Zero Day Monitor

Zero Day MonitorZDM

464

+34 today

Exploited (7d)

159

+63 today

Critical (7d)

1553

CISA KEV

32

Pre-CVE

2365

+280 today

Articles (7d)

Threat Briefing

Global

Loading...

About Zero Day Monitor

Open-source vulnerability intelligence for security teams. The platform scans 41 security feeds, analyzes articles with AI, and surfaces the threats that matter. Track trending CVEs, discover zero-days before they get a CVE ID, and monitor your vendor stack for supply-chain risks.

Trending

Ranked by source count

Zero-Days

Pre-CVE detection

Verification

Community-driven

Open Source

AGPL-3.0 licensed

Learn more about the project Sign in for personalized features

Vulnerabilities

microsoft · CVE-2026-32201 — Microsoft SharePoint Server Spoofing VulnerabilityKEVEXPLOITEDPATCHED

sharepoint_server· CVSS 6.5· CWE-20

nginxui · CVE-2026-33032 — Nginx UI: Unauthenticated MCP Endpoint Allows Remote Nginx TakeoverKEVEXPLOITEDPATCHED

nginx_ui· CVSS 9.8· CWE-306

adobe · CVE-2026-34621 — Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321)KEVEXPLOITEDPATCHED

acrobat_dc· CVSS 8.6· CWE-1321

cis · CVE-2026-20133 — Cisco Catalyst SD-WAN Manager Information Disclosure VulnerabilityKEVEXPLOITEDPATCHED

catalyst_sd-wan_manager· CVSS 6.5· CWE-200

cis · CVE-2026-20128 — Cisco Catalyst SD-WAN Manager Information Disclosure VulnerabilityKEVEXPLOITEDPATCHED

catalyst_sd-wan_manager· CVSS 7.5· CWE-257

cis · CVE-2026-20122 — Cisco Catalyst SD-WAN Manager Arbitrary File Overwrite VulnerabilityKEVEXPLOITEDPATCHED

catalyst_sd-wan_manager· CVSS 5.4· CWE-648

microsoft · CVE-2026-33825 — Microsoft Defender Elevation of Privilege VulnerabilityKEVEXPLOITEDPATCHED

defender_antimalware_platform· CVSS 7.8· CWE-1220

cis · CVE-2026-20127 — A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, rKEVEXPLOITEDPATCHED

catalyst_sd-wan_manager· CVSS 10.0· CWE-287

wordpress · CVE-2026-1492 — The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to improper privilegeKEVEXPLOITED

user registration & membership – custom registration form builder, custom login form, user profile, content restriction & membership plugin· CVSS 9.8· CWE-269

apache · CVE-2026-34197 — Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeansKEVEXPLOITEDPATCHED

activemq· CVSS 8.8· CWE-20

→ View full list

Pre-CVE Events

ZERO-DAYMalicious Code Injection via Axios npm Package Maintainer Account Takeover

axiosMEDIUM1 sourcesverified

ZERO-DAYADV990001 Latest Servicing Stack Updates

1 sourcesverified

macOS Native Living-off-the-Land (LOTL) Attack Techniques

Multiple vulnerabilities in Kemp LoadMaster and Progress Software MOVEit WAF allowing arbitrary code execution and security bypass

Multiple Vulnerabilities in Red Hat Hardened Images RPMs (jq and pyOpenSSL)

red hatHIGH1 sources

Latest news

[B]adobeCVE-2026-27220

Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB26-26)

[B]microsoft

Security Alert: Microsoft Releases March 2026 Security Updates

[B]adobe

Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB25-119)

[B]microsoftCVE-2026-20805

Security Alert: Microsoft Releases January 2026 Security Updates

[B]microsoftCVE-2026-21510

Security Alert: Microsoft Releases February 2026 Security Updates

[B]microsoftCVE-2025-62221

Security Alert: Microsoft Releases December 2025 Security Updates

[B]microsoftCVE-2026-32201

Security Alert: Microsoft Releases April 2026 Security Updates

[B]adobe

Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB26-44)