Zero Day Monitor

Zero Day MonitorZDM

647

+231 today

Exploited (7d)

373

+180 today

Critical (7d)

1533

CISA KEV

11

Pre-CVE

3369

+710 today

Articles (7d)

Threat Briefing

Global

Loading...

About Zero Day Monitor

Open-source vulnerability intelligence for security teams. The platform scans 41 security feeds, analyzes articles with AI, and surfaces the threats that matter. Track trending CVEs, discover zero-days before they get a CVE ID, and monitor your vendor stack for supply-chain risks.

Trending

Ranked by source count

Zero-Days

Pre-CVE detection

Verification

Community-driven

Open Source

AGPL-3.0 licensed

Learn more about the project Sign in for personalized features

Vulnerabilities

fortinet · CVE-2026-35616 — CVE-2026-35616: A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attaKEVEXPLOITEDPATCHED

forticlientems· CVSS 9.1· CWE-284

google · CVE-2026-5281 — CVE-2026-5281: Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderKEVEXPLOITEDPATCHED

chrome· CVSS 8.8· CWE-416

wp ninjas · CVE-2026-0740 — Ninja Forms - File Upload <= 3.3.26 - Unauthenticated Arbitrary File UploadKEVEXPLOITED

ninja forms - file uploads· CVSS 9.8· CWE-434

fortinet · CVE-2026-21643 — An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized codKEVEXPLOITEDPATCHED

forticlientems· CVSS 9.8· CWE-89

trueconf · CVE-2026-3502 — TrueConf Client Update Integrity Verification BypassKEVEXPLOITED

trueconf· CVSS 7.8· CWE-494

weaver (fanwei) · CVE-2026-22679 — Weaver E-cology 10.0 Unauthenticated RCE via dubboApi Debug EndpointKEVEXPLOITEDPATCHED

e-cology· CVSS 9.8· CWE-306

smartertools · CVE-2026-23760 — SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails tKEVEXPLOITEDPATCHED

smartermail· CVSS 9.8· CWE-288

djangoproject · CVE-2026-1207 — An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on ``RasterField`` (only implemented on PostGIS) allows remote attackers to inject SQL via the banKEVEXPLOITEDPATCHED

django· CVSS 5.4· CWE-89

beyondtrust · CVE-2026-1731 — BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted reqKEVEXPLOITEDPATCHED

privileged_remote_access· CVSS 9.8· CWE-78

openprinting · CVE-2026-34990 — OpenPrinting CUPS: Local print admin token disclosure using temporary printersEXPLOITED

cups· CVSS 7.8· CWE-287

→ View full list

Pre-CVE Events

Microsoft Windows Local Privilege Escalation Vulnerability

microsoftHIGH1 sources

Multiple vulnerabilities in Snipe-IT allow bypassing security measures and potential Cross-Site Scripting

MEDIUM1 sources

Multiple Vulnerabilities in Zammad Allow Code Execution, Security Bypass, Information Disclosure, and Cross-Site Scripting

zammadMEDIUM1 sources

Malicious Supply Chain Compromise in litellm

python package index1 sources

Multiple Vulnerabilities in Mozilla Firefox and Thunderbird Allow Denial of Service and Arbitrary Code Execution

mozillaHIGH1 sources

Latest news

[B]microsoftCVE-2026-21510

Security Alert: Microsoft Releases February 2026 Security Updates

[B]microsoftCVE-2025-62221

Security Alert: Microsoft Releases December 2025 Security Updates

[B]microsoft

Security Alert: Microsoft Releases March 2026 Security Updates

[B]adobe

Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB25-119)

[B]adobeCVE-2026-27220

Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB26-26)

[B]microsoftCVE-2026-20805

Security Alert: Microsoft Releases January 2026 Security Updates

[B]microsoft

[NEU] [UNGEPATCHT] [hoch] Microsoft Windows: Schwachstelle ermöglicht Privilegieneskalation

22m ago

[B]CVE-2026-2436

[NEU] [hoch] IBM App Connect Enterprise: Mehrere Schwachstellen

27m ago