ZERO-DAY 2026 2025 2024 2023 | PUBLISHED | UPCOMING
|
ZDI-CAN-30165
|
X.Org
|
CVE-2026-50262
|
X.Org Server ChangeDrawableAttributes Out-Of-Bounds Read Information
Disclosure Vulnerability
|
|
|
ZDI-CAN-30164
|
X.Org
|
CVE-2026-50261
|
X.Org Server SyncChangeCounter Use-After-Free Privilege Escalation
Vulnerability
|
|
|
ZDI-CAN-30163
|
X.Org
|
CVE-2026-50260
|
X.Org Server FreeCounter Use-After-Free Privilege Escalation
Vulnerability
|
|
|
ZDI-CAN-30161
|
X.Org
|
CVE-2026-50259
|
X.Org Server SetMap Request Stack-based Buffer Overflow Privilege
Escalation Vulnerability
|
|
|
ZDI-CAN-30160
|
X.Org
|
CVE-2026-50258
|
X.Org Server Xkb Key Types Stack-based Buffer Overflow Privilege
Escalation Vulnerability
|
|
|
ZDI-CAN-30159
|
X.Org
|
CVE-2026-50257
|
X.Org Server miSyncDestroyFence Use-After-Free Privilege Escalation
Vulnerability
|
|
|
ZDI-CAN-30136
|
X.Org
|
CVE-2026-50256
|
X.Org Server Font Alias Stack-based Buffer Overflow Privilege Escalation
Vulnerability
|
|
|
ZDI-CAN-31818
|
Oracle
|
CVE-2026-35273
|
Oracle PeopleSoft ExecuteProcessActivityCommand External Control of File
Path Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-31817
|
Oracle
|
CVE-2026-35273
|
Oracle PeopleSoft HubMBeanPersistance Deserialization of Untrusted Data
Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-31816
|
Oracle
|
CVE-2026-35273
|
Oracle PeopleSoft HttpListeningConnector Server-Side Request Forgery
Vulnerability
|
|
|
ZDI-CAN-30134
|
Unraid
|
CVE-2026-9773
|
Unraid Web Server ToggleState Command Injection Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-30116
|
Unraid
|
CVE-2026-9772
|
Unraid Web Server FileUpload Command Injection Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-27990
|
MosaicML
|
CVE-2026-10043
|
MosaicML Composer Deserialization of Untrusted Data Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-28590
|
ATEN
|
CVE-2026-9779
|
ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic
Signature Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-28579
|
ATEN
|
CVE-2026-9778
|
ATEN Unizon ImportDeviceList Directory Traversal Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-28578
|
ATEN
|
CVE-2026-9777
|
ATEN Unizon restoreDB Directory Traversal Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-28505
|
ATEN
|
CVE-2026-9776
|
ATEN Unizon writeFileToHttpServletResponse Directory Traversal
Information Disclosure Vulnerability
|
|
|
ZDI-CAN-28503
|
ATEN
|
CVE-2026-9775
|
ATEN Unizon uploadSSL Directory Traversal Arbitrary File Deletion
Vulnerability
|
|
|
ZDI-CAN-28502
|
ATEN
|
CVE-2026-9774
|
ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion
Vulnerability
|
|
|
ZDI-CAN-28202
|
Quest
|
CVE-2026-7569
|
Quest NetVault Backup viewclient Cross-Site Scripting Authentication
Bypass Vulnerability
|
|
|
ZDI-CAN-27625
|
Quest
|
CVE-2026-9787
|
Quest NetVault Backup NVBULogDaemon Command Injection Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-27626
|
Quest
|
CVE-2026-9786
|
Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-27630
|
Quest
|
CVE-2026-9785
|
Quest NetVault Backup NVBULibrarySlot SQL Injection Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-27631
|
Quest
|
CVE-2026-9784
|
Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-27632
|
Quest
|
CVE-2026-9783
|
Quest NetVault Backup NVBURemovableMedia SQL Injection Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-27633
|
Quest
|
CVE-2026-9782
|
Quest NetVault Backup NVBUDeviceDrive SQL Injection Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-27648
|
Quest
|
CVE-2026-9781
|
Quest NetVault Backup NVBURASDevice SQL Injection Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-27666
|
Quest
|
CVE-2026-9780
|
Quest NetVault Backup addclient3 Cross-Site Scripting Authentication
Bypass Vulnerability
|
|
|
ZDI-CAN-27809
|
Quest
|
CVE-2026-7570
|
Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-27671
|
Fuji Electric
|
CVE-2026-8108
|
Fuji Electric Tellus pcid64 Driver Registry APIs Exposed Dangerous Method
Local Privilege Escalation Vulnerability
|
|
|
ZDI-CAN-27673
|
Fuji Electric
|
CVE-2026-8108
|
Fuji Electric Tellus pcid64 Driver File APIs Exposed Dangerous Method
Arbitrary File Deletion Vulnerability
|
|
|
ZDI-CAN-29410
|
Flowise
|
CVE-2026-41137
|
FlowiseAI Flowise CSV Agent customReadCSV Code Injection Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-29411
|
Flowise
|
CVE-2026-41264
|
FlowiseAI Flowise CSV Agent Prompt Injection Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-29539
|
Docker
|
CVE-2026-55887
|
Docker MCP Plugin OCI Image Label Parsing Argument Injection Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-29271
|
Oracle
|
CVE-2026-46873
|
Oracle VirtualBox VMSVGA Stack-based Buffer Overflow Local Privilege
Escalation Vulnerability
|
|
|
ZDI-CAN-29178
|
Adobe
|
CVE-2026-27278
|
Adobe Acrobat Reader DC Field signatureInfo Use-After-Free Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-30289
|
MATE Desktop
|
CVE-2026-52849
|
MATE Desktop Atril Document Viewer EPUB File Parsing Heap-based Buffer
Overflow Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-30288
|
Samsung
|
CVE-2026-8916
|
Samsung rlottie Numeric Truncation Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-28236
|
Allegra
|
CVE-2026-11443
|
Allegra downloadAttachment Cross-Site Scripting Authentication Bypass
Vulnerability
|
|
|
ZDI-CAN-28208
|
Allegra
|
CVE-2026-11442
|
Allegra exportReport Directory Traversal Information Disclosure
Vulnerability
|
|
|
ZDI-CAN-30089
|
Apache
|
CVE-2026-34032
|
Apache HTTP Server mod_proxy_ajp Out-Of-Bounds Read Information
Disclosure Vulnerability
|
|
|
ZDI-CAN-28816
|
Adobe
|
CVE-2026-27220
|
Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-29987
|
Adobe
|
CVE-2026-47919
|
Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-30387
|
Adobe
|
CVE-2026-47918
|
Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-30689
|
Adobe
|
CVE-2026-47917
|
Adobe Acrobat Pro DC AcroForm Use-After-Free Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-30375
|
Adobe
|
CVE-2026-48292
|
Adobe USD-Fileformat-plugins Heap-based Buffer Overflow Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-29653
|
Adobe
|
CVE-2026-48291
|
Adobe USD-Fileformat-plugins Heap-based Buffer Overflow Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-29886
|
Adobe
|
CVE-2026-47915
|
Adobe Acrobat Pro DC Annots.api Use-After-Free Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-29896
|
Adobe
|
CVE-2026-47914
|
Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-29409
|
Adobe
|
CVE-2026-47913
|
Adobe Acrobat Reader DC Multimedia Rendition Use-After-Free Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-29433
|
Adobe
|
CVE-2026-47924
|
Adobe Acrobat Reader DC Annotation Use-After-Free Information Disclosure
Vulnerability
|
|
|
ZDI-CAN-30015
|
Adobe
|
CVE-2026-47912
|
Adobe Acrobat Reader DC Font Handling Use-After-Free Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-29477
|
Adobe
|
CVE-2026-47923
|
Adobe Acrobat Reader DC Doc Object Out-Of-Bounds Read Information
Disclosure Vulnerability
|
|
|
ZDI-CAN-29828
|
Adobe
|
CVE-2026-47911
|
Adobe Acrobat Reader DC TIF File Parsing Integer Overflow Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-30437
|
Progress Software
|
CVE-2026-8037
|
Progress Software Kemp LoadMaster apiuser Uninitialized Memory Remote
Code Execution Vulnerability
|
|
|
ZDI-CAN-30439
|
Progress Software
|
CVE-2026-8037
|
Progress Software Kemp LoadMaster dolistapikeys Uninitialized Memory
Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-30438
|
Progress Software
|
CVE-2026-8037
|
Progress Software Kemp LoadMaster dodelapikey Uninitialized Memory Remote
Code Execution Vulnerability
|
|
|
ZDI-CAN-28792
|
Microsoft
|
CVE-2026-48565
|
Microsoft Windows Narrator Braille Support brlapi Exposed Dangerous
Function Local Privilege Escalation Vulnerability
|
|
|
ZDI-CAN-28649
|
NVIDIA
|
CVE-2026-24162
|
NVIDIA Transformers4Rec Model.load Deserialization of Untrusted Data
Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-28736
|
X.Org
|
CVE-2026-34003
|
X.Org Server CheckKeyTypes Buffer Overflow Privilege Escalation
Vulnerability
|
|
|
ZDI-CAN-28737
|
X.Org
|
CVE-2026-34002
|
X.Org Server CheckKeyActions Out-Of-Bounds Read Information Disclosure
Vulnerability
|
|
|
ZDI-CAN-28706
|
X.Org
|
CVE-2026-34001
|
X.Org Server SyncAwaitFence Use-After-Free Privilege Escalation
Vulnerability
|
|
|
ZDI-CAN-28679
|
X.Org
|
CVE-2026-34000
|
X.Org Server CheckSetGeom Out-Of-Bounds Read Information Disclosure
Vulnerability
|
|
|
ZDI-CAN-28593
|
X.Org
|
CVE-2026-33999
|
X.Org Server XkbSetCompatMap Integer Underflow Privilege Escalation
Vulnerability
|
|
|
ZDI-CAN-27578
|
QEMU
|
CVE-2026-3886
|
QEMU calc_image_hostmem Integer Overflow Local Privilege Escalation
Vulnerability
|
|
|
ZDI-CAN-31431
|
Microsoft
|
CVE-2026-45495
|
(Pwn2Own) Microsoft Edge Feedback Log File Handling Directory Traversal
Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-31430
|
Microsoft
|
CVE-2026-45494
|
(Pwn2Own) Microsoft Edge Navigation Handling Universal Cross-Site
Scripting Vulnerability
|
|
|
ZDI-CAN-31429
|
Microsoft
|
CVE-2026-45492
|
(Pwn2Own) Microsoft Edge Origin Validation Error Security Bypass
Vulnerability
|
|
|
ZDI-CAN-28489
|
ASUS
|
CVE-2026-7480
|
ASUS MyASUS Origin Validation Error Local Privilege Escalation
Vulnerability
|
|
|
ZDI-CAN-30796
|
Docker
|
CVE-2026-8936
|
Docker Desktop grpcfuse Kernel Module Uncontrolled Recursion
Denial-of-Service Vulnerability
|
|
|
ZDI-CAN-27982
|
TrendAI
|
CVE-2026-45208
|
TrendAI Vision One Security Agent Time-Of-Check Time-Of-Use Local
Privilege Escalation Vulnerability
|
|
|
ZDI-CAN-29177
|
TrendAI
|
CVE-2026-45207
|
TrendAI Vision One Security Agent Origin Validation Error Local Privilege
Escalation Vulnerability
|
|
|
ZDI-CAN-28118
|
TrendAI
|
CVE-2026-45206
|
TrendAI Vision One Security Agent Origin Validation Error Local Privilege
Escalation Vulnerability
|
|
|
ZDI-CAN-28089
|
TrendAI
|
CVE-2026-34930
|
TrendAI Vision One Security Agent Origin Validation Error Local Privilege
Escalation Vulnerability
|
|
|
ZDI-CAN-28077
|
TrendAI
|
CVE-2026-34929
|
TrendAI Vision One Security Agent Origin Validation Error Local Privilege
Escalation Vulnerability
|
|
|
ZDI-CAN-28061
|
TrendAI
|
CVE-2026-34928
|
TrendAI Vision One Security Agent Origin Validation Error Local Privilege
Escalation Vulnerability
|
|
|
ZDI-CAN-27959
|
TrendAI
|
CVE-2026-34927
|
TrendAI Vision One Security Agent Origin Validation Error Local Privilege
Escalation Vulnerability
|
|
|
ZDI-CAN-29249
|
Progress Software
|
CVE-2026-3517
|
Progress Software Kemp LoadMaster addcountry Command Injection Remote
Code Execution Vulnerability
|
|
|
ZDI-CAN-29222
|
Progress Software
|
CVE-2026-3518
|
Progress Software Kemp LoadMaster ssodomain_killsession Command Injection
Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-27349
|
Siemens
|
CVE-2025-12659
|
Siemens Simcenter Femap IPT File Parsing Memory Corruption Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-27389
|
Siemens
|
CVE-2025-12659
|
Siemens Simcenter Femap IPT File Parsing Memory Corruption Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-29240
|
Apple
|
CVE-2026-28941
|
Apple macOS USD Out-Of-Bounds Read Information Disclosure Vulnerability
|
|
|
ZDI-CAN-29239
|
Apple
|
CVE-2026-28940
|
Apple macOS USD File Parsing Out-Of-Bounds Write Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-29186
|
Apple
|
CVE-2026-28847
|
Apple Safari Regular Expression Duplicate Named Groups Heap-based Buffer
Overflow Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-28879
|
Apple
|
CVE-2026-28955
|
Apple Safari Web Inspector WebCore Style Resolver Use-After-Free Remote
Code Execution Vulnerability
|
|
|
ZDI-CAN-28695
|
Apple
|
CVE-2026-28918
|
Apple macOS CoreSymbolication Out-Of-Bounds Read Information Disclosure
Vulnerability
|
|
|
ZDI-CAN-28605
|
Microsoft
|
CVE-2026-34342
|
Microsoft Windows splwow64 Race Condition Local Privilege Escalation
Vulnerability
|
|
|
ZDI-CAN-28559
|
Microsoft
|
CVE-2026-33838
|
Microsoft Windows Message Queueing Double Free Local Privilege Escalation
Vulnerability
|
|
|
ZDI-CAN-28617
|
Ivanti
|
CVE-2026-8109
|
Ivanti Endpoint Manager RemoteControlAuth Exposed Dangerous Method
Information Disclosure Vulnerability
|
|
|
ZDI-CAN-29412
|
Flowise
|
CVE-2026-41265
|
FlowiseAI Flowise Airtable_Agent Code Injection Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-28806
|
Oracle
|
CVE-2026-35230
|
Oracle VirtualBox SoundBlaster 16 Race Condition Local Privilege
Escalation Vulnerability
|
|
|
ZDI-CAN-29475
|
OpenAI
|
|
(0Day) OpenAI Codex Sandbox Escape Vulnerability
|
|
|
ZDI-CAN-29495
|
Foxit
|
CVE-2026-5943
|
Foxit PDF Reader AcroForm Annotation Use-After-Free Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-29494
|
Foxit
|
CVE-2026-5942
|
Foxit PDF Reader AcroForm Signature Use-After-Free Information Disclosure
Vulnerability
|
|
|
ZDI-CAN-29492
|
Foxit
|
CVE-2026-5941
|
Foxit PDF Reader AcroForm Signature Use-After-Free Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-29491
|
Foxit
|
CVE-2026-5940
|
Foxit PDF Reader Annotation Use-After-Free Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-28762
|
Flowise
|
CVE-2026-41276
|
Flowise AccountService resetPassword Authentication Bypass Vulnerability
|
|
|
ZDI-CAN-28822
|
Docker
|
CVE-2026-6406
|
Docker Desktop Enhanced Container Isolation Exposed Dangerous Function
Local Privilege Escalation Vulnerability
|
|
|
ZDI-CAN-27564
|
Siemens
|
CVE-2026-24032
|
Siemens SINEC NMS Authentication Bypass Vulnerability
|
|
|
ZDI-CAN-28759
|
Siemens
|
CVE-2026-25654
|
Siemens SINEC NMS Improper Authentication Privilege Escalation
Vulnerability
|
|
|
ZDI-CAN-28692
|
Delta Electronics
|
CVE-2026-5726
|
Delta Electronics ASDA-Soft PAR File Parsing Stack-based Buffer Overflow
Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-23734
|
PublicCMS
|
|
(0Day) PublicCMS getXml Server-Side Request Forgery Information
Disclosure Vulnerability
|
|
|
ZDI-CAN-28157
|
Microsoft
|
|
(0Day) Microsoft Windows library-ms NTLM Response Information Disclosure
Vulnerability
|
|
|
ZDI-CAN-28651
|
Microsoft
|
|
(0Day) Microsoft Office URI Handler NTLM Response Information Disclosure
Vulnerability
|
|
|
ZDI-CAN-28327
|
QNAP
|
CVE-2026-22898
|
QNAP TS-453E QVRPro excpostgres Exposed Dangerous Method Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-28516
|
NI
|
CVE-2026-32861
|
NI LabVIEW LVCLASS File Parsing Memory Corruption Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-28463
|
NI
|
CVE-2026-32860
|
NI LabVIEW LVLIB File Parsing Memory Corruption Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-28490
|
Linux
|
CVE-2025-71066
|
Linux Kernel ETS Scheduler Race Condition Local Privilege Escalation
Vulnerability
|
|
|
ZDI-CAN-28713
|
DriveLock
|
CVE-2026-5492
|
DriveLock Directory Traversal Information Disclosure Vulnerability
|
|
|
ZDI-CAN-28722
|
DriveLock
|
CVE-2026-5491
|
DriveLock Directory Traversal Information Disclosure Vulnerability
|
|
|
ZDI-CAN-28726
|
DriveLock
|
CVE-2026-5490
|
DriveLock SQL Injection Privilege Escalation Vulnerability
|
|
|
ZDI-CAN-28719
|
DriveLock
|
CVE-2026-5489
|
DriveLock Directory Traversal Information Disclosure Vulnerability
|
|
|
ZDI-CAN-28746
|
DriveLock
|
CVE-2026-5487
|
DriveLock Directory Traversal Information Disclosure Vulnerability
|
|
|
ZDI-CAN-29392
|
GStreamer
|
CVE-2026-5056
|
GStreamer qtdemux Stack-based Buffer Overflow Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-28266
|
GIMP
|
CVE-2026-2050
|
GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-29616
|
Microsoft
|
CVE-2026-34054
|
Microsoft vcpkg OpenSSL Uncontrolled Search Path Element Local Privilege
Escalation Vulnerability
|
|
|
ZDI-CAN-28366
|
HP
|
CVE-2026-4682
|
(Pwn2Own) HP DeskJet 2855e JobStatusEvent Stack-based Buffer Overflow
Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-28793
|
Microsoft
|
CVE-2026-32183
|
Microsoft Windows Snipping Tool Improper Input Validation Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-28267
|
Microsoft
|
CVE-2026-33104
|
Microsoft Windows win32kfull Improper Locking Local Privilege Escalation
Vulnerability
|
|
|
ZDI-CAN-28540
|
Microsoft
|
CVE-2026-32073
|
Microsoft Windows afd.sys Race Condition Local Privilege Escalation
Vulnerability
|
|
|
ZDI-CAN-28189
|
Microsoft
|
CVE-2026-26179
|
Microsoft Windows Secure Kernel Double Free Local Privilege Escalation
Vulnerability
|
|
|
ZDI-CAN-27212
|
Microsoft
|
|
Microsoft Qlib _mount_nfs_uri Command Injection Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-27211
|
Microsoft
|
|
Microsoft Qlib fit Deserialization of Untrusted Data Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-28054
|
Microsoft
|
|
Microsoft Olive Deserialization of Untrusted Data Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-29041
|
ATEN
|
CVE-2026-5057
|
ATEN Unizon RpcProvider Missing Authentication Denial-of-Service
Vulnerability
|
|
|
ZDI-CAN-29388
|
Avast
|
CVE-2026-5424
|
Avast Premium Security Gen Self Protection Driver Exposed Dangerous
Function Local Privilege Escalation Vulnerability
|
|
|
ZDI-CAN-27976
|
TrendAI
|
CVE-2025-54987
|
TrendAI Apex One Console Directory Traversal Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-27975
|
TrendAI
|
CVE-2025-54948
|
TrendAI Apex One Console Directory Traversal Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-28705
|
Samsung
|
CVE-2026-25203
|
Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege
Escalation Vulnerability
|
|
|
ZDI-CAN-22936
|
Malwarebytes
|
|
Malwarebytes Anti-Malware Uncontrolled Search Path Element Local
Privilege Escalation Vulnerability
|
|
|
ZDI-CAN-28661
|
Fortinet
|
CVE-2026-40688
|
Fortinet FortiWeb cat_cgi_paths Out-Of-Bounds Write Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-28660
|
Fortinet
|
CVE-2026-39811
|
Fortinet FortiWeb cgi_buf_alloc Integer Overflow Denial-of-Service
Vulnerability
|
|
|
ZDI-CAN-29550
|
Adobe
|
CVE-2026-27305
|
Adobe ColdFusion fetchCFSettingFile Directory Traversal Information
Disclosure Vulnerability
|
|
|
ZDI-CAN-30200
|
Adobe
|
CVE-2026-27282
|
Adobe ColdFusion subscribeToEndpoints Authentication Bypass Vulnerability
|
|
|
ZDI-CAN-29549
|
Adobe
|
CVE-2026-34619
|
Adobe ColdFusion deleteVersion Directory Traversal Arbitrary File
Deletion Vulnerability
|
|
|
ZDI-CAN-27431
|
Docker
|
|
(0Day) Docker Desktop credentialHelper Directory Traversal Privilege
Escalation Vulnerability
|
|
|
ZDI-CAN-27571
|
Docker
|
|
(0Day) Docker Desktop System Editor Uncontrolled Search Path Element
Privilege Escalation Vulnerability
|
|
|
ZDI-CAN-27430
|
Docker
|
|
(0Day) Docker Desktop cli-plugins Incorrect Permission Assignment Local
Privilege Escalation Vulnerability
|
|
|
ZDI-CAN-27229
|
Docker
|
|
(0Day) Docker Desktop extension-manager Exposed Dangerous Function Local
Privilege Escalation Vulnerability
|
|
|
ZDI-CAN-25720
|
Labcenter Electronics
|
CVE-2026-5495
|
(0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds
Write Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-25719
|
Labcenter Electronics
|
CVE-2026-5494
|
(0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds
Write Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-25718
|
Labcenter Electronics
|
CVE-2026-5493
|
(0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds
Write Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-25717
|
Labcenter Electronics
|
CVE-2026-5496
|
(0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion
Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-29184
|
Microsoft
|
CVE-2026-21518
|
Microsoft Visual Studio Code mcp.json Command Injection Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-29301
|
Mozilla
|
CVE-2026-4698
|
Mozilla Firefox IonMonkey Switch Statement Optimization Type Confusion
Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-28595
|
Foxit
|
CVE-2026-3775
|
Foxit PDF Reader Update Service Uncontrolled Search Path Element Local
Privilege Escalation Vulnerability
|
|
|
ZDI-CAN-28893
|
Linux
|
CVE-2026-23092
|
Linux Kernel Analog Device Driver Improper Validation of Array Index
Local Privilege Escalation Vulnerability
|
|
|
ZDI-CAN-28494
|
NoMachine
|
CVE-2026-5055
|
NoMachine Uncontrolled Search Path Element Local Privilege Escalation
Vulnerability
|
|
|
ZDI-CAN-28630
|
NoMachine
|
CVE-2026-5054
|
NoMachine External Control of File Path Local Privilege Escalation
Vulnerability
|
|
|
ZDI-CAN-28644
|
NoMachine
|
CVE-2026-5053
|
NoMachine External Control of File Path Arbitrary File Deletion
Vulnerability
|
|
|
ZDI-CAN-27968
|
aws-mcp-server
|
CVE-2026-5058
|
(0Day) aws-mcp-server Command Injection Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-27969
|
aws-mcp-server
|
CVE-2026-5059
|
(0Day) aws-mcp-server AWS CLI Command Injection Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-25846
|
QNAP
|
CVE-2024-13088
|
(Pwn2Own) QNAP QHora-322 miro_webserver_controllers_api_login_singIn
Authentication Bypass Vulnerability
|
|
|
ZDI-CAN-28428
|
QNAP
|
CVE-2025-62842
|
(Pwn2Own) QNAP TS-453E write_file_to_svr External Control of File Path
Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-28426
|
QNAP
|
CVE-2025-62840
|
(Pwn2Own) QNAP TS-453E server_handlers.pyc rr2s.kwargs Error Message
Information Disclosure Vulnerability
|
|
|
ZDI-CAN-28424
|
QNAP
|
CVE-2025-62846
|
(Pwn2Own) QNAP QHora-322 qvpn_db_mgr username SQL Injection Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-28423
|
QNAP
|
CVE-2025-62845
|
(Pwn2Own) QNAP QHora-322 qvpn_db_mgr role_type Improper Neutralization of
Escape Sequences Authentication Bypass Vulnerability
|
|
|
ZDI-CAN-28422
|
QNAP
|
CVE-2025-62844
|
(Pwn2Own) QNAP QHora-322 login.newAuthMiddleware.Authenticator
Authentication Bypass Vulnerability
|
|
|
ZDI-CAN-22236
|
Linux
|
CVE-2023-6270
|
Linux Kernel AoE Driver Use-After-Free Local Privilege Escalation
Vulnerability
|
|
|
ZDI-CAN-28371
|
QNAP
|
CVE-2025-62843
|
(Pwn2Own) QNAP QHora-322 ip6_wanifset Improper Restriction of
Communication Channel to Intended Endpoints Firewall Bypass
Vulnerability
|
|
|
ZDI-CAN-28152
|
Digilent
|
CVE-2026-0954
|
Digilent DASYLab DSB File Parsing Out-Of-Bounds Write Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-28446
|
Digilent
|
CVE-2026-0957
|
Digilent DASYLab DSA File Parsing Out-Of-Bounds Write Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-28445
|
Digilent
|
CVE-2026-0956
|
Digilent DASYLab DSA File Parsing Out-Of-Bounds Read Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-28444
|
Digilent
|
CVE-2026-0955
|
Digilent DASYLab DSA File Parsing Out-Of-Bounds Read Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-27173
|
Red Hat
|
CVE-2025-40277
|
(Pwn2Own) Red Hat Enterprise Linux vmwgfx Driver Integer Overflow Local
Privilege Escalation Vulnerability
|
|
|
ZDI-CAN-28499
|
Apple
|
CVE-2026-20695
|
Apple macOS Exposure of Sensitive Information to Unauthorized Sphere
Information Disclosure Vulnerability
|
|
|
ZDI-CAN-28894
|
Apple
|
CVE-2026-20690
|
Apple macOS CoreMedia Framework Out-Of-Bounds Write Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-29381
|
OpenClaw
|
CVE-2026-3691
|
OpenClaw Client PKCE Verifier Information Disclosure Vulnerability
|
|
|
ZDI-CAN-29311
|
OpenClaw
|
CVE-2026-3690
|
OpenClaw Canvas Authentication Bypass Vulnerability
|
|
|
ZDI-CAN-29312
|
OpenClaw
|
CVE-2026-3689
|
OpenClaw Canvas Path Traversal Information Disclosure Vulnerability
|
|
|
ZDI-CAN-28042
|
Microsoft
|
|
(0Day) Microsoft Azure MCP AzureCliService Command Injection Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-28457
|
Samsung
|
CVE-2025-58487
|
(Pwn2Own) Samsung Galaxy S25 Samsung Account Open Redirect Security
Bypass Vulnerability
|
|
|
ZDI-CAN-28456
|
Samsung
|
CVE-2025-58486
|
(Pwn2Own) Samsung Galaxy S25 Samsung Account Cross-Site Scripting Remote
Code Execution Vulnerability
|
|
|
ZDI-CAN-28331
|
Samsung
|
CVE-2025-58488
|
(Pwn2Own) Samsung Galaxy S25 Smart Touch Call Application Protection
Mechanism Failure Information Disclosure Vulnerability
|
|
|
ZDI-CAN-28369
|
Canon
|
CVE-2025-14233
|
(Pwn2Own) Canon imageCLASS MF654Cdw BJNP Memory Corruption Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-28901
|
GIMP
|
CVE-2026-4154
|
GIMP XPM File Parsing Integer Overflow Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-28874
|
GIMP
|
CVE-2026-4153
|
GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-28863
|
GIMP
|
CVE-2026-4152
|
GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-28813
|
GIMP
|
CVE-2026-4151
|
GIMP ANI File Parsing Integer Overflow Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-28807
|
GIMP
|
CVE-2026-4150
|
GIMP PSD File Parsing Integer Overflow Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-28353
|
QNAP
|
CVE-2025-62847
|
(Pwn2Own) QNAP TS-453E smbd domain_name Argument Injection Authentication
Bypass Vulnerability
|
|
|
ZDI-CAN-29156
|
KeePassXC
|
CVE-2026-4158
|
KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local
Privilege Escalation Vulnerability
|
|
|
ZDI-CAN-28618
|
GIMP
|
CVE-2026-2049
|
GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-28405
|
GIMP
|
CVE-2026-2046
|
GIMP LBM File Parsing Heap-based Buffer Overflow Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-28034
|
Schneider Electric
|
CVE-2025-13957
|
Schneider Electric EcoStruxure Data Center Expert Hard-coded Password
Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-28685
|
Delta Electronics
|
CVE-2026-1361
|
Delta Electronics ASDA-Soft PAR File Parsing Stack-based Buffer Overflow
Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-28233
|
Samsung
|
CVE-2025-21079
|
(Pwn2Own) Samsung Galaxy S25 Samsung Members Security Feature Bypass
Vulnerability
|
|
|
ZDI-CAN-28455
|
Samsung
|
CVE-2025-21079
|
(Pwn2Own) Samsung Galaxy S25 Samsung Members Open Redirect Security
Bypass Vulnerability
|
|
|
ZDI-CAN-28363
|
Canon
|
CVE-2025-14237
|
(Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Integer Overflow Remote
Code Execution Vulnerability
|
|
|
ZDI-CAN-28373
|
Canon
|
CVE-2025-14236
|
(Pwn2Own) Canon imageCLASS MF654Cdw dtdc_addr_importSub Stack-based
Buffer Overflow Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-28349
|
Canon
|
CVE-2025-14235
|
(Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Out-Of-Bounds Write
Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-28334
|
Canon
|
CVE-2025-14234
|
(Pwn2Own) Canon imageCLASS MF654Cdw PJCC Request Parsing Heap-based
Buffer Overflow Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-28268
|
Canon
|
CVE-2025-14232
|
(Pwn2Own) Canon imageCLASS MF654Cdw XPS Parser Stack-based Buffer
Overflow Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-28346
|
Canon
|
CVE-2025-14231
|
(Pwn2Own) Canon imageCLASS MF654Cdw XML SOAP Request Parsing Heap-based
Buffer Overflow Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-28475
|
QNAP
|
CVE-2025-59389
|
(Pwn2Own) QNAP TS-453E Hyper Data Protector Plugin
query_original_file_size SQL Injection Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-28358
|
QNAP
|
CVE-2025-59388
|
(Pwn2Own) QNAP TS-453E Hyper Data Protector Plugin Hard-Coded Credentials
Authentication Bypass Vulnerability
|
|
|
ZDI-CAN-28436
|
QNAP
|
CVE-2025-62849
|
(Pwn2Own) QNAP TS-453E nvrlog_event_add msg SQL Injection Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-28435
|
QNAP
|
CVE-2025-62848
|
(Pwn2Own) QNAP TS-453E conn_log_tool Format String Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-28324
|
QNAP
|
CVE-2025-11837
|
(Pwn2Own) QNAP TS-453E malware_remover Code Injection Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-26338
|
ChargePoint
|
CVE-2026-4157
|
(Pwn2Own) ChargePoint Home Flex revssh Service Command Injection Remote
Code Execution Vulnerability
|
|
|
ZDI-CAN-26339
|
ChargePoint
|
CVE-2026-4156
|
(Pwn2Own) ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow
Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-26340
|
ChargePoint
|
CVE-2026-4155
|
(Pwn2Own) ChargePoint Home Flex Inclusion of Sensitive Information in
Source Code Information Disclosure Vulnerability
|
|
|
ZDI-CAN-28462
|
Microsoft
|
CVE-2026-21527
|
Microsoft Exchange InterceptorSmtpAgent Improper Input Validation
Security Feature Bypass Vulnerability
|
|
|
ZDI-CAN-17464
|
Linux
|
CVE-2022-1972
|
(Pwn2Own) Linux Kernel nf_tables_newset Out-Of-Bounds Write Information
Disclosure Vulnerability
|
|
|
ZDI-CAN-28345
|
Sonos
|
CVE-2026-4149
|
Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-17443
|
Linux
|
CVE-2022-32250
|
(Pwn2Own) Linux Kernel nf_tables Use-After-Free Privilege Escalation
Vulnerability
|
|
|
ZDI-CAN-27175
|
VMware
|
CVE-2025-41238
|
(Pwn2Own) VMware Workstation PVSCSI Heap-based Buffer Overflow Local
Privilege Escalation Vulnerability
|
|
|
ZDI-CAN-27157
|
VMware
|
CVE-2025-41236
|
(Pwn2Own) VMware ESXi VMXNET3 Integer Overflow Local Privilege Escalation
Vulnerability
|
|
|
ZDI-CAN-27176
|
VMware
|
CVE-2025-41237
|
(Pwn2Own) VMware ESXi VMCI Integer Underflow Local Privilege Escalation
Vulnerability
|
|
|
ZDI-CAN-19674
|
Synology
|
CVE-2022-45188
|
(Pwn2Own) Synology DiskStation Manager Netatalk Library Buffer Overflow
Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-27581
|
Fortinet
|
CVE-2026-24018
|
Fortinet FortiClient Link Following Local Privilege Escalation
Vulnerability
|
|
|
ZDI-CAN-28271
|
Microsoft
|
CVE-2026-25181
|
Microsoft Windows GDI Bitmap Parsing Out-Of-Bound Read Information
Disclosure Vulnerability
|
|
|
ZDI-CAN-28381
|
Microsoft
|
CVE-2026-24289
|
Microsoft Windows NDIS Driver Use-After-Free Local Privilege Escalation
Vulnerability
|
|
|
ZDI-CAN-28498
|
Microsoft
|
CVE-2026-24285
|
Microsoft Windows win32full Improper Release Local Privilege Escalation
Vulnerability
|
|
|
ZDI-CAN-28488
|
Microsoft
|
CVE-2026-24285
|
Microsoft Windows win32full Improper Release Local Privilege Escalation
Vulnerability
|
|
|
ZDI-CAN-28487
|
Microsoft
|
CVE-2026-24285
|
Microsoft Windows win32full Improper Release Local Privilege Escalation
Vulnerability
|
|
|
ZDI-CAN-28247
|
Microsoft
|
CVE-2026-23668
|
Microsoft Windows cdd Improper Locking Local Privilege Escalation
Vulnerability
|
|
|
ZDI-CAN-28557
|
Microsoft
|
CVE-2026-23668
|
Microsoft Windows win32kfull Improper Locking Local Privilege Escalation
Vulnerability
|
|
|
ZDI-CAN-28159
|
Microsoft
|
CVE-2026-23668
|
Microsoft Windows cdd Improper Locking Local Privilege Escalation
Vulnerability
|
|
|
ZDI-CAN-26850
|
Array Networks
|
CVE-2026-26364
|
Array Networks MotionPro ArrayInstallManager Incorrect Permission
Assignment Local Privilege Escalation Vulnerability
|
|
|
ZDI-CAN-28552
|
Apple
|
CVE-2026-20616
|
Apple macOS libusd_ms Alembic File Parsing Out-Of-Bounds Write Remote
Code Execution Vulnerability
|
|
|
ZDI-CAN-28081
|
Apple
|
CVE-2026-20634
|
Apple macOS ImageIO SGI File Parsing Out-Of-Bounds Read Information
Disclosure Vulnerability
|
|
|
ZDI-CAN-28176
|
Apple
|
CVE-2026-20675
|
Apple macOS ImageIO SGI File Parsing Integer Overflow Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-28497
|
Apple
|
CVE-2026-20611
|
Apple macOS Audio APAC Frame Decoding Out-Of-Bounds Write Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-28912
|
Unraid
|
CVE-2026-3839
|
Unraid Authentication Request Path Traversal Authentication Bypass
Vulnerability
|
|
|
ZDI-CAN-28951
|
Unraid
|
CVE-2026-3838
|
Unraid Update Request Path Traversal Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-28911
|
GStreamer
|
CVE-2026-3086
|
GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-28910
|
GStreamer
|
CVE-2026-3084
|
GStreamer H.266 Codec Parser Integer Underflow Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-28854
|
GStreamer
|
CVE-2026-2921
|
GStreamer RIFF Palette Integer Overflow Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-28851
|
GStreamer
|
CVE-2026-3085
|
GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-28850
|
GStreamer
|
CVE-2026-3083
|
GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-28845
|
GStreamer
|
CVE-2026-2922
|
GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-28843
|
GStreamer
|
CVE-2026-2920
|
GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-28840
|
GStreamer
|
CVE-2026-3082
|
GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-28839
|
GStreamer
|
CVE-2026-3081
|
GStreamer H.266 Codec Parser Stack-based Buffer Overflow Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-28838
|
GStreamer
|
CVE-2026-2923
|
GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-28480
|
Philips
|
CVE-2026-3562
|
(Pwn2Own) Philips Hue Bridge hk_hap Ed25519 Signature Verification
Authentication Bypass Vulnerability
|
|
|
ZDI-CAN-28479
|
Philips
|
CVE-2026-3561
|
(Pwn2Own) Philips Hue Bridge hk_hap characteristics Heap-based Buffer
Overflow Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-28469
|
Philips
|
CVE-2026-3560
|
(Pwn2Own) Philips Hue Bridge HomeKit hk_hap_pair_storage_put Heap-based
Buffer Overflow Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-28451
|
Philips
|
CVE-2026-3559
|
(Pwn2Own) Philips Hue Bridge HomeKit Accessory Protocol Static Nonce
Authentication Bypass Vulnerability
|
|
|
ZDI-CAN-28374
|
Philips
|
CVE-2026-3558
|
(Pwn2Own) Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing
Mode Authentication Bypass Vulnerability
|
|
|
ZDI-CAN-28337
|
Philips
|
CVE-2026-3557
|
(Pwn2Own) Philips Hue Bridge hap_pair_verify_handler Sub-TLV Parsing
Heap-based Buffer Overflow Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-28326
|
Philips
|
CVE-2026-3556
|
(Pwn2Own) Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer
Overflow Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-28276
|
Philips
|
CVE-2026-3555
|
(Pwn2Own) Philips Hue Bridge Zigbee Stack Custom Command Handler
Heap-based Buffer Overflow Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-28304
|
Docker
|
CVE-2025-15558
|
Docker Desktop Docker Plugins Uncontrolled Search Path Element Local
Privilege Escalation Vulnerability
|
|
|
ZDI-CAN-28415
|
Delta Electronics
|
CVE-2026-3094
|
Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote
Code Execution Vulnerability
|
|
|
ZDI-CAN-28379
|
Docker
|
CVE-2026-28400
|
Docker Desktop for Mac Docker Model Runner Exposed Dangerous Function
Denial-of-Service Vulnerability
|
|
|
ZDI-CAN-28218
|
Trend Micro
|
CVE-2025-71218
|
Trend Micro Cleaner One Pro Link Following Denial-of-Service
Vulnerability
|
|
|
ZDI-CAN-26039
|
Trend Micro
|
CVE-2025-71209
|
Trend Micro Apex Central Improper Authentication Privilege Escalation
Vulnerability
|
|
|
ZDI-CAN-26037
|
Trend Micro
|
CVE-2025-71208
|
Trend Micro Apex Central Improper Authentication Privilege Escalation
Vulnerability
|
|
|
ZDI-CAN-26597
|
Trend Micro
|
CVE-2025-71207
|
Trend Micro Apex Central Manual Update Server-Side Request Forgery
Vulnerability
|
|
|
ZDI-CAN-26598
|
Trend Micro
|
CVE-2025-71206
|
Trend Micro Apex Central Scheduled Update Server-Side Request Forgery
Vulnerability
|
|
|
ZDI-CAN-26618
|
Trend Micro
|
CVE-2025-71205
|
Trend Micro Apex Central Hub Server Server-Side Request Forgery
Vulnerability
|
|
|
ZDI-CAN-26594
|
Trend Micro
|
CVE-2025-71217
|
Trend Micro Apex One Security Agent TmSelfProtect Origin Validation Error
Local Privilege Escalation Vulnerability
|
|
|
ZDI-CAN-26605
|
Trend Micro
|
CVE-2025-71216
|
Trend Micro Apex One Security Agent Cache Mechanism Time-Of-Check Time-Of-Use
Local Privilege Escalation Vulnerability
|
|
|
ZDI-CAN-26609
|
Trend Micro
|
CVE-2025-71215
|
Trend Micro Apex One Security Agent iCore Service Signature Verification
Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
|
|
|
ZDI-CAN-26771
|
Trend Micro
|
CVE-2025-71213
|
Trend Micro Apex One Origin Validation Error Local Privilege Escalation
Vulnerability
|
|
|
ZDI-CAN-26282
|
Trend Micro
|
CVE-2025-71214
|
Trend Micro Apex One Security Agent iCore Service Origin Validation Error
Local Privilege Escalation Vulnerability
|
|
|
ZDI-CAN-24972
|
Trend Micro
|
CVE-2025-71212
|
Trend Micro Apex One Virus Scan Engine Link Following Local Privilege
Escalation Vulnerability
|
|
|
ZDI-CAN-28002
|
Trend Micro
|
CVE-2025-71211
|
Trend Micro Apex One Console Directory Traversal Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-28001
|
Trend Micro
|
CVE-2025-71210
|
Trend Micro Apex One Console Directory Traversal Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-28385
|
LangChain
|
CVE-2026-27794
|
LangChain LangGraph BaseCache Deserialization of Untrusted Data Remote
Code Execution Vulnerability
|
|
|
ZDI-CAN-27634
|
Hewlett Packard Enterprise
|
CVE-2026-23600
|
Hewlett Packard Enterprise AutoPass License Server Authentication Bypass
Vulnerability
|
|
|
ZDI-CAN-28235
|
Music Assistant
|
CVE-2026-26975
|
(Pwn2Own) Music Assistant _update_library_item External Control of File
Path Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-28108
|
Siemens
|
CVE-2026-25656
|
Siemens SINEC NMS Uncontrolled Search Path Element Local Privilege
Escalation Vulnerability
|
|
|
ZDI-CAN-28107
|
Siemens
|
CVE-2026-25655
|
Siemens SINEC NMS Uncontrolled Search Path Element Local Privilege
Escalation Vulnerability
|
|
|
ZDI-CAN-25440
|
IceWarp
|
CVE-2026-2493
|
IceWarp collaboration Directory Traversal Information Disclosure
Vulnerability
|
|
|
ZDI-CAN-23993
|
Socomec
|
CVE-2026-2491
|
Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability
|
|
|
ZDI-CAN-28824
|
Ubiquiti Networks
|
CVE-2026-21634
|
(Pwn2Own) Ubiquiti Networks AI Pro Uncaught Exception Denial-of-Service
Vulnerability
|
|
|
ZDI-CAN-28474
|
Ubiquiti Networks
|
CVE-2026-21633
|
(Pwn2Own) Ubiquiti Networks AI Pro Cleartext Transmission Information
Disclosure Vulnerability
|
|
|
ZDI-CAN-28274
|
Ubiquiti Networks
|
CVE-2026-21633
|
(Pwn2Own) Ubiquiti Networks AI Pro Discovery Protocol Missing Encryption
Protocol Downgrade Vulnerability
|
|
|
ZDI-CAN-28631
|
Docker
|
CVE-2026-2664
|
Docker Desktop grpcfuse Kernel Module Out-Of-Bounds Read Information
Disclosure Vulnerability
|
|
|
ZDI-CAN-27785
|
claude-hovercraft
|
CVE-2025-15060
|
claude-hovercraft executeClaudeCode Command Injection Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-27562
|
Docker
|
|
Docker Desktop MCP Server Cleartext Storage of Sensitive Information
Vulnerability
|
|
|
ZDI-CAN-27788
|
PDF-XChange
|
CVE-2026-2040
|
PDF-XChange Editor TrackerUpdate Uncontrolled Search Path Element Local
Privilege Escalation Vulnerability
|
|
|
ZDI-CAN-28591
|
GIMP
|
CVE-2026-2048
|
GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-28530
|
GIMP
|
CVE-2026-2047
|
GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-28265
|
GIMP
|
CVE-2026-2045
|
GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-28158
|
GIMP
|
CVE-2026-2044
|
GIMP PGM File Parsing Uninitialized Memory Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-27909
|
RustDesk
|
CVE-2026-2490
|
RustDesk Client for Windows Transfer File Link Following Information
Disclosure Vulnerability
|
|
|
ZDI-CAN-25480
|
TensorFlow
|
CVE-2026-2492
|
TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege
Escalation Vulnerability
|
|
|
ZDI-CAN-25710
|
Fortinet
|
CVE-2025-62676
|
Fortinet FortiClient VPN FCConfig Utility Link Following Local Privilege
Escalation Vulnerability
|
|
|
ZDI-CAN-28404
|
Dassault Systèmes
|
CVE-2026-1335
|
Dassault Systèmes eDrawings Viewer EPRT File Parsing Out-Of-Bounds Write
Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-28378
|
Dassault Systèmes
|
CVE-2026-1334
|
Dassault Systèmes eDrawings Viewer EPRT File Parsing Memory Corruption
Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-28315
|
Dassault Systèmes
|
CVE-2026-1333
|
Dassault Systèmes eDrawings Viewer EPRT File Parsing Uninitialized
Variable Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-28256
|
MLflow
|
CVE-2026-2635
|
MLflow Use of Default Password Authentication Bypass Vulnerability
|
|
|
ZDI-CAN-28112
|
Bosch Rexroth
|
CVE-2025-60037, CVE-2025-60038
|
Bosch Rexroth IndraWorks Print Settings File Parsing Deserialization Of
Untrusted Data Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-27994
|
Bosch Rexroth
|
CVE-2025-60035
|
Bosch Rexroth IndraWorks OPC.TestClient XML File Parsing Deserialization
Of Untrusted Data Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-27996
|
Bosch Rexroth
|
CVE-2025-60036
|
Bosch Rexroth IndraWorks UA.TestClient XML File Parsing Deserialization
Of Untrusted Data Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-28581
|
Autodesk
|
CVE-2026-0875
|
Autodesk AutoCAD MODEL File Out-Of-Bounds Write Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-28417
|
Autodesk
|
CVE-2026-0874
|
Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Write Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-26649
|
MLflow
|
CVE-2026-2033
|
MLflow Tracking Server Artifact Handler Directory Traversal Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-28129
|
Sante
|
CVE-2026-2034
|
Sante DICOM Viewer Pro DCM File Parsing Buffer Overflow Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-27923
|
Oracle
|
CVE-2026-21956
|
Oracle VirtualBox VMSVGA Out-Of-Bounds Access Local Privilege Escalation
Vulnerability
|
|
|
ZDI-CAN-27938
|
Oracle
|
CVE-2026-21957
|
Oracle VirtualBox VMSVGA Out-Of-Bounds Write Local Privilege Escalation
Vulnerability
|
|
|
ZDI-CAN-28080
|
Oracle
|
CVE-2026-21963
|
Oracle VirtualBox BusLogic Uninitialized Memory Information Disclosure
Vulnerability
|
|
|
ZDI-CAN-28079
|
Oracle
|
CVE-2026-21985
|
Oracle VirtualBox LsiLogic Uninitialized Memory Information Disclosure
Vulnerability
|
|
|
ZDI-CAN-27925
|
Oracle
|
CVE-2026-21984
|
Oracle VirtualBox VMSVGA Race Condition Local Privilege Escalation
Vulnerability
|
|
|
ZDI-CAN-27870
|
Oracle
|
CVE-2026-21955
|
Oracle VirtualBox VMSVGA Use-After-Free Local Privilege Escalation
Vulnerability
|
|
|
ZDI-CAN-28045
|
Oracle
|
CVE-2026-21983
|
Oracle VirtualBox VMSVGA Heap-based Buffer Overflow Local Privilege
Escalation Vulnerability
|
|
|
ZDI-CAN-28186
|
Dassault Systèmes
|
CVE-2026-1283
|
Dassault Systèmes eDrawings Viewer EPRT File Parsing Heap-based Buffer
Overflow Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-28188
|
Dassault Systèmes
|
CVE-2026-1284
|
Dassault Systèmes eDrawings Viewer EPRT File Parsing Out-Of-Bounds Write
Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-27478
|
Schneider Electric
|
CVE-2025-13845
|
Schneider Electric EcoStruxure Power Build SSD File Parsing
Use-After-Free Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-27480
|
Schneider Electric
|
CVE-2025-13845
|
Schneider Electric EcoStruxure Power Build SSD File Parsing
Use-After-Free Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-27455
|
Schneider Electric
|
CVE-2025-13845
|
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory
Corruption Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-27362
|
Schneider Electric
|
CVE-2025-13845
|
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory
Corruption Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-27364
|
Schneider Electric
|
CVE-2025-13845
|
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory
Corruption Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-27374
|
Schneider Electric
|
CVE-2025-13845
|
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory
Corruption Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-27390
|
Schneider Electric
|
CVE-2025-13845
|
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory
Corruption Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-27363
|
Schneider Electric
|
CVE-2025-13845
|
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory
Corruption Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-27370
|
Schneider Electric
|
CVE-2025-13845
|
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory
Corruption Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-27368
|
Schneider Electric
|
CVE-2025-13845
|
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory
Corruption Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-27371
|
Schneider Electric
|
CVE-2025-13845
|
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory
Corruption Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-28491
|
Microsoft
|
CVE-2026-21249
|
Microsoft Windows searchConnector-ms NTLM Response Information Disclosure
Vulnerability
|
|
|
ZDI-CAN-28410
|
Microsoft
|
CVE-2026-21527
|
Microsoft Exchange InterceptorSmtpAgent Reliance on Untrusted Inputs
Security Feature Bypass Vulnerability
|
|
|
ZDI-CAN-28066
|
Microsoft
|
CVE-2026-21235
|
Microsoft Windows win32kfull Use-After-Free Local Privilege Escalation
Vulnerability
|
|
|
ZDI-CAN-26885
|
Ivanti
|
CVE-2026-1603
|
Ivanti Endpoint Manager AuthHelper Authentication Bypass Vulnerability
|
|
|
ZDI-CAN-26863
|
Ivanti
|
CVE-2026-1602
|
Ivanti Endpoint Manager ROI SQL Injection Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-28131
|
Deciso
|
CVE-2026-2035
|
Deciso OPNsense diag_backup.php filename Command Injection Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-28597
|
GFI
|
CVE-2026-2039
|
GFI Archiver MArc.Store Missing Authorization Authentication Bypass
Vulnerability
|
|
|
ZDI-CAN-27936
|
GFI
|
CVE-2026-2036
|
GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-27934
|
GFI
|
CVE-2026-2038
|
GFI Archiver MArc.Core Missing Authorization Authentication Bypass
Vulnerability
|
|
|
ZDI-CAN-27935
|
GFI
|
CVE-2026-2037
|
GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-28250
|
Nagios
|
CVE-2026-2041
|
Nagios Host zabbixagent_configwizard_func Command Injection Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-28249
|
Nagios
|
CVE-2026-2043
|
Nagios Host esensors_websensor_configwizard_func Command Injection Remote
Code Execution Vulnerability
|
|
|
ZDI-CAN-28245
|
Nagios
|
CVE-2026-2042
|
Nagios Host monitoringwizard Command Injection Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-27940
|
Adobe
|
CVE-2025-61808
|
Adobe ColdFusion CAR File Parsing Directory Traversal Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-26034
|
Xmind
|
CVE-2026-0777
|
(0Day) Xmind Attachment Insufficient UI Warning Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-28542
|
Docker
|
CVE-2025-14740
|
Docker Desktop for Windows Incorrect Permission Assignment Privilege
Escalation Vulnerability
|
|
|
ZDI-CAN-28190
|
Docker
|
CVE-2025-14740
|
Docker Desktop for Windows Incorrect Permission Assignment Privilege
Escalation Vulnerability
|
|
|
ZDI-CAN-28333
|
Lexmark
|
CVE-2025-65079
|
(Pwn2Own) Lexmark CX532adwe getCFFNames Heap-based Buffer Overflow Remote
Code Execution Vulnerability
|
|
|
ZDI-CAN-28328
|
Lexmark
|
CVE-2025-65080
|
(Pwn2Own) Lexmark CX532adwe usecmap Type Confusion Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-28341
|
Lexmark
|
CVE-2025-65081
|
(Pwn2Own) Lexmark CX532adwe execuserobject Heap-based Buffer Overflow
Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-28261
|
Lexmark
|
CVE-2025-65077
|
(Pwn2Own) Lexmark CX532adwe libesffls Directory Traversal Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-28477
|
Lexmark
|
CVE-2025-65078
|
(Pwn2Own) Lexmark CX532adwe esfhelper Untrusted Search Path Local
Privilege Escalation Vulnerability
|
|
|
ZDI-CAN-26889
|
NVIDIA
|
CVE-2025-33201
|
NVIDIA Triton Inference Server EVBufferToJson Uncaught Exception
Denial-of-Service Vulnerability
|
|
|
ZDI-CAN-27989
|
NVIDIA
|
CVE-2026-24149
|
NVIDIA Megatron-LM load_base_checkpoint Deserialization of Untrusted Data
Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-26000
|
CyberArk
|
CVE-2025-66374
|
CyberArk Endpoint Privilege Management Improper Privilege Management
Local Privilege Escalation Vulnerability
|
|
|
ZDI-CAN-27641
|
AzeoTech
|
CVE-2025-66589
|
AzeoTech DAQFactory Pro CTL File Parsing Out-Of-Bounds Read Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-28285
|
Apple
|
CVE-2025-46298
|
Apple Safari JavaScriptCore FTL New Array Materialization Type Confusion
Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-28035
|
Apple
|
CVE-2025-43283
|
Apple macOS AppleIntelKBLGraphics Out-Of-Bounds Read Information
Disclosure Vulnerability
|
|
|
ZDI-CAN-27596
|
Progress Software
|
CVE-2025-13447
|
Progress Software Kemp LoadMaster addapikey Command Injection Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-27595
|
Progress Software
|
CVE-2025-13447
|
Progress Software Kemp LoadMaster delapikey OS Command Injection Remote
Code Execution Vulnerability
|
|
|
ZDI-CAN-27591
|
Progress Software
|
CVE-2025-13447
|
Progress Software Kemp LoadMaster listapikeys Command Injection Remote
Code Execution Vulnerability
|
|
|
ZDI-CAN-27593
|
Progress Software
|
CVE-2025-13444
|
Progress Software Kemp LoadMaster getcipherset Command Injection Remote
Code Execution Vulnerability
|
|
|
ZDI-CAN-27594
|
Progress Software
|
CVE-2025-13447
|
Progress Software Kemp LoadMaster delcert Command Injection Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-28599
|
GIMP
|
CVE-2026-0797
|
GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-27093
|
Delta Electronics
|
CVE-2026-0975
|
Delta Electronics DIAView Exposed Dangerous Method Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-27307
|
Fortinet
|
CVE-2025-67685
|
Fortinet FortiSandbox fortisandbox Server-Side Request Forgery Remote
Code Execution Vulnerability
|
|
|
ZDI-CAN-26620
|
Hancom
|
CVE-2025-29867
|
Hancom Office DOC File Parsing Type Confusion Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-27892
|
Cisco
|
CVE-2026-20026
|
Cisco Snort _bnfa_search_csparse_nfa Use-After-Free Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-27893
|
Cisco
|
CVE-2026-20027
|
Cisco Snort _bnfa_search_csparse_nfa Out-Of-Bounds Read Information
Disclosure Vulnerability
|
|
|
ZDI-CAN-28082
|
Microsoft
|
CVE-2026-20871
|
Microsoft Windows Desktop Window Manager Use-After-Free Local Privilege
Escalation Vulnerability
|
|
|
ZDI-CAN-25430
|
npm
|
CVE-2026-0775
|
(0Day) npm cli Uncontrolled Search Path Element Local Privilege
Escalation Vulnerability
|
|
|
ZDI-CAN-26845
|
Upsonic
|
CVE-2026-0773
|
(0Day) Upsonic Cloudpickle Deserialization of Untrusted Data Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-23285
|
Enel X
|
CVE-2026-0778
|
(0Day) (Pwn2Own) Enel X JuiceBox 40 Telnet Service Missing Authentication
Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-27057
|
Discord
|
CVE-2026-0776
|
(0Day) Discord Client Uncontrolled Search Path Element Local Privilege
Escalation Vulnerability
|
|
|
ZDI-CAN-26708
|
WatchYourLAN
|
CVE-2026-0774
|
(0Day) WatchYourLAN Configuration Page Argument Injection Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-27919
|
Langflow
|
CVE-2026-0772
|
(0Day) Langflow Disk Cache Deserialization of Untrusted Data Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-27497
|
Langflow
|
CVE-2026-0771
|
(0Day) Langflow PythonFunction Code Injection Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-27325
|
Langflow
|
CVE-2026-0770
|
(0Day) Langflow exec_globals Inclusion of Functionality from Untrusted
Control Sphere Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-26972
|
Langflow
|
CVE-2026-0769
|
(0Day) Langflow eval_custom_component_code Eval Injection Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-27322
|
Langflow
|
CVE-2026-0768
|
(0Day) Langflow code Code Injection Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-28259
|
Open WebUI
|
CVE-2026-0767
|
(0Day) Open WebUI Cleartext Transmission of Credentials Information
Disclosure Vulnerability
|
|
|
ZDI-CAN-28257
|
Open WebUI
|
CVE-2026-0766
|
(0Day) Open WebUI load_tool_module_by_id Command Injection Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-28258
|
Open WebUI
|
CVE-2026-0765
|
(0Day) Open WebUI PIP install_frontmatter_requirements Command Injection
Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-27957
|
GPT Academic
|
CVE-2026-0764
|
(0Day) GPT Academic upload Deserialization of Untrusted Data Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-27958
|
GPT Academic
|
CVE-2026-0763
|
(0Day) GPT Academic run_in_subprocess_wrapper_func Deserialization of
Untrusted Data Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-27956
|
GPT Academic
|
CVE-2026-0762
|
(0Day) GPT Academic stream_daas Deserialization of Untrusted Data Remote
Code Execution Vulnerability
|
|
|
ZDI-CAN-28124
|
Foundation Agents
|
CVE-2026-0761
|
(0Day) Foundation Agents MetaGPT actionoutput_str_to_mapping Code
Injection Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-28121
|
Foundation Agents
|
CVE-2026-0760
|
(0Day) Foundation Agents MetaGPT deserialize_message Deserialization of
Untrusted Data Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-27786
|
Katana Network
|
CVE-2026-0759
|
(0Day) Katana Network Development Starter Kit executeCommand Command
Injection Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-27910
|
mcp-server-siri-shortcuts
|
CVE-2026-0758
|
(0Day) mcp-server-siri-shortcuts shortcutName Command Injection Privilege
Escalation Vulnerability
|
|
|
ZDI-CAN-27810
|
MCP Manager for Claude Desktop
|
CVE-2026-0757
|
(0Day) MCP Manager for Claude Desktop execute-command Command Injection
Sandbox Escape Vulnerability
|
|
|
ZDI-CAN-27784
|
github-kanban-mcp-server
|
CVE-2026-0756
|
(0Day) github-kanban-mcp-server execAsync Command Injection Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-27783
|
Gemini MCP Tool
|
CVE-2026-0755
|
(0Day) gemini-mcp-tool execAsync Command Injection Remote Code Execution
Vulnerability
|
|
|
ZDI-CAN-27683
|
Ollama MCP Server
|
CVE-2025-15063
|
(0Day) Ollama MCP Server execAsync Command Injection Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-27889
|
Cisco
|
CVE-2026-20029
|
Cisco Identity Services Engine getSpecificPLRfromAuthCode XML External
Entity Processing Information Disclosure Vulnerability
|
|
|
ZDI-CAN-28322
|
ALGO
|
CVE-2026-0796
|
(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-28321
|
ALGO
|
CVE-2026-0795
|
(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-28303
|
ALGO
|
CVE-2026-0794
|
(0Day) ALGO 8180 IP Audio Alerter SIP Use-After-Free Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-28302
|
ALGO
|
CVE-2026-0793
|
(0Day) ALGO 8180 IP Audio Alerter InformaCast Heap-based Buffer Overflow
Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-28301
|
ALGO
|
CVE-2026-0792
|
(0Day) ALGO 8180 IP Audio Alerter SIP INVITE Alert-Info Stack-based
Buffer Overflow Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-28300
|
ALGO
|
CVE-2026-0791
|
(0Day) ALGO 8180 IP Audio Alerter SIP INVITE Replaces Stack-based Buffer
Overflow Remote Code Execution Vulnerability
|
|
|
ZDI-CAN-28299
|
ALGO
|
CVE-2026-0790
|
(0Day) ALGO 8180 IP Audio Alerter Web UI Direct Request Information
Disclosure Vulnerability
|
|
|
ZDI-CAN-28297
|
ALGO
|
CVE-2026-0789
|
(0Day) ALGO 8180 IP Audio Alerter Web UI Inclusion of Authentication
Cookie in Response Body Information Disclosure Vulnerability
|
|
|
ZDI-CAN-28298
|
ALGO
|
CVE-2026-0788
|
(0Day) ALGO 8180 IP Audio Alerter Web UI Persistent Cross-Site Scripting
Vulnerability
|
|
|
ZDI-CAN-28296
|
ALGO
|
CVE-2026-0787
|
(0Day) ALGO 8180 IP Audio Alerter SAC Command Injection Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-28295
|
ALGO
|
CVE-2026-0786
|
(0Day) ALGO 8180 IP Audio Alerter SCI Command Injection Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-28294
|
ALGO
|
CVE-2026-0785
|
(0Day) ALGO 8180 IP Audio Alerter API Command Injection Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-28293
|
ALGO
|
CVE-2026-0784
|
(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-28292
|
ALGO
|
CVE-2026-0783
|
(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-28291
|
ALGO
|
CVE-2026-0782
|
(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-28290
|
ALGO
|
CVE-2026-0781
|
(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-28289
|
ALGO
|
CVE-2026-0780
|
(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code
Execution Vulnerability
|
|
|
ZDI-CAN-25568
|
ALGO
|
CVE-2026-0779
|
(0Day) ALGO 8180 IP Audio Alerter Ping Command Injection Remote Code
Execution Vulnerability
|