06	GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability
ZDI-26-167	ZDI-CAN-28851	GStreamer	CVE-2026-3085	8.8	2026-03-06	2026-03-06	GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-166	ZDI-CAN-28850	GStreamer	CVE-2026-3083	8.8	2026-03-06	2026-03-06	GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-26-165	ZDI-CAN-28845	GStreamer	CVE-2026-2922	7.8	2026-03-06	2026-03-06	GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-26-164	ZDI-CAN-28843	GStreamer	CVE-2026-2920	7.8	2026-03-06	2026-03-06	GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-163	ZDI-CAN-28840	GStreamer	CVE-2026-3082	7.8	2026-03-06	2026-03-06	GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-162	ZDI-CAN-28839	GStreamer	CVE-2026-3081	7.8	2026-03-06	2026-03-06	GStreamer H.266 Codec Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-161	ZDI-CAN-28838	GStreamer	CVE-2026-2923	7.8	2026-03-06	2026-03-06	GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-26-160	ZDI-CAN-28480	Philips	CVE-2026-3562	6.3	2026-03-06	2026-03-06	(Pwn2Own) Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability
ZDI-26-159	ZDI-CAN-28479	Philips	CVE-2026-3561	8.0	2026-03-06	2026-03-06	(Pwn2Own) Philips Hue Bridge hk_hap characteristics Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-158	ZDI-CAN-28469	Philips	CVE-2026-3560	8.8	2026-03-06	2026-03-06	(Pwn2Own) Philips Hue Bridge HomeKit hk_hap_pair_storage_put Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-157	ZDI-CAN-28451	Philips	CVE-2026-3559	8.1	2026-03-06	2026-03-06	(Pwn2Own) Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass Vulnerability
ZDI-26-156	ZDI-CAN-28374	Philips	CVE-2026-3558	8.1	2026-03-06	2026-03-06	(Pwn2Own) Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authentication Bypass Vulnerability
ZDI-26-155	ZDI-CAN-28337	Philips	CVE-2026-3557	8.0	2026-03-06	2026-03-06	(Pwn2Own) Philips Hue Bridge hap_pair_verify_handler Sub-TLV Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-154	ZDI-CAN-28326	Philips	CVE-2026-3556	8.8	2026-03-06	2026-03-06	(Pwn2Own) Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-153	ZDI-CAN-28276	Philips	CVE-2026-3555	8.0	2026-03-06	2026-03-06	(Pwn2Own) Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-152	ZDI-CAN-28304	Docker	CVE-2025-15558	7.8	2026-03-06	2026-03-06	Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
ZDI-26-151	ZDI-CAN-28415	Delta Electronics	CVE-2026-3094	7.8	2026-03-06	2026-03-06	Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-26-150	ZDI-CAN-28379	Docker	CVE-2026-28400	7.3	2026-03-03	2026-03-03	Docker Desktop for Mac Docker Model Runner Exposed Dangerous Function Denial-of-Service Vulnerability
ZDI-26-149	ZDI-CAN-28218	Trend Micro	CVE-2025-71218	5.0	2026-03-03	2026-03-03	Trend Micro Cleaner One Pro Link Following Denial-of-Service Vulnerability
ZDI-26-148	ZDI-CAN-26039	Trend Micro	CVE-2025-71209	8.1	2026-03-03	2026-03-03	Trend Micro Apex Central Improper Authentication Privilege Escalation Vulnerability
ZDI-26-147	ZDI-CAN-26037	Trend Micro	CVE-2025-71208	8.1	2026-03-03	2026-03-03	Trend Micro Apex Central Improper Authentication Privilege Escalation Vulnerability
ZDI-26-146	ZDI-CAN-26597	Trend Micro	CVE-2025-71207	4.4	2026-03-03	2026-03-03	Trend Micro Apex Central Manual Update Server-Side Request Forgery Vulnerability
ZDI-26-145	ZDI-CAN-26598	Trend Micro	CVE-2025-71206	4.4	2026-03-03	2026-03-03	Trend Micro Apex Central Scheduled Update Server-Side Request Forgery Vulnerability
ZDI-26-144	ZDI-CAN-26618	Trend Micro	CVE-2025-71205	4.4	2026-03-03	2026-03-03	Trend Micro Apex Central Hub Server Server-Side Request Forgery Vulnerability
ZDI-26-143	ZDI-CAN-26594	Trend Micro	CVE-2025-71217	7.8	2026-03-03	2026-03-03	Trend Micro Apex One Security Agent TmSelfProtect Origin Validation Error Local Privilege Escalation Vulnerability
ZDI-26-142	ZDI-CAN-26605	Trend Micro	CVE-2025-71216	7.8	2026-03-03	2026-03-03	Trend Micro Apex One Security Agent Cache Mechanism Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
ZDI-26-141	ZDI-CAN-26609	Trend Micro	CVE-2025-71215	7.8	2026-03-03	2026-03-03	Trend Micro Apex One Security Agent iCore Service Signature Verification Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
ZDI-26-140	ZDI-CAN-26771	Trend Micro	CVE-2025-71213	7.8	2026-03-03	2026-03-03	Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability
ZDI-26-139	ZDI-CAN-26282	Trend Micro	CVE-2025-71214	7.8	2026-03-03	2026-03-03	Trend Micro Apex One Security Agent iCore Service Origin Validation Error Local Privilege Escalation Vulnerability
ZDI-26-138	ZDI-CAN-24972	Trend Micro	CVE-2025-71212	7.8	2026-03-03	2026-03-03	Trend Micro Apex One Virus Scan Engine Link Following Local Privilege Escalation Vulnerability
ZDI-26-137	ZDI-CAN-28002	Trend Micro	CVE-2025-71211	9.8	2026-03-03	2026-03-03	Trend Micro Apex One Console Directory Traversal Remote Code Execution Vulnerability
ZDI-26-136	ZDI-CAN-28001	Trend Micro	CVE-2025-71210	9.8	2026-03-03	2026-03-03	Trend Micro Apex One Console Directory Traversal Remote Code Execution Vulnerability
ZDI-26-135	ZDI-CAN-28385	LangChain	CVE-2026-27794	8.1	2026-03-03	2026-03-03	LangChain LangGraph BaseCache Deserialization of Untrusted Data Remote Code Execution Vulnerability
ZDI-26-134	ZDI-CAN-27634	Hewlett Packard Enterprise	CVE-2026-23600	7.3	2026-03-03	2026-03-03	Hewlett Packard Enterprise AutoPass License Server Authentication Bypass Vulnerability
ZDI-26-133	ZDI-CAN-28235	Music Assistant	CVE-2026-26975	8.8	2026-03-03	2026-03-03	(Pwn2Own) Music Assistant _update_library_item External Control of File Path Remote Code Execution Vulnerability
ZDI-26-132	ZDI-CAN-28108	Siemens	CVE-2026-25656	7.8	2026-02-25	2026-02-25	Siemens SINEC NMS Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
ZDI-26-131	ZDI-CAN-28107	Siemens	CVE-2026-25655	7.8	2026-02-25	2026-02-25	Siemens SINEC NMS Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
ZDI-26-130	ZDI-CAN-25440	IceWarp	CVE-2026-2493	7.5	2026-02-25	2026-02-25	IceWarp collaboration Directory Traversal Information Disclosure Vulnerability
ZDI-26-129	ZDI-CAN-23993	Socomec	CVE-2026-2491	6.3	2026-02-25	2026-02-25	Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability
ZDI-26-128	ZDI-CAN-28824	Ubiquiti Networks	CVE-2026-21634	6.5	2026-02-25	2026-02-25	(Pwn2Own) Ubiquiti Networks AI Pro Uncaught Exception Denial-of-Service Vulnerability
ZDI-26-127	ZDI-CAN-28474	Ubiquiti Networks	CVE-2026-21633	5.3	2026-02-25	2026-02-25	(Pwn2Own) Ubiquiti Networks AI Pro Cleartext Transmission Information Disclosure Vulnerability
ZDI-26-126	ZDI-CAN-28274	Ubiquiti Networks	CVE-2026-21633	5.4	2026-02-25	2026-02-25	(Pwn2Own) Ubiquiti Networks AI Pro Discovery Protocol Missing Encryption Protocol Downgrade Vulnerability
ZDI-26-125	ZDI-CAN-28631	Docker	CVE-2026-2664	6.5	2026-02-25	2026-02-25	Docker Desktop grpcfuse Kernel Module Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-26-124	ZDI-CAN-27785	claude-hovercraft	CVE-2025-15060	9.8	2026-02-25	2026-02-25	claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vulnerability
ZDI-26-123	ZDI-CAN-27562	Docker		5.5	2026-02-23	2026-02-23	Docker Desktop MCP Server Cleartext Storage of Sensitive Information Vulnerability
ZDI-26-122	ZDI-CAN-27788	PDF-XChange	CVE-2026-2040	7.3	2026-02-19	2026-02-19	PDF-XChange Editor TrackerUpdate Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
ZDI-26-121	ZDI-CAN-28591	GIMP	CVE-2026-2048	7.8	2026-02-19	2026-02-19	GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-26-120	ZDI-CAN-28530	GIMP	CVE-2026-2047	7.8	2026-02-19	2026-02-19	GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-119	ZDI-CAN-28265	GIMP	CVE-2026-2045	7.8	2026-02-19	2026-02-19	GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-26-118	ZDI-CAN-28158	GIMP	CVE-2026-2044	7.8	2026-02-19	2026-02-19	GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability
ZDI-26-117	ZDI-CAN-27909	RustDesk	CVE-2026-2490	5.5	2026-02-19	2026-02-19	RustDesk Client for Windows Transfer File Link Following Information Disclosure Vulnerability
ZDI-26-116	ZDI-CAN-25480	TensorFlow	CVE-2026-2492	7.0	2026-02-19	2026-02-19	TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
ZDI-26-115	ZDI-CAN-25710	Fortinet	CVE-2025-62676	7.8	2026-02-19	2026-02-19	Fortinet FortiClient VPN FCConfig Utility Link Following Local Privilege Escalation Vulnerability
ZDI-26-114	ZDI-CAN-28404	Dassault Systèmes	CVE-2026-1335	7.8	2026-02-19	2026-02-19	Dassault Systèmes eDrawings Viewer EPRT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-26-113	ZDI-CAN-28378	Dassault Systèmes	CVE-2026-1334	7.8	2026-02-19	2026-02-19	Dassault Systèmes eDrawings Viewer EPRT File Parsing Memory Corruption Remote Code Execution Vulnerability
ZDI-26-112	ZDI-CAN-28315	Dassault Systèmes	CVE-2026-1333	7.8	2026-02-19	2026-02-19	Dassault Systèmes eDrawings Viewer EPRT File Parsing Uninitialized Variable Remote Code Execution Vulnerability
ZDI-26-111	ZDI-CAN-28256	MLflow	CVE-2026-2635	9.8	2026-02-19	2026-02-19	MLflow Use of Default Password Authentication Bypass Vulnerability
ZDI-26-110	ZDI-CAN-28112	Bosch Rexroth	CVE-2025-60037, CVE-2025-60038	7.8	2026-02-19	2026-02-19	Bosch Rexroth IndraWorks Print Settings File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability
ZDI-26-109	ZDI-CAN-27994	Bosch Rexroth	CVE-2025-60035	7.8	2026-02-19	2026-02-19	Bosch Rexroth IndraWorks OPC.TestClient XML File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability
ZDI-26-108	ZDI-CAN-27996	Bosch Rexroth	CVE-2025-60036	7.8	2026-02-19	2026-02-19	Bosch Rexroth IndraWorks UA.TestClient XML File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability
ZDI-26-107	ZDI-CAN-28581	Autodesk	CVE-2026-0875	7.8	2026-02-18	2026-02-18	Autodesk AutoCAD MODEL File Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-26-106	ZDI-CAN-28417	Autodesk	CVE-2026-0874	7.8	2026-02-18	2026-02-18	Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-26-105	ZDI-CAN-26649	MLflow	CVE-2026-2033	8.1	2026-02-13	2026-02-13	MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability
ZDI-26-104	ZDI-CAN-28129	Sante	CVE-2026-2034	7.8	2026-02-13	2026-02-13	Sante DICOM Viewer Pro DCM File Parsing Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-103	ZDI-CAN-27923	Oracle	CVE-2026-21956	8.2	2026-02-13	2026-02-13	Oracle VirtualBox VMSVGA Out-Of-Bounds Access Local Privilege Escalation Vulnerability
ZDI-26-102	ZDI-CAN-27938	Oracle	CVE-2026-21957	7.5	2026-02-13	2026-02-13	Oracle VirtualBox VMSVGA Out-Of-Bounds Write Local Privilege Escalation Vulnerability
ZDI-26-101	ZDI-CAN-28080	Oracle	CVE-2026-21963	6.0	2026-02-13	2026-02-13	Oracle VirtualBox BusLogic Uninitialized Memory Information Disclosure Vulnerability
ZDI-26-100	ZDI-CAN-28079	Oracle	CVE-2026-21985	6.0	2026-02-13	2026-02-13	Oracle VirtualBox LsiLogic Uninitialized Memory Information Disclosure Vulnerability
ZDI-26-099	ZDI-CAN-27925	Oracle	CVE-2026-21984	7.5	2026-02-13	2026-02-13	Oracle VirtualBox VMSVGA Race Condition Local Privilege Escalation Vulnerability
ZDI-26-098	ZDI-CAN-27870	Oracle	CVE-2026-21955	8.2	2026-02-13	2026-02-13	Oracle VirtualBox VMSVGA Use-After-Free Local Privilege Escalation Vulnerability
ZDI-26-097	ZDI-CAN-28045	Oracle	CVE-2026-21983	7.5	2026-02-13	2026-02-13	Oracle VirtualBox VMSVGA Heap-based Buffer Overflow Local Privilege Escalation Vulnerability
ZDI-26-096	ZDI-CAN-28186	Dassault Systèmes	CVE-2026-1283	7.8	2026-02-13	2026-02-13	Dassault Systèmes eDrawings Viewer EPRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-095	ZDI-CAN-28188	Dassault Systèmes	CVE-2026-1284	7.8	2026-02-13	2026-02-13	Dassault Systèmes eDrawings Viewer EPRT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-26-094	ZDI-CAN-27478	Schneider Electric	CVE-2025-13845	7.8	2026-02-12	2026-02-12	Schneider Electric EcoStruxure Power Build SSD File Parsing Use-After-Free Remote Code Execution Vulnerability
ZDI-26-093	ZDI-CAN-27480	Schneider Electric	CVE-2025-13845	7.8	2026-02-12	2026-02-12	Schneider Electric EcoStruxure Power Build SSD File Parsing Use-After-Free Remote Code Execution Vulnerability
ZDI-26-092	ZDI-CAN-27455	Schneider Electric	CVE-2025-13845	7.8	2026-02-12	2026-02-12	Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
ZDI-26-091	ZDI-CAN-27362	Schneider Electric	CVE-2025-13845	7.8	2026-02-12	2026-02-12	Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
ZDI-26-090	ZDI-CAN-27364	Schneider Electric	CVE-2025-13845	7.8	2026-02-12	2026-02-12	Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
ZDI-26-089	ZDI-CAN-27374	Schneider Electric	CVE-2025-13845	7.8	2026-02-12	2026-02-12	Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
ZDI-26-088	ZDI-CAN-27390	Schneider Electric	CVE-2025-13845	7.8	2026-02-12	2026-02-12	Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
ZDI-26-087	ZDI-CAN-27363	Schneider Electric	CVE-2025-13845	7.8	2026-02-12	2026-02-12	Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
ZDI-26-086	ZDI-CAN-27370	Schneider Electric	CVE-2025-13845	7.8	2026-02-12	2026-02-12	Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
ZDI-26-085	ZDI-CAN-27368	Schneider Electric	CVE-2025-13845	7.8	2026-02-12	2026-02-12	Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
ZDI-26-084	ZDI-CAN-27371	Schneider Electric	CVE-2025-13845	7.8	2026-02-12	2026-02-12	Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
ZDI-26-083	ZDI-CAN-28491	Microsoft	CVE-2026-21249	3.3	2026-02-12	2026-02-12	Microsoft Windows searchConnector-ms NTLM Response Information Disclosure Vulnerability
ZDI-26-082	ZDI-CAN-28410	Microsoft	CVE-2026-21527	5.3	2026-02-12	2026-02-12	Microsoft Exchange InterceptorSmtpAgent Reliance on Untrusted Inputs Security Feature Bypass Vulnerability
ZDI-26-081	ZDI-CAN-28066	Microsoft	CVE-2026-21235	8.8	2026-02-12	2026-02-12	Microsoft Windows win32kfull Use-After-Free Local Privilege Escalation Vulnerability
ZDI-26-080	ZDI-CAN-26885	Ivanti	CVE-2026-1603	8.6	2026-02-12	2026-02-12	Ivanti Endpoint Manager AuthHelper Authentication Bypass Vulnerability
ZDI-26-079	ZDI-CAN-26863	Ivanti	CVE-2026-1602	7.2	2026-02-12	2026-02-12	Ivanti Endpoint Manager ROI SQL Injection Remote Code Execution Vulnerability
ZDI-26-078	ZDI-CAN-28131	Deciso	CVE-2026-2035	6.8	2026-02-12	2026-02-12	Deciso OPNsense diag_backup.php filename Command Injection Remote Code Execution Vulnerability
ZDI-26-077	ZDI-CAN-28597	GFI	CVE-2026-2039	7.3	2026-02-12	2026-02-12	GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability
ZDI-26-076	ZDI-CAN-27936	GFI	CVE-2026-2036	8.8	2026-02-12	2026-02-12	GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution Vulnerability
ZDI-26-075	ZDI-CAN-27934	GFI	CVE-2026-2038	7.3	2026-02-12	2026-02-12	GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability
ZDI-26-074	ZDI-CAN-27935	GFI	CVE-2026-2037	8.8	2026-02-12	2026-02-12	GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution Vulnerability
ZDI-26-073	ZDI-CAN-28250	Nagios	CVE-2026-2041	7.2	2026-02-12	2026-02-12	Nagios Host zabbixagent_configwizard_func Command Injection Remote Code Execution Vulnerability
ZDI-26-072	ZDI-CAN-28249	Nagios	CVE-2026-2043	7.2	2026-02-12	2026-02-12	Nagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution Vulnerability
ZDI-26-071	ZDI-CAN-28245	Nagios	CVE-2026-2042	7.2	2026-02-12	2026-02-12	Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability
ZDI-26-070	ZDI-CAN-27940	Adobe	CVE-2025-61808	7.2	2026-02-06	2026-02-06	Adobe ColdFusion CAR File Parsing Directory Traversal Remote Code Execution Vulnerability
ZDI-26-069	ZDI-CAN-26034	Xmind	CVE-2026-0777	7.8	2026-02-06	2026-02-13	(0Day) Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnerability
ZDI-26-068	ZDI-CAN-28542	Docker	CVE-2025-14740	6.7	2026-02-05	2026-02-05	Docker Desktop for Windows Incorrect Permission Assignment Privilege Escalation Vulnerability
ZDI-26-067	ZDI-CAN-28190	Docker	CVE-2025-14740	6.7	2026-02-05	2026-02-05	Docker Desktop for Windows Incorrect Permission Assignment Privilege Escalation Vulnerability
ZDI-26-066	ZDI-CAN-28333	Lexmark	CVE-2025-65079	8.8	2026-02-05	2026-02-05	(Pwn2Own) Lexmark CX532adwe getCFFNames Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-065	ZDI-CAN-28328	Lexmark	CVE-2025-65080	8.8	2026-02-05	2026-02-05	(Pwn2Own) Lexmark CX532adwe usecmap Type Confusion Remote Code Execution Vulnerability
ZDI-26-064	ZDI-CAN-28341	Lexmark	CVE-2025-65081	8.8	2026-02-05	2026-02-18	(Pwn2Own) Lexmark CX532adwe execuserobject Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-063	ZDI-CAN-28261	Lexmark	CVE-2025-65077	8.8	2026-02-05	2026-02-10	(Pwn2Own) Lexmark CX532adwe libesffls Directory Traversal Remote Code Execution Vulnerability
ZDI-26-062	ZDI-CAN-28477	Lexmark	CVE-2025-65078	7.8	2026-02-05	2026-02-10	(Pwn2Own) Lexmark CX532adwe esfhelper Untrusted Search Path Local Privilege Escalation Vulnerability
ZDI-26-061	ZDI-CAN-26889	NVIDIA	CVE-2025-33201	7.5	2026-02-04	2026-02-04	NVIDIA Triton Inference Server EVBufferToJson Uncaught Exception Denial-of-Service Vulnerability
ZDI-26-060	ZDI-CAN-27989	NVIDIA	CVE-2026-24149	7.8	2026-02-04	2026-02-04	NVIDIA Megatron-LM load_base_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability
ZDI-26-059	ZDI-CAN-26000	CyberArk	CVE-2025-66374	7.0	2026-02-03	2026-02-04	CyberArk Endpoint Privilege Management Improper Privilege Management Local Privilege Escalation Vulnerability
ZDI-26-058	ZDI-CAN-27641	AzeoTech	CVE-2025-66589	7.8	2026-02-03	2026-02-03	AzeoTech DAQFactory Pro CTL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
ZDI-26-057	ZDI-CAN-28285	Apple	CVE-2025-46298	8.8	2026-02-03	2026-02-03	Apple Safari JavaScriptCore FTL New Array Materialization Type Confusion Remote Code Execution Vulnerability
ZDI-26-056	ZDI-CAN-28035	Apple	CVE-2025-43283	6.5	2026-02-03	2026-02-03	Apple macOS AppleIntelKBLGraphics Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-26-055	ZDI-CAN-27596	Progress Software	CVE-2025-13447	6.4	2026-02-02	2026-02-02	Progress Software Kemp LoadMaster addapikey Command Injection Remote Code Execution Vulnerability
ZDI-26-054	ZDI-CAN-27595	Progress Software	CVE-2025-13447	6.8	2026-02-02	2026-02-02	Progress Software Kemp LoadMaster delapikey OS Command Injection Remote Code Execution Vulnerability
ZDI-26-053	ZDI-CAN-27591	Progress Software	CVE-2025-13447	6.4	2026-02-02	2026-02-02	Progress Software Kemp LoadMaster listapikeys Command Injection Remote Code Execution Vulnerability
ZDI-26-052	ZDI-CAN-27593	Progress Software	CVE-2025-13444	7.1	2026-02-02	2026-02-02	Progress Software Kemp LoadMaster getcipherset Command Injection Remote Code Execution Vulnerability
ZDI-26-051	ZDI-CAN-27594	Progress Software	CVE-2025-13447	7.1	2026-02-02	2026-02-02	Progress Software Kemp LoadMaster delcert Command Injection Remote Code Execution Vulnerability
ZDI-26-050	ZDI-CAN-28599	GIMP	CVE-2026-0797	7.8	2026-01-30	2026-01-30	GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-049	ZDI-CAN-27093	Delta Electronics	CVE-2026-0975	7.8	2026-01-28	2026-01-28	Delta Electronics DIAView Exposed Dangerous Method Remote Code Execution Vulnerability
ZDI-26-048	ZDI-CAN-27307	Fortinet	CVE-2025-67685	8.8	2026-01-28	2026-01-28	Fortinet FortiSandbox fortisandbox Server-Side Request Forgery Remote Code Execution Vulnerability
ZDI-26-047	ZDI-CAN-26620	Hancom	CVE-2025-29867	7.8	2026-01-28	2026-01-28	Hancom Office DOC File Parsing Type Confusion Remote Code Execution Vulnerability
ZDI-26-046	ZDI-CAN-27892	Cisco	CVE-2026-20026	9.8	2026-01-28	2026-01-28	Cisco Snort _bnfa_search_csparse_nfa Use-After-Free Remote Code Execution Vulnerability
ZDI-26-045	ZDI-CAN-27893	Cisco	CVE-2026-20027	5.3	2026-01-28	2026-01-28	Cisco Snort _bnfa_search_csparse_nfa Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-26-044	ZDI-CAN-28082	Microsoft	CVE-2026-20871	7.8	2026-01-13	2026-01-13	Microsoft Windows Desktop Window Manager Use-After-Free Local Privilege Escalation Vulnerability
ZDI-26-043	ZDI-CAN-25430	npm	CVE-2026-0775	7.8	2026-01-12	2026-02-02	(0Day) npm cli Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
ZDI-26-042	ZDI-CAN-26845	Upsonic	CVE-2026-0773	9.8	2026-01-09	2026-01-09	(0Day) Upsonic Cloudpickle Deserialization of Untrusted Data Remote Code Execution Vulnerability
ZDI-26-041	ZDI-CAN-23285	Enel X	CVE-2026-0778	8.8	2026-01-09	2026-01-09	(0Day) (Pwn2Own) Enel X JuiceBox 40 Telnet Service Missing Authentication Remote Code Execution Vulnerability
ZDI-26-040	ZDI-CAN-27057	Discord	CVE-2026-0776	7.3	2026-01-09	2026-01-09	(0Day) Discord Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
ZDI-26-039	ZDI-CAN-26708	WatchYourLAN	CVE-2026-0774	8.8	2026-01-09	2026-01-09	(0Day) WatchYourLAN Configuration Page Argument Injection Remote Code Execution Vulnerability
ZDI-26-038	ZDI-CAN-27919	Langflow	CVE-2026-0772	7.5	2026-01-09	2026-01-09	(0Day) Langflow Disk Cache Deserialization of Untrusted Data Remote Code Execution Vulnerability
ZDI-26-037	ZDI-CAN-27497	Langflow	CVE-2026-0771	7.1	2026-01-09	2026-01-09	(0Day) Langflow PythonFunction Code Injection Remote Code Execution Vulnerability
ZDI-26-036	ZDI-CAN-27325	Langflow	CVE-2026-0770	9.8	2026-01-09	2026-01-09	(0Day) Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability
ZDI-26-035	ZDI-CAN-26972	Langflow	CVE-2026-0769	9.8	2026-01-09	2026-01-09	(0Day) Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability
ZDI-26-034	ZDI-CAN-27322	Langflow	CVE-2026-0768	9.8	2026-01-09	2026-01-09	(0Day) Langflow code Code Injection Remote Code Execution Vulnerability
ZDI-26-033	ZDI-CAN-28259	Open WebUI	CVE-2026-0767	5.3	2026-01-09	2026-01-09	(0Day) Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability
ZDI-26-032	ZDI-CAN-28257	Open WebUI	CVE-2026-0766	8.8	2026-01-09	2026-01-09	(0Day) Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability
ZDI-26-031	ZDI-CAN-28258	Open WebUI	CVE-2026-0765	8.8	2026-01-09	2026-01-09	(0Day) Open WebUI PIP install_frontmatter_requirements Command Injection Remote Code Execution Vulnerability
ZDI-26-030	ZDI-CAN-27957	GPT Academic	CVE-2026-0764	9.8	2026-01-09	2026-01-09	(0Day) GPT Academic upload Deserialization of Untrusted Data Remote Code Execution Vulnerability
ZDI-26-029	ZDI-CAN-27958	GPT Academic	CVE-2026-0763	9.8	2026-01-09	2026-01-09	(0Day) GPT Academic run_in_subprocess_wrapper_func Deserialization of Untrusted Data Remote Code Execution Vulnerability
ZDI-26-028	ZDI-CAN-27956	GPT Academic	CVE-2026-0762	8.1	2026-01-09	2026-01-09	(0Day) GPT Academic stream_daas Deserialization of Untrusted Data Remote Code Execution Vulnerability
ZDI-26-027	ZDI-CAN-28124	Foundation Agents	CVE-2026-0761	9.8	2026-01-09	2026-01-09	(0Day) Foundation Agents MetaGPT actionoutput_str_to_mapping Code Injection Remote Code Execution Vulnerability
ZDI-26-026	ZDI-CAN-28121	Foundation Agents	CVE-2026-0760	9.8	2026-01-09	2026-01-09	(0Day) Foundation Agents MetaGPT deserialize_message Deserialization of Untrusted Data Remote Code Execution Vulnerability
ZDI-26-025	ZDI-CAN-27786	Katana Network	CVE-2026-0759	9.8	2026-01-09	2026-01-09	(0Day) Katana Network Development Starter Kit executeCommand Command Injection Remote Code Execution Vulnerability
ZDI-26-024	ZDI-CAN-27910	mcp-server-siri-shortcuts	CVE-2026-0758	7.8	2026-01-09	2026-01-09	(0Day) mcp-server-siri-shortcuts shortcutName Command Injection Privilege Escalation Vulnerability
ZDI-26-023	ZDI-CAN-27810	MCP Manager for Claude Desktop	CVE-2026-0757	8.8	2026-01-09	2026-01-09	(0Day) MCP Manager for Claude Desktop execute-command Command Injection Sandbox Escape Vulnerability
ZDI-26-022	ZDI-CAN-27784	github-kanban-mcp-server	CVE-2026-0756	9.8	2026-01-09	2026-01-09	(0Day) github-kanban-mcp-server execAsync Command Injection Remote Code Execution Vulnerability
ZDI-26-021	ZDI-CAN-27783	Gemini MCP Tool	CVE-2026-0755	9.8	2026-01-09	2026-01-09	(0Day) gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability
ZDI-26-020	ZDI-CAN-27683	Ollama MCP Server	CVE-2025-15063	9.8	2026-01-09	2026-01-09	(0Day) Ollama MCP Server execAsync Command Injection Remote Code Execution Vulnerability
ZDI-26-019	ZDI-CAN-27889	Cisco	CVE-2026-20029	4.9	2026-01-09	2026-01-09	Cisco Identity Services Engine getSpecificPLRfromAuthCode XML External Entity Processing Information Disclosure Vulnerability
ZDI-26-018	ZDI-CAN-28322	ALGO	CVE-2026-0796	7.2	2026-01-09	2026-01-09	(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability
ZDI-26-017	ZDI-CAN-28321	ALGO	CVE-2026-0795	7.2	2026-01-09	2026-01-09	(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability
ZDI-26-016	ZDI-CAN-28303	ALGO	CVE-2026-0794	8.1	2026-01-09	2026-01-09	(0Day) ALGO 8180 IP Audio Alerter SIP Use-After-Free Remote Code Execution Vulnerability
ZDI-26-015	ZDI-CAN-28302	ALGO	CVE-2026-0793	8.1	2026-01-09	2026-01-09	(0Day) ALGO 8180 IP Audio Alerter InformaCast Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-014	ZDI-CAN-28301	ALGO	CVE-2026-0792	8.1	2026-01-09	2026-01-09	(0Day) ALGO 8180 IP Audio Alerter SIP INVITE Alert-Info Stack-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-013	ZDI-CAN-28300	ALGO	CVE-2026-0791	8.1	2026-01-09	2026-01-09	(0Day) ALGO 8180 IP Audio Alerter SIP INVITE Replaces Stack-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-012	ZDI-CAN-28299	ALGO	CVE-2026-0790	5.3	2026-01-09	2026-01-09	(0Day) ALGO 8180 IP Audio Alerter Web UI Direct Request Information Disclosure Vulnerability
ZDI-26-011	ZDI-CAN-28297	ALGO	CVE-2026-0789	5.3	2026-01-09	2026-01-09	(0Day) ALGO 8180 IP Audio Alerter Web UI Inclusion of Authentication Cookie in Response Body Information Disclosure Vulnerability
ZDI-26-010	ZDI-CAN-28298	ALGO	CVE-2026-0788	5.3	2026-01-09	2026-01-09	(0Day) ALGO 8180 IP Audio Alerter Web UI Persistent Cross-Site Scripting Vulnerability
ZDI-26-009	ZDI-CAN-28296	ALGO	CVE-2026-0787	8.1	2026-01-09	2026-01-09	(0Day) ALGO 8180 IP Audio Alerter SAC Command Injection Remote Code Execution Vulnerability
ZDI-26-008	ZDI-CAN-28295	ALGO	CVE-2026-0786	7.5	2026-01-09	2026-01-09	(0Day) ALGO 8180 IP Audio Alerter SCI Command Injection Remote Code Execution Vulnerability
ZDI-26-007	ZDI-CAN-28294	ALGO	CVE-2026-0785	7.5	2026-01-09	2026-01-09	(0Day) ALGO 8180 IP Audio Alerter API Command Injection Remote Code Execution Vulnerability
ZDI-26-006	ZDI-CAN-28293	ALGO	CVE-2026-0784	7.2	2026-01-09	2026-01-09	(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability
ZDI-26-005	ZDI-CAN-28292	ALGO	CVE-2026-0783	7.2	2026-01-09	2026-01-09	(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability
ZDI-26-004	ZDI-CAN-28291	ALGO	CVE-2026-0782	7.2	2026-01-09	2026-01-09	(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability
ZDI-26-003	ZDI-CAN-28290	ALGO	CVE-2026-0781	7.2	2026-01-09	2026-01-09	(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability
ZDI-26-002	ZDI-CAN-28289	ALGO	CVE-2026-0780	7.2	2026-01-09	2026-01-09	(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability
ZDI-26-001	ZDI-CAN-25568	ALGO	CVE-2026-0779	7.2	2026-01-09	2026-01-09	(0Day) ALGO 8180 IP Audio Alerter Ping Command Injection Remote Code Execution Vulnerability