Zero Day Monitor
ZDM
Dashboard
Vulnerabilities
Trending
Zero-Days
News
Login
427
+88 today
Exploited (7d)
206
+43 today
Critical (7d)
1390
CISA KEV
8
Pre-CVE
2995
+561 today
Articles (7d)
Vulnerabilities
Trending
Newest
Urgent
Weekly Urgent
Weekly Trending
9.3
citrix ·
CVE-2026-3055 —
Insufficient input validation leading to memory overread
KEV
EXPLOITED
PATCHED
netscaler_application_delivery_controller
· CVSS 9.3
· CWE-125
138
🔥
18 art.
0
Mar 23, 2026
9.1
fortinet ·
CVE-2026-21643 —
CVE-2026-21643: An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiC
KEV
EXPLOITED
PATCHED
forticlientems
· CVSS 9.1
· CWE-89
133
🔥
8 art.
0
Feb 6, 2026
8.8
dawn ·
CVE-2026-5281 —
CVE-2026-5281: Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the render
KEV
EXPLOITED
PATCHED
in google chrome
· CVSS 8.8
· CWE-416
131
🔥
7 art.
0
Apr 1, 2026
8.8
google ·
CVE-2026-3910 —
Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Hi
KEV
EXPLOITED
PATCHED
chrome
· CVSS 8.8
· CWE-94
111
🔥
3 art.
0
Mar 13, 2026
8.8
google ·
CVE-2026-3909 —
Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
KEV
EXPLOITED
PATCHED
chrome
· CVSS 8.8
· CWE-787
111
🔥
3 art.
0
Mar 13, 2026
8.8
google ·
CVE-2026-2441 —
Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
KEV
EXPLOITED
PATCHED
chrome
· CVSS 8.8
· CWE-416
108
🔥
2 art.
0
Feb 13, 2026
7.8
trueconf client ·
CVE-2026-3502 —
TrueConf Client Update Integrity Verification Bypass
KEV
EXPLOITED
· CVSS 7.8
· CWE-494
99
2 art.
0
Mar 30, 2026
8.8
aquasec ·
CVE-2026-33634 —
Trivy ecosystem supply chain briefly compromised
KEV
EXPLOITED
PATCHED
setup-trivy
· CVSS 8.8
· CWE-506
97
3 art.
0
Mar 23, 2026
8.8
xenforo ·
CVE-2026-35056 —
XenForo Remote Code Execution via Authenticated Admin
KEV
EXPLOITED
PATCHED
· CVSS 8.8
· CWE-94
83
1 art.
0
Apr 1, 2026
10.0
oracle ·
CVE-2026-21962 —
Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware (component: Weblogic Server Proxy Plug-in for Apache HTTP Server, Weblogic Server Prox
KEV
EXPLOITED
PATCHED
http_server
· CVSS 10.0
· CWE-284
80
2 art.
0
Jan 20, 2026
→ View full list
Pre-CVE Events
View all
ZERO-DAY
KVM shadow EPT stale rmap use-after-free
red hat
HIGH
1 sources
verified
Multiple Vulnerabilities in IBM Security Verify Access Allowing Privilege Escalation, Code Execution, and Data Exposure
ibm
HIGH
1 sources
Multiple Vulnerabilities in CUPS Allow Code Execution, Privilege Escalation, Data Manipulation, and Denial of Service
apple
MEDIUM
1 sources
Multiple Vulnerabilities in Joomla CMS Allow Security Bypass, SQL Injection, and Cross-Site Scripting
joomla
HIGH
1 sources
A Taxonomy of Cognitive Security
1 sources
Latest news
View all
[B]
microsoft
Security Alert: Microsoft Releases March 2026 Security Updates
[B]
adobe
Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB26-26)
[B]
microsoft
CVE-2026-21510
Security Alert: Microsoft Releases February 2026 Security Updates
[B]
microsoft
CVE-2026-20805
Security Alert: Microsoft Releases January 2026 Security Updates
[B]
microsoft
CVE-2025-62221
Security Alert: Microsoft Releases December 2025 Security Updates
[B]
adobe
Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB25-119)
[C]
n/a
CVE-2025-67807
CVE-2025-67807 | Sage DPW 2025_06_004 Login response discrepancy
21m ago
[C]
Lakeside Software
CVE-2026-35099
CVE-2026-35099 | Lakeside SysTrack Agent prior 11.2.1.28 race condition
22m ago
