Zero Day Monitor

Zero Day MonitorZDM

42

+12 today

Exploited (7d)

139

+35 today

Critical (7d)

1501

CISA KEV

0

Pre-CVE

835

+835 today

Articles (7d)

Vulnerabilities

google · CVE-2026-5281 — CVE-2026-5281: Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderKEVEXPLOITEDPATCHED

chrome· CVSS 8.8· CWE-416

trueconf · CVE-2026-3502 — TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payloadKEVEXPLOITED

trueconf· CVSS 7.8· CWE-494

apple · CVE-2026-20700 — A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker with memoKEVEXPLOITEDPATCHED

ipados· CVSS 7.8· CWE-119

google · CVE-2026-3910 — Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: HiKEVEXPLOITEDPATCHED

chrome· CVSS 8.8· CWE-94

google · CVE-2026-3909 — Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)KEVEXPLOITEDPATCHED

chrome· CVSS 8.8· CWE-787

google · CVE-2026-2441 — Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)KEVEXPLOITEDPATCHED

chrome· CVSS 8.8· CWE-416

fortinet · CVE-2026-21643 — An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized codKEVEXPLOITEDPATCHED

forticlientems· CVSS 9.8· CWE-89

microsoft · CVE-2026-21510 — Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.KEVEXPLOITEDPATCHED

windows_10_1607· CVSS 8.8· CWE-693

microsoft · CVE-2026-20805 — Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.KEVEXPLOITEDPATCHED

windows_10_1607· CVSS 5.5· CWE-200

djangoproject · CVE-2026-1207 — An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on ``RasterField`` (only implemented on PostGIS) allows remote attackers to inject SQL via the banKEVEXPLOITEDPATCHED

django· CVSS 5.4· CWE-89

→ View full list

Latest CVEs

nothingsNONE56m ago

golangHIGH1h ago

hclMEDIUM1h ago

composerMEDIUM1h ago

Latest news