Zero Day Monitor

Zero Day MonitorZDM

892

+71 today

Exploited (7d)

485

+51 today

Critical (7d)

1664

CISA KEV

247

Pre-CVE

2809

+404 today

Articles (7d)

Threat Briefing

Global

Loading...

About Zero Day Monitor

Open-source vulnerability intelligence for security teams. The platform scans 41 security feeds, analyzes articles with AI, and surfaces the threats that matter. Track trending CVEs, discover zero-days before they get a CVE ID, and monitor your vendor stack for supply-chain risks.

Trending

Ranked by source count

Zero-Days

Pre-CVE detection

Verification

Community-driven

Open Source

AGPL-3.0 licensed

Learn more about the project Sign in for personalized features

Vulnerabilities

joomla · CVE-2026-48907 — Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5KEVEXPLOITED

jce editor· CVSS 7.5· CWE-284

oracle · CVE-2026-35273 — CVE-2026-35273: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment ManaKEVEXPLOITEDPATCHED

peoplesoft_enterprise_peopletools· CVSS 9.8

microsoft · CVE-2026-33825 — Microsoft Defender Elevation of Privilege VulnerabilityKEVEXPLOITEDPATCHED

defender_antimalware_platform· CVSS 7.8· CWE-1220

microsoft · CVE-2026-41091 — Microsoft Defender Elevation of Privilege VulnerabilityKEVEXPLOITEDPATCHED

malware_protection_engine· CVSS 7.8· CWE-59

fortinet · CVE-2026-39808 — CVE-2026-39808: A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FKEVEXPLOITEDPATCHED

fortisandbox· CVSS 9.1· CWE-78

fortinet · CVE-2026-39813 — CVE-2026-39813: A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.KEVEXPLOITEDPATCHED

fortisandbox· CVSS 9.1· CWE-24

microsoft · CVE-2026-45498 — Microsoft Defender Denial of Service VulnerabilityKEVEXPLOITEDPATCHED

defender_antimalware_platform· CVSS 4.0· CWE-400

cis · CVE-2026-20182 — Cisco Catalyst SD-WAN Controller Authentication Bypass VulnerabilityKEVEXPLOITEDPATCHED

catalyst_sd-wan_manager· CVSS 10.0· CWE-287

checkpoint · CVE-2026-50751 — User Authentication Bypass in VPN Remote Access and Mobile AccessKEVEXPLOITEDPATCHED

gaia_os· CVSS 9.3· CWE-287

litespeedtech · CVE-2026-48172 — CVE-2026-48172: LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild iKEVEXPLOITEDPATCHED

litespeed_cpanel_plugin· CVSS 10.0· CWE-266

→ View full list

Pre-CVE Events

ZERO-DAYMalicious Code Injection via Axios npm Package Maintainer Account Takeover

axiosMEDIUM1 sourcesverified

ZERO-DAYADV990001 Latest Servicing Stack Updates

1 sourcesverified

Multiple Vulnerabilities in Mitel Products Allowing Remote Code Execution and Data Compromise

mitel networks1 sources

SQL Injection and Remote Code Execution Vulnerability in Budibase

Exposing COM Object Model for Scripting in vbdec

Latest news

[B]microsoftCVE-2025-62221

Security Alert: Microsoft Releases December 2025 Security Updates

[B]microsoft

Security Alert: Microsoft Releases March 2026 Security Updates

[B]microsoftCVE-2026-20805

Security Alert: Microsoft Releases January 2026 Security Updates

[B]adobeCVE-2026-27220

Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB26-26)

[B]adobe

Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB26-44)

[B]microsoftCVE-2026-21510

Security Alert: Microsoft Releases February 2026 Security Updates

[B]adobe

Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB25-119)

[B]microsoft

Security Alert: Microsoft Releases May 2026 Security Updates