Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNews
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
2184 articles · 105981 vulns · 36/41 feeds (7d)
320
+41 today
Exploited (7d)
218
+40 today
Critical (7d)
1386
CISA KEV
1
Pre-CVE
2184
+345 today
Articles (7d)

Vulnerabilities

9.3
Cloud Software Group · CVE-2026-3055 — Insufficient input validation leading to memory overreadKEVEXPLOITEDPATCHED
NetScaler ADC and NetScaler Gateway· CVSS 9.3· CWE-125
151🔥
16 art.
0
Mar 23, 2026
9.1
fortinet · CVE-2026-21643 — CVE-2026-21643: An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiCKEVEXPLOITEDPATCHED
forticlientems· CVSS 9.1· CWE-89
144🔥
6 art.
0
Feb 6, 2026
8.8
aquasec · CVE-2026-33634 — Trivy ecosystem supply chain briefly compromisedKEVEXPLOITEDPATCHED
setup-trivy· CVSS 8.8· CWE-506
121🔥
3 art.
0
Mar 23, 2026
10.0
oracle · CVE-2026-21962 — Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware (component: Weblogic Server Proxy Plug-in for Apache HTTP Server, Weblogic Server ProxKEVEXPLOITEDPATCHED
http_server· CVSS 10.0· CWE-284
102🔥
2 art.
0
Jan 20, 2026
9.3
langflow · CVE-2026-33017 — Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows withouKEVEXPLOITEDPATCHED
langflow· CVSS 9.3· CWE-94
97
8 art.
0
Mar 20, 2026
9.8
fortinet · CVE-2026-24858 — An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 KEVEXPLOITEDPATCHED
fortianalyzer· CVSS 9.8· CWE-288
88
1 art.
0
Jan 27, 2026
5.8
wazuh · CVE-2025-15615 — Wazuh Manager authd service Improper SSL/TLS Renegotiation Handling leading to Denial of ServiceEXPLOITEDPATCHED
wazuh-manager· CVSS 5.8· CWE-276
72
3 art.
0
Mar 27, 2026
9.8
go · CVE-2026-33032 — Nginx UI: Unauthenticated MCP Endpoint Allows Remote Nginx TakeoverEXPLOITED
github.com/0xjacky/nginx-ui· CVSS 9.8· CWE-306
69
1 art.
0
Mar 30, 2026
7.5
null · CVE-2026-34070 — LangChain Core has Path Traversal vulnerabilites in legacy `load_prompt` functionsEXPLOITEDPATCHED
langchain-core· CVSS 7.5· CWE-22
66
5 art.
0
Mar 27, 2026
—
Citrix · CVE-2026-4368 — Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server leading to User Session MixupEXPLOITED
NetScaler ADC and NetScaler Gateway· CWE-362
65
4 art.
0
Mar 23, 2026
→ View full list

Pre-CVE Events

View all
ZERO-DAYKVM shadow EPT stale rmap use-after-free
red hatHIGH1 sourcesverified

Latest news

View all
[B]adobe
Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB25-119)
[B]microsoftCVE-2026-21510
Security Alert: Microsoft Releases February 2026 Security Updates
[B]
microsoft
CVE-2026-20805
Security Alert: Microsoft Releases January 2026 Security Updates
[B]microsoftCVE-2025-62221
Security Alert: Microsoft Releases December 2025 Security Updates
[B]microsoft
Security Alert: Microsoft Releases March 2026 Security Updates
[B]adobe
Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB26-26)
[A]googleCVE-2026-4676
Chromium: CVE-2026-4676 Use after free in Dawn
-28m ago
[C]baserprojectCVE-2026-32734
CVE-2026-32734 | baserproject basercms up to 5.2.2 cross site scripting (GHSA-677c-xv24-crgx)
50m ago