Zero Day Monitor

Zero Day Monitor

105575

New CVEs

211

Critical

6

Pre-CVE

1384

CISA KEV

1476

Articles

38/41

Feeds

Vulnerabilities

langflow · CVE-2026-33017 — Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows withouKEVEXPLOITED

langflow· CVSS 9.3· CWE-94

aquasecurity · CVE-2026-33634 — Trivy ecosystem supply chain briefly compromisedKEVEXPLOITED

trivy· CVSS 8.8· CWE-506

gnu · CVE-2026-24061 — telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.KEVEXPLOITED

inetutils· CVSS 9.8· CWE-88

microsoft · CVE-2026-21510 — Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.KEVEXPLOITED

windows_10_1607· CVSS 8.8· CWE-693

microsoft · CVE-2026-20805 — Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.KEVEXPLOITED

windows_10_1607· CVSS 5.5· CWE-200

oracle · CVE-2026-21962 — Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware (component: Weblogic Server Proxy Plug-in for Apache HTTP Server, Weblogic Server ProxKEVEXPLOITED

http_server· CVSS 10.0· CWE-284

cisco · CVE-2026-20131 — A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root&nKEVEXPLOITED

secure_firewall_management_center· CVSS 10.0· CWE-502

apple · CVE-2026-20700 — A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker with memoKEVEXPLOITED

ipados· CVSS 7.8· CWE-119

cisco · CVE-2026-20127 — A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, rKEVEXPLOITED

catalyst_sd-wan_manager· CVSS 10.0· CWE-287

n/a · CVE-2026-30302 — CVE-2026-30302: The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability, rendering its whiteliEXPLOITED

n/a· CVSS 10.0

→ View full list

Urgent

aquasecurity trivy

wazuh wazuh-manager