Zero Day Monitor

Zero Day Monitor

105579

New CVEs

211

Critical

6

Pre-CVE

1384

CISA KEV

1489

Articles

38/41

Feeds

Vulnerabilities

langflow · CVE-2026-33017 — Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows withouKEVEXPLOITED

langflow· CVSS 9.3· CWE-94

aquasec · CVE-2026-33634 — Trivy ecosystem supply chain briefly compromisedKEVEXPLOITED

setup-trivy· CVSS 8.8· CWE-506

gnu · CVE-2026-24061 — telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.KEVEXPLOITED

inetutils· CVSS 9.8· CWE-88

microsoft · CVE-2026-21510 — Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.KEVEXPLOITED

windows_10_1607· CVSS 8.8· CWE-693

microsoft · CVE-2026-20805 — Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.KEVEXPLOITED

windows_10_1607· CVSS 5.5· CWE-200

oracle · CVE-2026-21962 — Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware (component: Weblogic Server Proxy Plug-in for Apache HTTP Server, Weblogic Server ProxKEVEXPLOITED

http_server· CVSS 10.0· CWE-284

cisco · CVE-2026-20131 — A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root&nKEVEXPLOITED

secure_firewall_management_center· CVSS 10.0· CWE-502

apple · CVE-2026-28871 — CVE-2026-28871: A logic issue was addressed with improved checks. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS EXPLOITED

safari· CVSS 4.3

cisco · CVE-2026-20127 — A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, rKEVEXPLOITED

catalyst_sd-wan_manager· CVSS 10.0· CWE-287

apple · CVE-2026-20700 — A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker with memoKEVEXPLOITED

ipados· CVSS 7.8· CWE-119

→ View full list

Urgent

aquasec setup-trivy

wazuh wazuh-manager