Zero Day Monitor

Zero Day MonitorZDM

Dashboard Vulnerabilities Trending Zero-Days News

Impressum Privacy Policy

Zero Day Monitor © 2026

2466 articles · 106140 vulns · 38/41 feeds (7d)

364

+63 today

Exploited (7d)

204

+51 today

Critical (7d)

1387

CISA KEV

4

Pre-CVE

2466

+443 today

Articles (7d)

Vulnerabilities

Cloud Software Group · CVE-2026-3055 — Insufficient input validation leading to memory overreadKEVEXPLOITEDPATCHED

NetScaler ADC and NetScaler Gateway· CVSS 9.3· CWE-125

fortinet · CVE-2026-21643 — CVE-2026-21643: An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiCKEVEXPLOITEDPATCHED

forticlientems· CVSS 9.1· CWE-89

aquasec · CVE-2026-33634 — Trivy ecosystem supply chain briefly compromisedKEVEXPLOITEDPATCHED

setup-trivy· CVSS 8.8· CWE-506

trueconf · CVE-2026-3502 — TrueConf Client Update Integrity Verification BypassKEVEXPLOITED

trueconf client· CVSS 7.8· CWE-494

oracle · CVE-2026-21962 — Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware (component: Weblogic Server Proxy Plug-in for Apache HTTP Server, Weblogic Server ProxKEVEXPLOITEDPATCHED

http_server· CVSS 10.0· CWE-284

langflow · CVE-2026-33017 — Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows withouKEVEXPLOITEDPATCHED

langflow· CVSS 9.3· CWE-94

fortinet · CVE-2026-24858 — An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 KEVEXPLOITEDPATCHED

fortianalyzer· CVSS 9.8· CWE-288

go · CVE-2026-33032 — Nginx UI: Unauthenticated MCP Endpoint Allows Remote Nginx TakeoverEXPLOITED

github.com/0xjacky/nginx-ui· CVSS 9.8· CWE-306

handlebars-lang · CVE-2026-33939 — Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template CompilationEXPLOITEDPATCHED

handlebars.js· CVSS 7.5· CWE-754

the gnu c library · CVE-2026-4046 — iconv crash due to assertion failure with untrusted inputEXPLOITEDPATCHED

glibc· CVSS 7.5· CWE-617

→ View full list

Pre-CVE Events

ZERO-DAYKVM shadow EPT stale rmap use-after-free

red hatHIGH1 sourcesverified

Multiple Vulnerabilities in python-pillow on Red Hat Enterprise Linux Allow Denial of Service and Information Disclosure

red hatHIGH1 sources

Excessive Default Permissions in GCP Vertex AI Service Agents

googleCRITICAL2 sources

Ransomware Tactics in 2025: Blending with Legitimate Activity

Latest news

[B]microsoftCVE-2026-20805

Security Alert: Microsoft Releases January 2026 Security Updates

[B]microsoftCVE-2026-21510

Security Alert: Microsoft Releases February 2026 Security Updates

[B]adobe

Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB26-26)

[B]adobe

Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB25-119)

[B]microsoftCVE-2025-62221

Security Alert: Microsoft Releases December 2025 Security Updates

[B]microsoft

Security Alert: Microsoft Releases March 2026 Security Updates

[C]pipCVE-2026-34231

CVE-2026-34231 | mixxorz slippers up to 0.6.2 on Django cross site scripting

50m ago

[C]anthropicCVE-2026-22561

CVE-2026-22561 | Anthropic Claude Desktop up to 1.1.3362 on Windows Setup.exe uncontrolled search path

50m ago