Zero Day Monitor

Zero Day MonitorZDM

Dashboard Vulnerabilities Trending Zero-Days News

Impressum Privacy Policy

Zero Day Monitor © 2026

2950 articles · 106553 vulns · 38/41 feeds (7d)

421

+84 today

Exploited (7d)

208

+38 today

Critical (7d)

1390

CISA KEV

8

Pre-CVE

2950

+545 today

Articles (7d)

Vulnerabilities

citrix · CVE-2026-3055 — Insufficient input validation leading to memory overreadKEVEXPLOITEDPATCHED

netscaler_application_delivery_controller· CVSS 9.3· CWE-125

fortinet · CVE-2026-21643 — CVE-2026-21643: An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiCKEVEXPLOITEDPATCHED

forticlientems· CVSS 9.1· CWE-89

cve · CVE-2026-5281 — CVE-2026-5281: Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderKEVEXPLOITEDPATCHED

· CVSS 8.8· CWE-416

google · CVE-2026-3910 — Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: HiKEVEXPLOITEDPATCHED

chrome· CVSS 8.8· CWE-94

google · CVE-2026-3909 — Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)KEVEXPLOITEDPATCHED

chrome· CVSS 8.8· CWE-787

google · CVE-2026-2441 — Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)KEVEXPLOITEDPATCHED

chrome· CVSS 8.8· CWE-416

trueconf client · CVE-2026-3502 — TrueConf Client Update Integrity Verification BypassKEVEXPLOITED

· CVSS 7.8· CWE-494

aquasec · CVE-2026-33634 — Trivy ecosystem supply chain briefly compromisedKEVEXPLOITEDPATCHED

setup-trivy· CVSS 8.8· CWE-506

xenforo · CVE-2026-35056 — XenForo Remote Code Execution via Authenticated AdminKEVEXPLOITEDPATCHED

· CVSS 8.8· CWE-94

oracle · CVE-2026-21962 — Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware (component: Weblogic Server Proxy Plug-in for Apache HTTP Server, Weblogic Server ProxKEVEXPLOITEDPATCHED

http_server· CVSS 10.0· CWE-284

→ View full list

Pre-CVE Events

ZERO-DAYKVM shadow EPT stale rmap use-after-free

red hatHIGH1 sourcesverified

Multiple Vulnerabilities in IBM Security Verify Access Allowing Privilege Escalation, Code Execution, and Data Exposure

ibmHIGH1 sources

Multiple Vulnerabilities in CUPS Allow Code Execution, Privilege Escalation, Data Manipulation, and Denial of Service

appleMEDIUM1 sources

Multiple Vulnerabilities in Joomla CMS Allow Security Bypass, SQL Injection, and Cross-Site Scripting

1 sources

A Taxonomy of Cognitive Security

Latest news

[B]adobe

Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB26-26)

[B]microsoftCVE-2025-62221

Security Alert: Microsoft Releases December 2025 Security Updates

[B]adobe

Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB25-119)

[B]microsoftCVE-2026-21510

Security Alert: Microsoft Releases February 2026 Security Updates

[B]microsoft

Security Alert: Microsoft Releases March 2026 Security Updates

[B]microsoftCVE-2026-20805

Security Alert: Microsoft Releases January 2026 Security Updates

[D]googleCVE-2026-2441

Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome

33m ago

[C]vertigisCVE-2026-3877

CVE-2026-3877 | VertiGIS FM up to 10.13.402 cross site scripting

1h ago