Zero Day Monitor

Zero Day MonitorZDM

Dashboard Vulnerabilities Trending Zero-Days News

Impressum Privacy Policy

Zero Day Monitor © 2026

2525 articles · 106173 vulns · 38/41 feeds (7d)

375

+64 today

Exploited (7d)

200

+45 today

Critical (7d)

1387

CISA KEV

7

Pre-CVE

2525

+465 today

Articles (7d)

Vulnerabilities

Cloud Software Group · CVE-2026-3055 — Insufficient input validation leading to memory overreadKEVEXPLOITEDPATCHED

NetScaler ADC and NetScaler Gateway· CVSS 9.3· CWE-125

fortinet · CVE-2026-21643 — CVE-2026-21643: An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiCKEVEXPLOITEDPATCHED

forticlientems· CVSS 9.1· CWE-89

aquasec · CVE-2026-33634 — Trivy ecosystem supply chain briefly compromisedKEVEXPLOITEDPATCHED

setup-trivy· CVSS 8.8· CWE-506

trueconf · CVE-2026-3502 — TrueConf Client Update Integrity Verification BypassKEVEXPLOITED

trueconf client· CVSS 7.8· CWE-494

oracle · CVE-2026-21962 — Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware (component: Weblogic Server Proxy Plug-in for Apache HTTP Server, Weblogic Server ProxKEVEXPLOITEDPATCHED

http_server· CVSS 10.0· CWE-284

langflow · CVE-2026-33017 — Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows withouKEVEXPLOITEDPATCHED

langflow· CVSS 9.3· CWE-94

fortinet · CVE-2026-24858 — An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 KEVEXPLOITEDPATCHED

fortianalyzer· CVSS 9.8· CWE-288

go · CVE-2026-33032 — Nginx UI: Unauthenticated MCP Endpoint Allows Remote Nginx TakeoverEXPLOITED

github.com/0xjacky/nginx-ui· CVSS 9.8· CWE-306

handlebars-lang · CVE-2026-33939 — Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template CompilationEXPLOITEDPATCHED

handlebars.js· CVSS 7.5· CWE-754

the gnu c library · CVE-2026-4046 — iconv crash due to assertion failure with untrusted inputEXPLOITEDPATCHED

glibc· CVSS 7.5· CWE-617

→ View full list

Pre-CVE Events

ZERO-DAYKVM shadow EPT stale rmap use-after-free

red hatHIGH1 sourcesverified

Improper Input Validation in HPE Telco Network Function Virtualization Orchestrator

hewlett packard enterpriCRITICAL1 sources

Multiple Vulnerabilities in ABB 800xA and Related Products

Axios Supply-Chain Attack [v1.14.1] [0.30.4] --> plain-crypto-js [4.2.0][4.2.1]

Multiple Vulnerabilities in python-pillow on Red Hat Enterprise Linux Allow Denial of Service and Information Disclosure

red hatHIGH1 sources

Latest news

[B]microsoftCVE-2025-62221

Security Alert: Microsoft Releases December 2025 Security Updates

[B]adobe

Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB25-119)

[B]adobe

Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB26-26)

[B]microsoftCVE-2026-20805

Security Alert: Microsoft Releases January 2026 Security Updates

[B]microsoftCVE-2026-21510

Security Alert: Microsoft Releases February 2026 Security Updates

[B]microsoft

Security Alert: Microsoft Releases March 2026 Security Updates

[A]ciscoCVE-2024-20432

Cisco Nexus Dashboard Fabric Controller Arbitrary Command Execution Vulnerability

10m ago

[B]hewlett packard enterpri

HPE security advisory (AV26-305)

24m ago