Zero Day Monitor

Zero Day MonitorZDM

580

+85 today

Exploited (7d)

266

+60 today

Critical (7d)

1648

CISA KEV

191

Pre-CVE

2326

+449 today

Articles (7d)

Threat Briefing

Global

Loading...

About Zero Day Monitor

Open-source vulnerability intelligence for security teams. The platform scans 41 security feeds, analyzes articles with AI, and surfaces the threats that matter. Track trending CVEs, discover zero-days before they get a CVE ID, and monitor your vendor stack for supply-chain risks.

Trending

Ranked by source count

Zero-Days

Pre-CVE detection

Verification

Community-driven

Open Source

AGPL-3.0 licensed

Learn more about the project Sign in for personalized features

Vulnerabilities

checkpoint · CVE-2026-50751 — User Authentication Bypass in VPN Remote Access and Mobile AccessKEVEXPLOITEDPATCHED

quantum security gateway· CVSS 9.3· CWE-287

google · CVE-2026-5281 — CVE-2026-5281: Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderKEVEXPLOITEDPATCHED

chrome· CVSS 8.8· CWE-416

solarwinds · CVE-2026-28318 — SolarWinds Serv-U Unauthenticated Denial of Service VulnerabilityKEVEXPLOITED

serv-u· CVSS 7.5· CWE-400

google · CVE-2026-3909 — Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)KEVEXPLOITEDPATCHED

chrome· CVSS 8.8· CWE-787

google · CVE-2026-3910 — Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: HiKEVEXPLOITEDPATCHED

chrome· CVSS 8.8· CWE-94

microsoft · CVE-2026-41089 — Windows Netlogon Remote Code Execution VulnerabilityKEVEXPLOITEDPATCHED

windows_server_2012· CVSS 9.8· CWE-121

everest forms · CVE-2026-3300 — The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions up to, and including, 1.9.12. This is due to the Calculation Addon's process_fiKEVEXPLOITED

everest forms pro· CVSS 9.8· CWE-94

cis · CVE-2026-20182 — Cisco Catalyst SD-WAN Controller Authentication Bypass VulnerabilityKEVEXPLOITEDPATCHED

catalyst_sd-wan_manager· CVSS 10.0· CWE-287

apache · CVE-2026-34197 — Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeansKEVEXPLOITEDPATCHED

activemq· CVSS 8.8· CWE-20

cis · CVE-2026-20245 — Cisco Catalyst SD-WAN Controller Authenticated Privilege Escalation VulnerabilityEXPLOITED

catalyst sd-wan· CVSS 7.8· CWE-116

→ View full list

Pre-CVE Events

ZERO-DAYMalicious Code Injection via Axios npm Package Maintainer Account Takeover

axiosMEDIUM1 sourcesverified

ZERO-DAYADV990001 Latest Servicing Stack Updates

1 sourcesverified

Chat-Based Social Engineering Attacks via Microsoft Teams

Zcash Orchard Privacy Pool Transaction Validation Flaw

zcashCRITICAL1 sources

CrowdStrike and Zscaler Integration for Continuous Identity in Zero Trust Access

Latest news

[B]adobe

Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB25-119)

[B]microsoftCVE-2025-62221

Security Alert: Microsoft Releases December 2025 Security Updates

[B]microsoftCVE-2026-21510

Security Alert: Microsoft Releases February 2026 Security Updates

[B]adobeCVE-2026-27220

Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB26-26)

[B]microsoft

Security Alert: Microsoft Releases March 2026 Security Updates

[B]microsoftCVE-2026-20805

Security Alert: Microsoft Releases January 2026 Security Updates

[B]microsoftCVE-2026-32201

Security Alert: Microsoft Releases April 2026 Security Updates

[B]trend microCVE-2026-34926

Security Alert: Alert Regarding Multiple Vulnerabilities in Trend Micro Products Including TrendAI Apex One