Zero Day Monitor

Zero Day MonitorZDM

856

+178 today

Exploited (7d)

299

+131 today

Critical (7d)

1661

CISA KEV

229

Pre-CVE

3212

+624 today

Articles (7d)

Threat Briefing

Global

Loading...

About Zero Day Monitor

Open-source vulnerability intelligence for security teams. The platform scans 41 security feeds, analyzes articles with AI, and surfaces the threats that matter. Track trending CVEs, discover zero-days before they get a CVE ID, and monitor your vendor stack for supply-chain risks.

Trending

Ranked by source count

Zero-Days

Pre-CVE detection

Verification

Community-driven

Open Source

AGPL-3.0 licensed

Learn more about the project Sign in for personalized features

Vulnerabilities

cis · CVE-2026-20182 — Cisco Catalyst SD-WAN Controller Authentication Bypass VulnerabilityKEVEXPLOITEDPATCHED

catalyst_sd-wan_manager· CVSS 10.0· CWE-287

oracle · CVE-2026-35273 — CVE-2026-35273: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment ManaKEVEXPLOITEDPATCHED

peoplesoft_enterprise_peopletools· CVSS 9.8

checkpoint · CVE-2026-50751 — User Authentication Bypass in VPN Remote Access and Mobile AccessKEVEXPLOITEDPATCHED

gaia_os· CVSS 9.3· CWE-287

google · CVE-2026-5281 — CVE-2026-5281: Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderKEVEXPLOITEDPATCHED

chrome· CVSS 8.8· CWE-416

litellm · CVE-2026-42271 — LiteLLM: Authenticated command execution via MCP stdio test endpointsKEVEXPLOITEDPATCHED

litellm· CVSS 8.8· CWE-77

ubiquiti · CVE-2026-34908 — CVE-2026-34908: A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS deKEVEXPLOITEDPATCHED

unifi os· CVSS 10.0· CWE-284

f5 · CVE-2026-42945 — NGINX ngx_http_rewrite_module vulnerabilityKEVEXPLOITEDPATCHED

nginx· CVSS 8.1· CWE-122

ubiquiti · CVE-2026-34910 — CVE-2026-34910: A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS KEVEXPLOITEDPATCHED

unifi os· CVSS 10.0· CWE-20

solarwinds · CVE-2026-28318 — SolarWinds Serv-U Unauthenticated Denial of Service VulnerabilityKEVEXPLOITED

serv-u· CVSS 7.5· CWE-400

langflow · CVE-2026-5027 — The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traveKEVEXPLOITED

Langflow· CVSS 8.8· CWE-22

→ View full list

Pre-CVE Events

ZERO-DAYMalicious Code Injection via Axios npm Package Maintainer Account Takeover

axiosMEDIUM1 sourcesverified

ZERO-DAYADV990001 Latest Servicing Stack Updates

1 sourcesverified

GNU gsasl Heap Disclosure in NTLM Client Step

gnuMEDIUM1 sources

Modern SOC Challenges: The 72-Minute Race Against AI-Driven Attacks

NIS2 Directive Compliance and Operational Resilience Requirements

Latest news

[B]microsoft

Security Alert: Microsoft Releases March 2026 Security Updates

[B]adobe

Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB26-44)

[B]microsoftCVE-2026-32201

Security Alert: Microsoft Releases April 2026 Security Updates

[B]microsoft

Security Alert: Microsoft Releases May 2026 Security Updates

[B]adobe

Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB26-63)

[B]trend microCVE-2026-34926

Security Alert: Alert Regarding Multiple Vulnerabilities in Trend Micro Products Including TrendAI Apex One

[B]microsoftCVE-2026-42897

Security Alert: Microsoft Releases June 2026 Security Updates

[B]microsoftCVE-2026-20805

Security Alert: Microsoft Releases January 2026 Security Updates