Zero Day Monitor

Zero Day MonitorZDM

644

+156 today

Exploited (7d)

317

+106 today

Critical (7d)

1533

CISA KEV

16

Pre-CVE

2825

+700 today

Articles (7d)

Threat Briefing

Global

Loading...

About Zero Day Monitor

Open-source vulnerability intelligence for security teams. The platform scans 41 security feeds, analyzes articles with AI, and surfaces the threats that matter. Track trending CVEs, discover zero-days before they get a CVE ID, and monitor your vendor stack for supply-chain risks.

Trending

Ranked by source count

Zero-Days

Pre-CVE detection

Verification

Community-driven

Open Source

AGPL-3.0 licensed

Learn more about the project Sign in for personalized features

Vulnerabilities

fortinet · CVE-2026-35616 — CVE-2026-35616: A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attaKEVEXPLOITEDPATCHED

forticlientems· CVSS 9.1· CWE-284

google · CVE-2026-5281 — CVE-2026-5281: Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderKEVEXPLOITEDPATCHED

chrome· CVSS 8.8· CWE-416

ivanti · CVE-2026-1340 — CVE-2026-1340: A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.KEVEXPLOITEDPATCHED

endpoint_manager_mobile· CVSS 9.8· CWE-94

wp ninjas · CVE-2026-0740 — Ninja Forms - File Upload <= 3.3.26 - Unauthenticated Arbitrary File UploadKEVEXPLOITED

ninja forms - file uploads· CVSS 9.8· CWE-434

fortinet · CVE-2026-21643 — An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized codKEVEXPLOITEDPATCHED

forticlientems· CVSS 9.8· CWE-89

trueconf · CVE-2026-3502 — TrueConf Client Update Integrity Verification BypassKEVEXPLOITED

trueconf· CVSS 7.8· CWE-494

ivanti · CVE-2026-1281 — A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.KEVEXPLOITEDPATCHED

endpoint_manager_mobile· CVSS 9.8· CWE-94

weaver (fanwei) · CVE-2026-22679 — Weaver E-cology 10.0 Unauthenticated RCE via dubboApi Debug EndpointKEVEXPLOITEDPATCHED

e-cology· CVSS 9.8· CWE-306

microsoft · CVE-2026-21509 — Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.KEVEXPLOITED

365_apps· CVSS 7.8· CWE-807

microsoft · CVE-2026-21513 — Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.KEVEXPLOITEDPATCHED

windows_10_1607· CVSS 8.8· CWE-693

→ View full list

Pre-CVE Events

Multiple vulnerabilities in SonicWall SMA1000 Series Appliances

sonicwall1 sources

Re: Fwd: [siren] Severity: High – Potential Malicious Campaign Underway Targeting Open Source Developers via Slack

Multiple vulnerabilities in Mitel MiCollab

mitel networks1 sources

Re: [EXTERN] Re: [oss-security] Multiple CVEs disclosed in CUPS

Multiple vulnerabilities in GitLab CE and EE prior to 18.10.3, 18.9.5, and 18.8.9

gitlab1 sources

Latest news

[B]microsoftCVE-2025-62221

Security Alert: Microsoft Releases December 2025 Security Updates

[B]adobeCVE-2026-27220

Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB26-26)

[B]microsoftCVE-2026-20805

Security Alert: Microsoft Releases January 2026 Security Updates

[B]microsoftCVE-2026-21510

Security Alert: Microsoft Releases February 2026 Security Updates

[B]microsoft

Security Alert: Microsoft Releases March 2026 Security Updates

[B]adobe

Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB25-119)

[B]sonicwall

SonicWall security advisory (AV26-332)

35m ago

[C]pycaCVE-2026-39892

PyCA cryptography 46.0.7 released, fixes CVE-2026-39892

1h ago