| ZDI-26-105 |
ZDI-CAN-26649 |
MLflow |
CVE-2026-2033 |
8.1 |
2026-02-13 |
2026-02-13 |
MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability |
| ZDI-26-104 |
ZDI-CAN-28129 |
Sante |
CVE-2026-2034 |
7.8 |
2026-02-13 |
2026-02-13 |
Sante DICOM Viewer Pro DCM File Parsing Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-26-103 |
ZDI-CAN-27923 |
Oracle |
CVE-2026-21956 |
8.2 |
2026-02-13 |
2026-02-13 |
Oracle VirtualBox VMSVGA Out-Of-Bounds Access Local Privilege Escalation Vulnerability |
| ZDI-26-102 |
ZDI-CAN-27938 |
Oracle |
CVE-2026-21957 |
7.5 |
2026-02-13 |
2026-02-13 |
Oracle VirtualBox VMSVGA Out-Of-Bounds Write Local Privilege Escalation Vulnerability |
| ZDI-26-101 |
ZDI-CAN-28080 |
Oracle |
CVE-2026-21963 |
6.0 |
2026-02-13 |
2026-02-13 |
Oracle VirtualBox BusLogic Uninitialized Memory Information Disclosure Vulnerability |
| ZDI-26-100 |
ZDI-CAN-28079 |
Oracle |
CVE-2026-21985 |
6.0 |
2026-02-13 |
2026-02-13 |
Oracle VirtualBox LsiLogic Uninitialized Memory Information Disclosure Vulnerability |
| ZDI-26-099 |
ZDI-CAN-27925 |
Oracle |
CVE-2026-21984 |
7.5 |
2026-02-13 |
2026-02-13 |
Oracle VirtualBox VMSVGA Race Condition Local Privilege Escalation Vulnerability |
| ZDI-26-098 |
ZDI-CAN-27870 |
Oracle |
CVE-2026-21955 |
8.2 |
2026-02-13 |
2026-02-13 |
Oracle VirtualBox VMSVGA Use-After-Free Local Privilege Escalation Vulnerability |
| ZDI-26-097 |
ZDI-CAN-28045 |
Oracle |
CVE-2026-21983 |
7.5 |
2026-02-13 |
2026-02-13 |
Oracle VirtualBox VMSVGA Heap-based Buffer Overflow Local Privilege Escalation Vulnerability |
| ZDI-26-096 |
ZDI-CAN-28186 |
Dassault Systèmes |
CVE-2026-1283 |
7.8 |
2026-02-13 |
2026-02-13 |
Dassault Systèmes eDrawings Viewer EPRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-26-095 |
ZDI-CAN-28188 |
Dassault Systèmes |
CVE-2026-1284 |
7.8 |
2026-02-13 |
2026-02-13 |
Dassault Systèmes eDrawings Viewer EPRT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| ZDI-26-094 |
ZDI-CAN-27478 |
Schneider Electric |
CVE-2025-13845 |
7.8 |
2026-02-12 |
2026-02-12 |
Schneider Electric EcoStruxure Power Build SSD File Parsing Use-After-Free Remote Code Execution Vulnerability |
| ZDI-26-093 |
ZDI-CAN-27480 |
Schneider Electric |
CVE-2025-13845 |
7.8 |
2026-02-12 |
2026-02-12 |
Schneider Electric EcoStruxure Power Build SSD File Parsing Use-After-Free Remote Code Execution Vulnerability |
| ZDI-26-092 |
ZDI-CAN-27455 |
Schneider Electric |
CVE-2025-13845 |
7.8 |
2026-02-12 |
2026-02-12 |
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-26-091 |
ZDI-CAN-27362 |
Schneider Electric |
CVE-2025-13845 |
7.8 |
2026-02-12 |
2026-02-12 |
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-26-090 |
ZDI-CAN-27364 |
Schneider Electric |
CVE-2025-13845 |
7.8 |
2026-02-12 |
2026-02-12 |
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-26-089 |
ZDI-CAN-27374 |
Schneider Electric |
CVE-2025-13845 |
7.8 |
2026-02-12 |
2026-02-12 |
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-26-088 |
ZDI-CAN-27390 |
Schneider Electric |
CVE-2025-13845 |
7.8 |
2026-02-12 |
2026-02-12 |
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-26-087 |
ZDI-CAN-27363 |
Schneider Electric |
CVE-2025-13845 |
7.8 |
2026-02-12 |
2026-02-12 |
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-26-086 |
ZDI-CAN-27370 |
Schneider Electric |
CVE-2025-13845 |
7.8 |
2026-02-12 |
2026-02-12 |
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-26-085 |
ZDI-CAN-27368 |
Schneider Electric |
CVE-2025-13845 |
7.8 |
2026-02-12 |
2026-02-12 |
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-26-084 |
ZDI-CAN-27371 |
Schneider Electric |
CVE-2025-13845 |
7.8 |
2026-02-12 |
2026-02-12 |
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability |
| ZDI-26-083 |
ZDI-CAN-28491 |
Microsoft |
CVE-2026-21249 |
3.3 |
2026-02-12 |
2026-02-12 |
Microsoft Windows searchConnector-ms NTLM Response Information Disclosure Vulnerability |
| ZDI-26-082 |
ZDI-CAN-28410 |
Microsoft |
CVE-2026-21527 |
5.3 |
2026-02-12 |
2026-02-12 |
Microsoft Exchange InterceptorSmtpAgent Reliance on Untrusted Inputs Security Feature Bypass Vulnerability |
| ZDI-26-081 |
ZDI-CAN-28066 |
Microsoft |
CVE-2026-21235 |
8.8 |
2026-02-12 |
2026-02-12 |
Microsoft Windows win32kfull Use-After-Free Local Privilege Escalation Vulnerability |
| ZDI-26-080 |
ZDI-CAN-26885 |
Ivanti |
CVE-2026-1603 |
8.6 |
2026-02-12 |
2026-02-12 |
Ivanti Endpoint Manager AuthHelper Authentication Bypass Vulnerability |
| ZDI-26-079 |
ZDI-CAN-26863 |
Ivanti |
CVE-2026-1602 |
7.2 |
2026-02-12 |
2026-02-12 |
Ivanti Endpoint Manager ROI SQL Injection Remote Code Execution Vulnerability |
| ZDI-26-078 |
ZDI-CAN-28131 |
Deciso |
CVE-2026-2035 |
6.8 |
2026-02-12 |
2026-02-12 |
Deciso OPNsense diag_backup.php filename Command Injection Remote Code Execution Vulnerability |
| ZDI-26-077 |
ZDI-CAN-28597 |
GFI |
CVE-2026-2039 |
7.3 |
2026-02-12 |
2026-02-12 |
GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability |
| ZDI-26-076 |
ZDI-CAN-27936 |
GFI |
CVE-2026-2036 |
8.8 |
2026-02-12 |
2026-02-12 |
GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-26-075 |
ZDI-CAN-27934 |
GFI |
CVE-2026-2038 |
7.3 |
2026-02-12 |
2026-02-12 |
GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability |
| ZDI-26-074 |
ZDI-CAN-27935 |
GFI |
CVE-2026-2037 |
8.8 |
2026-02-12 |
2026-02-12 |
GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-26-073 |
ZDI-CAN-28250 |
Nagios |
CVE-2026-2041 |
7.2 |
2026-02-12 |
2026-02-12 |
Nagios Host zabbixagent_configwizard_func Command Injection Remote Code Execution Vulnerability |
| ZDI-26-072 |
ZDI-CAN-28249 |
Nagios |
CVE-2026-2043 |
7.2 |
2026-02-12 |
2026-02-12 |
Nagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution Vulnerability |
| ZDI-26-071 |
ZDI-CAN-28245 |
Nagios |
CVE-2026-2042 |
7.2 |
2026-02-12 |
2026-02-12 |
Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability |
| ZDI-26-070 |
ZDI-CAN-27940 |
Adobe |
CVE-2025-61808 |
7.2 |
2026-02-06 |
2026-02-06 |
Adobe ColdFusion CAR File Parsing Directory Traversal Remote Code Execution Vulnerability |
| ZDI-26-069 |
ZDI-CAN-26034 |
Xmind |
CVE-2026-0777 |
7.8 |
2026-02-06 |
2026-02-13 |
(0Day) Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnerability |
| ZDI-26-068 |
ZDI-CAN-28542 |
Docker |
CVE-2025-14740 |
6.7 |
2026-02-05 |
2026-02-05 |
Docker Desktop for Windows Incorrect Permission Assignment Privilege Escalation Vulnerability |
| ZDI-26-067 |
ZDI-CAN-28190 |
Docker |
CVE-2025-14740 |
6.7 |
2026-02-05 |
2026-02-05 |
Docker Desktop for Windows Incorrect Permission Assignment Privilege Escalation Vulnerability |
| ZDI-26-066 |
ZDI-CAN-28333 |
Lexmark |
CVE-2025-65079 |
8.8 |
2026-02-05 |
2026-02-05 |
(Pwn2Own) Lexmark CX532adwe getCFFNames Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-26-065 |
ZDI-CAN-28328 |
Lexmark |
CVE-2025-65080 |
8.8 |
2026-02-05 |
2026-02-05 |
(Pwn2Own) Lexmark CX532adwe usecmap Type Confusion Remote Code Execution Vulnerability |
| ZDI-26-064 |
ZDI-CAN-28341 |
Lexmark |
CVE-2025-65081 |
8.8 |
2026-02-05 |
2026-02-05 |
Lexmark CX532adwe execuserobject Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-26-063 |
ZDI-CAN-28261 |
Lexmark |
CVE-2025-65077 |
8.8 |
2026-02-05 |
2026-02-10 |
(Pwn2Own) Lexmark CX532adwe libesffls Directory Traversal Remote Code Execution Vulnerability |
| ZDI-26-062 |
ZDI-CAN-28477 |
Lexmark |
CVE-2025-65078 |
7.8 |
2026-02-05 |
2026-02-10 |
(Pwn2Own) Lexmark CX532adwe esfhelper Untrusted Search Path Local Privilege Escalation Vulnerability |
| ZDI-26-061 |
ZDI-CAN-26889 |
NVIDIA |
CVE-2025-33201 |
7.5 |
2026-02-04 |
2026-02-04 |
NVIDIA Triton Inference Server EVBufferToJson Uncaught Exception Denial-of-Service Vulnerability |
| ZDI-26-060 |
ZDI-CAN-27989 |
NVIDIA |
CVE-2026-24149 |
7.8 |
2026-02-04 |
2026-02-04 |
NVIDIA Megatron-LM load_base_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-26-059 |
ZDI-CAN-26000 |
CyberArk |
CVE-2025-66374 |
7.0 |
2026-02-03 |
2026-02-04 |
CyberArk Endpoint Privilege Management Improper Privilege Management Local Privilege Escalation Vulnerability |
| ZDI-26-058 |
ZDI-CAN-27641 |
AzeoTech |
CVE-2025-66589 |
7.8 |
2026-02-03 |
2026-02-03 |
AzeoTech DAQFactory Pro CTL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| ZDI-26-057 |
ZDI-CAN-28285 |
Apple |
CVE-2025-46298 |
8.8 |
2026-02-03 |
2026-02-03 |
Apple Safari JavaScriptCore FTL New Array Materialization Type Confusion Remote Code Execution Vulnerability |
| ZDI-26-056 |
ZDI-CAN-28035 |
Apple |
CVE-2025-43283 |
6.5 |
2026-02-03 |
2026-02-03 |
Apple macOS AppleIntelKBLGraphics Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-26-055 |
ZDI-CAN-27596 |
Progress Software |
CVE-2025-13447 |
6.4 |
2026-02-02 |
2026-02-02 |
Progress Software Kemp LoadMaster addapikey Command Injection Remote Code Execution Vulnerability |
| ZDI-26-054 |
ZDI-CAN-27595 |
Progress Software |
CVE-2025-13447 |
6.8 |
2026-02-02 |
2026-02-02 |
Progress Software Kemp LoadMaster delapikey OS Command Injection Remote Code Execution Vulnerability |
| ZDI-26-053 |
ZDI-CAN-27591 |
Progress Software |
CVE-2025-13447 |
6.4 |
2026-02-02 |
2026-02-02 |
Progress Software Kemp LoadMaster listapikeys Command Injection Remote Code Execution Vulnerability |
| ZDI-26-052 |
ZDI-CAN-27593 |
Progress Software |
CVE-2025-13444 |
7.1 |
2026-02-02 |
2026-02-02 |
Progress Software Kemp LoadMaster getcipherset Command Injection Remote Code Execution Vulnerability |
| ZDI-26-051 |
ZDI-CAN-27594 |
Progress Software |
CVE-2025-13447 |
7.1 |
2026-02-02 |
2026-02-02 |
Progress Software Kemp LoadMaster delcert Command Injection Remote Code Execution Vulnerability |
| ZDI-26-050 |
ZDI-CAN-28599 |
GIMP |
CVE-2026-0797 |
7.8 |
2026-01-30 |
2026-01-30 |
GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-26-049 |
ZDI-CAN-27093 |
Delta Electronics |
CVE-2026-0975 |
7.8 |
2026-01-28 |
2026-01-28 |
Delta Electronics DIAView Exposed Dangerous Method Remote Code Execution Vulnerability |
| ZDI-26-048 |
ZDI-CAN-27307 |
Fortinet |
CVE-2025-67685 |
8.8 |
2026-01-28 |
2026-01-28 |
Fortinet FortiSandbox fortisandbox Server-Side Request Forgery Remote Code Execution Vulnerability |
| ZDI-26-047 |
ZDI-CAN-26620 |
Hancom |
CVE-2025-29867 |
7.8 |
2026-01-28 |
2026-01-28 |
Hancom Office DOC File Parsing Type Confusion Remote Code Execution Vulnerability |
| ZDI-26-046 |
ZDI-CAN-27892 |
Cisco |
CVE-2026-20026 |
9.8 |
2026-01-28 |
2026-01-28 |
Cisco Snort _bnfa_search_csparse_nfa Use-After-Free Remote Code Execution Vulnerability |
| ZDI-26-045 |
ZDI-CAN-27893 |
Cisco |
CVE-2026-20027 |
5.3 |
2026-01-28 |
2026-01-28 |
Cisco Snort _bnfa_search_csparse_nfa Out-Of-Bounds Read Information Disclosure Vulnerability |
| ZDI-26-044 |
ZDI-CAN-28082 |
Microsoft |
CVE-2026-20871 |
7.8 |
2026-01-13 |
2026-01-13 |
Microsoft Windows Desktop Window Manager Use-After-Free Local Privilege Escalation Vulnerability |
| ZDI-26-043 |
ZDI-CAN-25430 |
npm |
CVE-2026-0775 |
7.8 |
2026-01-12 |
2026-02-02 |
(0Day) npm cli Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
| ZDI-26-042 |
ZDI-CAN-26845 |
Upsonic |
CVE-2026-0773 |
9.8 |
2026-01-09 |
2026-01-09 |
(0Day) Upsonic Cloudpickle Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-26-041 |
ZDI-CAN-23285 |
Enel X |
CVE-2026-0778 |
8.8 |
2026-01-09 |
2026-01-09 |
(0Day) (Pwn2Own) Enel X JuiceBox 40 Telnet Service Missing Authentication Remote Code Execution Vulnerability |
| ZDI-26-040 |
ZDI-CAN-27057 |
Discord |
CVE-2026-0776 |
7.3 |
2026-01-09 |
2026-01-09 |
(0Day) Discord Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
| ZDI-26-039 |
ZDI-CAN-26708 |
WatchYourLAN |
CVE-2026-0774 |
8.8 |
2026-01-09 |
2026-01-09 |
(0Day) WatchYourLAN Configuration Page Argument Injection Remote Code Execution Vulnerability |
| ZDI-26-038 |
ZDI-CAN-27919 |
Langflow |
CVE-2026-0772 |
7.5 |
2026-01-09 |
2026-01-09 |
(0Day) Langflow Disk Cache Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-26-037 |
ZDI-CAN-27497 |
Langflow |
CVE-2026-0771 |
7.1 |
2026-01-09 |
2026-01-09 |
(0Day) Langflow PythonFunction Code Injection Remote Code Execution Vulnerability |
| ZDI-26-036 |
ZDI-CAN-27325 |
Langflow |
CVE-2026-0770 |
9.8 |
2026-01-09 |
2026-01-09 |
(0Day) Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability |
| ZDI-26-035 |
ZDI-CAN-26972 |
Langflow |
CVE-2026-0769 |
9.8 |
2026-01-09 |
2026-01-09 |
(0Day) Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability |
| ZDI-26-034 |
ZDI-CAN-27322 |
Langflow |
CVE-2026-0768 |
9.8 |
2026-01-09 |
2026-01-09 |
(0Day) Langflow code Code Injection Remote Code Execution Vulnerability |
| ZDI-26-033 |
ZDI-CAN-28259 |
Open WebUI |
CVE-2026-0767 |
5.3 |
2026-01-09 |
2026-01-09 |
(0Day) Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability |
| ZDI-26-032 |
ZDI-CAN-28257 |
Open WebUI |
CVE-2026-0766 |
8.8 |
2026-01-09 |
2026-01-09 |
(0Day) Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability |
| ZDI-26-031 |
ZDI-CAN-28258 |
Open WebUI |
CVE-2026-0765 |
8.8 |
2026-01-09 |
2026-01-09 |
(0Day) Open WebUI PIP install_frontmatter_requirements Command Injection Remote Code Execution Vulnerability |
| ZDI-26-030 |
ZDI-CAN-27957 |
GPT Academic |
CVE-2026-0764 |
9.8 |
2026-01-09 |
2026-01-09 |
(0Day) GPT Academic upload Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-26-029 |
ZDI-CAN-27958 |
GPT Academic |
CVE-2026-0763 |
9.8 |
2026-01-09 |
2026-01-09 |
(0Day) GPT Academic run_in_subprocess_wrapper_func Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-26-028 |
ZDI-CAN-27956 |
GPT Academic |
CVE-2026-0762 |
8.1 |
2026-01-09 |
2026-01-09 |
(0Day) GPT Academic stream_daas Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-26-027 |
ZDI-CAN-28124 |
Foundation Agents |
CVE-2026-0761 |
9.8 |
2026-01-09 |
2026-01-09 |
(0Day) Foundation Agents MetaGPT actionoutput_str_to_mapping Code Injection Remote Code Execution Vulnerability |
| ZDI-26-026 |
ZDI-CAN-28121 |
Foundation Agents |
CVE-2026-0760 |
9.8 |
2026-01-09 |
2026-01-09 |
(0Day) Foundation Agents MetaGPT deserialize_message Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| ZDI-26-025 |
ZDI-CAN-27786 |
Katana Network |
CVE-2026-0759 |
9.8 |
2026-01-09 |
2026-01-09 |
(0Day) Katana Network Development Starter Kit executeCommand Command Injection Remote Code Execution Vulnerability |
| ZDI-26-024 |
ZDI-CAN-27910 |
mcp-server-siri-shortcuts |
CVE-2026-0758 |
7.8 |
2026-01-09 |
2026-01-09 |
(0Day) mcp-server-siri-shortcuts shortcutName Command Injection Privilege Escalation Vulnerability |
| ZDI-26-023 |
ZDI-CAN-27810 |
MCP Manager for Claude Desktop |
CVE-2026-0757 |
8.8 |
2026-01-09 |
2026-01-09 |
(0Day) MCP Manager for Claude Desktop execute-command Command Injection Sandbox Escape Vulnerability |
| ZDI-26-022 |
ZDI-CAN-27784 |
github-kanban-mcp-server |
CVE-2026-0756 |
9.8 |
2026-01-09 |
2026-01-09 |
(0Day) github-kanban-mcp-server execAsync Command Injection Remote Code Execution Vulnerability |
| ZDI-26-021 |
ZDI-CAN-27783 |
Gemini MCP Tool |
CVE-2026-0755 |
9.8 |
2026-01-09 |
2026-01-09 |
(0Day) gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability |
| ZDI-26-020 |
ZDI-CAN-27683 |
Ollama MCP Server |
CVE-2025-15063 |
9.8 |
2026-01-09 |
2026-01-09 |
(0Day) Ollama MCP Server execAsync Command Injection Remote Code Execution Vulnerability |
| ZDI-26-019 |
ZDI-CAN-27889 |
Cisco |
CVE-2026-20029 |
4.9 |
2026-01-09 |
2026-01-09 |
Cisco Identity Services Engine getSpecificPLRfromAuthCode XML External Entity Processing Information Disclosure Vulnerability |
| ZDI-26-018 |
ZDI-CAN-28322 |
ALGO |
CVE-2026-0796 |
7.2 |
2026-01-09 |
2026-01-09 |
(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability |
| ZDI-26-017 |
ZDI-CAN-28321 |
ALGO |
CVE-2026-0795 |
7.2 |
2026-01-09 |
2026-01-09 |
(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability |
| ZDI-26-016 |
ZDI-CAN-28303 |
ALGO |
CVE-2026-0794 |
8.1 |
2026-01-09 |
2026-01-09 |
(0Day) ALGO 8180 IP Audio Alerter SIP Use-After-Free Remote Code Execution Vulnerability |
| ZDI-26-015 |
ZDI-CAN-28302 |
ALGO |
CVE-2026-0793 |
8.1 |
2026-01-09 |
2026-01-09 |
(0Day) ALGO 8180 IP Audio Alerter InformaCast Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-26-014 |
ZDI-CAN-28301 |
ALGO |
CVE-2026-0792 |
8.1 |
2026-01-09 |
2026-01-09 |
(0Day) ALGO 8180 IP Audio Alerter SIP INVITE Alert-Info Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-26-013 |
ZDI-CAN-28300 |
ALGO |
CVE-2026-0791 |
8.1 |
2026-01-09 |
2026-01-09 |
(0Day) ALGO 8180 IP Audio Alerter SIP INVITE Replaces Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| ZDI-26-012 |
ZDI-CAN-28299 |
ALGO |
CVE-2026-0790 |
5.3 |
2026-01-09 |
2026-01-09 |
(0Day) ALGO 8180 IP Audio Alerter Web UI Direct Request Information Disclosure Vulnerability |
| ZDI-26-011 |
ZDI-CAN-28297 |
ALGO |
CVE-2026-0789 |
5.3 |
2026-01-09 |
2026-01-09 |
(0Day) ALGO 8180 IP Audio Alerter Web UI Inclusion of Authentication Cookie in Response Body Information Disclosure Vulnerability |
| ZDI-26-010 |
ZDI-CAN-28298 |
ALGO |
CVE-2026-0788 |
5.3 |
2026-01-09 |
2026-01-09 |
(0Day) ALGO 8180 IP Audio Alerter Web UI Persistent Cross-Site Scripting Vulnerability |
| ZDI-26-009 |
ZDI-CAN-28296 |
ALGO |
CVE-2026-0787 |
8.1 |
2026-01-09 |
2026-01-09 |
(0Day) ALGO 8180 IP Audio Alerter SAC Command Injection Remote Code Execution Vulnerability |
| ZDI-26-008 |
ZDI-CAN-28295 |
ALGO |
CVE-2026-0786 |
7.5 |
2026-01-09 |
2026-01-09 |
(0Day) ALGO 8180 IP Audio Alerter SCI Command Injection Remote Code Execution Vulnerability |
| ZDI-26-007 |
ZDI-CAN-28294 |
ALGO |
CVE-2026-0785 |
7.5 |
2026-01-09 |
2026-01-09 |
(0Day) ALGO 8180 IP Audio Alerter API Command Injection Remote Code Execution Vulnerability |
| ZDI-26-006 |
ZDI-CAN-28293 |
ALGO |
CVE-2026-0784 |
7.2 |
2026-01-09 |
2026-01-09 |
(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability |
| ZDI-26-005 |
ZDI-CAN-28292 |
ALGO |
CVE-2026-0783 |
7.2 |
2026-01-09 |
2026-01-09 |
(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability |
| ZDI-26-004 |
ZDI-CAN-28291 |
ALGO |
CVE-2026-0782 |
7.2 |
2026-01-09 |
2026-01-09 |
(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability |
| ZDI-26-003 |
ZDI-CAN-28290 |
ALGO |
CVE-2026-0781 |
7.2 |
2026-01-09 |
2026-01-09 |
(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability |
| ZDI-26-002 |
ZDI-CAN-28289 |
ALGO |
CVE-2026-0780 |
7.2 |
2026-01-09 |
2026-01-09 |
(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability |
| ZDI-26-001 |
ZDI-CAN-25568 |
ALGO |
CVE-2026-0779 |
7.2 |
2026-01-09 |
2026-01-09 |
(0Day) ALGO 8180 IP Audio Alerter Ping Command Injection Remote Code Execution Vulnerability |
