Zero Day Monitor

Zero Day MonitorZDM

760

+56 today

Exploited (7d)

209

+41 today

Critical (7d)

1661

CISA KEV

227

Pre-CVE

2929

+225 today

Articles (7d)

Threat Briefing

Global

Loading...

About Zero Day Monitor

Open-source vulnerability intelligence for security teams. The platform scans 41 security feeds, analyzes articles with AI, and surfaces the threats that matter. Track trending CVEs, discover zero-days before they get a CVE ID, and monitor your vendor stack for supply-chain risks.

Trending

Ranked by source count

Zero-Days

Pre-CVE detection

Verification

Community-driven

Open Source

AGPL-3.0 licensed

Learn more about the project Sign in for personalized features

Vulnerabilities

oracle · CVE-2026-35273 — CVE-2026-35273: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment ManaKEVEXPLOITEDPATCHED

peoplesoft_enterprise_peopletools· CVSS 9.8

cis · CVE-2026-20182 — Cisco Catalyst SD-WAN Controller Authentication Bypass VulnerabilityKEVEXPLOITEDPATCHED

catalyst_sd-wan_manager· CVSS 10.0· CWE-287

checkpoint · CVE-2026-50751 — User Authentication Bypass in VPN Remote Access and Mobile AccessKEVEXPLOITEDPATCHED

gaia_os· CVSS 9.3· CWE-287

google · CVE-2026-5281 — CVE-2026-5281: Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderKEVEXPLOITEDPATCHED

chrome· CVSS 8.8· CWE-416

litellm · CVE-2026-42271 — LiteLLM: Authenticated command execution via MCP stdio test endpointsKEVEXPLOITEDPATCHED

litellm· CVSS 8.8· CWE-77

ubiquiti · CVE-2026-34908 — CVE-2026-34908: A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS deKEVEXPLOITEDPATCHED

unifi os· CVSS 10.0· CWE-284

nginx · CVE-2026-42945 — NGINX ngx_http_rewrite_module vulnerabilityKEVEXPLOITEDPATCHED

nginx plus· CVSS 8.1· CWE-122

ubiquiti · CVE-2026-34910 — CVE-2026-34910: A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS KEVEXPLOITEDPATCHED

unifi os· CVSS 10.0· CWE-20

solarwinds · CVE-2026-28318 — SolarWinds Serv-U Unauthenticated Denial of Service VulnerabilityKEVEXPLOITED

serv-u· CVSS 7.5· CWE-400

langflow · CVE-2026-5027 — The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traveKEVEXPLOITED

Langflow· CVSS 8.8· CWE-22

→ View full list

Pre-CVE Events

ZERO-DAYMalicious Code Injection via Axios npm Package Maintainer Account Takeover

axiosMEDIUM1 sourcesverified

ZERO-DAYADV990001 Latest Servicing Stack Updates

1 sourcesverified

NIS2 Directive Compliance and Operational Resilience Requirements

CrowdStrike Announces Continuous Identity for AI Agents

OWASP Top 10 2025 Changes and Recommendations

Latest news

[B]microsoft

Security Alert: Microsoft Releases May 2026 Security Updates

[B]microsoft

Security Alert: Microsoft Releases March 2026 Security Updates

[B]trend microCVE-2026-34926

Security Alert: Alert Regarding Multiple Vulnerabilities in Trend Micro Products Including TrendAI Apex One

[B]microsoftCVE-2026-42897

Security Alert: Microsoft Releases June 2026 Security Updates