Zero Day Monitor

Zero Day MonitorZDM

607

+63 today

Exploited (7d)

314

+62 today

Critical (7d)

1603

CISA KEV

31

Pre-CVE

3579

+656 today

Articles (7d)

Threat Briefing

Global

Loading...

About Zero Day Monitor

Open-source vulnerability intelligence for security teams. The platform scans 41 security feeds, analyzes articles with AI, and surfaces the threats that matter. Track trending CVEs, discover zero-days before they get a CVE ID, and monitor your vendor stack for supply-chain risks.

Trending

Ranked by source count

Zero-Days

Pre-CVE detection

Verification

Community-driven

Open Source

AGPL-3.0 licensed

Learn more about the project Sign in for personalized features

Vulnerabilities

cpanel · CVE-2026-41940 — WebPros cPanel and WHM Authentication Bypass via Login FlowKEVEXPLOITEDPATCHED

cpanel· CVSS 9.8· CWE-306

linux · CVE-2026-31431 — crypto: algif_aead - Revert to operating out-of-placeKEVEXPLOITEDPATCHED

linux_kernel· CVSS 7.8· CWE-20

ivanti · CVE-2026-6973 — CVE-2026-6973: An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticKEVEXPLOITEDPATCHED

endpoint_manager_mobile· CVSS 7.0· CWE-20

linux · CVE-2026-43284 — xfrm: esp: avoid in-place decrypt on shared skb fragsKEVEXPLOITEDPATCHED

linux_kernel· CVSS 8.8· CWE-20

litellm · CVE-2026-42208 — LiteLLM: SQL injection in Proxy API key verificationKEVEXPLOITEDPATCHED

litellm· CVSS 9.8· CWE-89

linux · CVE-2026-43500 — rxrpc: Also unshare DATA/RESPONSE packets when paged frags are presentKEVEXPLOITEDPATCHED

linux_kernel· CVSS 7.8

palo alto networks · CVE-2026-0300 — PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication PortalEXPLOITEDPATCHED

pan-os· CVSS 7.5· CWE-787

apple · CVE-2026-28950 — CVE-2026-28950: A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.8 and iPadOS 18.7.8, iOS 26.EXPLOITEDPATCHED

ipados· CVSS 6.2

progress · CVE-2026-4670 — Improper Authentication vulnerability in Progress MOVEit AutomationEXPLOITEDPATCHED

moveit_automation· CVSS 9.8· CWE-305

golang · CVE-2026-27143 — Missing bound checks can lead to memory corruption in safe Go in cmd/compileEXPLOITEDPATCHED

→ View full list

Pre-CVE Events

ZERO-DAYMalicious Code Injection via Axios npm Package Maintainer Account Takeover

axiosMEDIUM1 sourcesverified

ZERO-DAYADV990001 Latest Servicing Stack Updates

1 sourcesverified

Denial of Service Vulnerability in ImageMagick and GraphicsMagick

MEDIUM1 sources

Multiple Vulnerabilities in Dell ECS Allow Privilege Escalation, Arbitrary Code Execution, and Security Bypass

dellHIGH1 sources

State-sponsored actors, better known as the friends you don’t want

Latest news

[B]microsoftCVE-2026-21510

Security Alert: Microsoft Releases February 2026 Security Updates

[B]microsoftCVE-2026-20805

Security Alert: Microsoft Releases January 2026 Security Updates

[B]microsoftCVE-2026-32201

Security Alert: Microsoft Releases April 2026 Security Updates

[B]adobe

Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB26-44)

[B]adobeCVE-2026-27220

Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB26-26)

[B]microsoft

Security Alert: Microsoft Releases March 2026 Security Updates

[B]microsoftCVE-2025-62221

Security Alert: Microsoft Releases December 2025 Security Updates

[B]adobe

Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB25-119)