Zero Day Monitor

Zero Day MonitorZDM

752

+49 today

Exploited (7d)

226

+13 today

Critical (7d)

1661

CISA KEV

225

Pre-CVE

2993

+189 today

Articles (7d)

Threat Briefing

Global

Loading...

About Zero Day Monitor

Open-source vulnerability intelligence for security teams. The platform scans 41 security feeds, analyzes articles with AI, and surfaces the threats that matter. Track trending CVEs, discover zero-days before they get a CVE ID, and monitor your vendor stack for supply-chain risks.

Trending

Ranked by source count

Zero-Days

Pre-CVE detection

Verification

Community-driven

Open Source

AGPL-3.0 licensed

Learn more about the project Sign in for personalized features

Vulnerabilities

oracle · CVE-2026-35273 — CVE-2026-35273: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment ManaKEVEXPLOITEDPATCHED

peoplesoft_enterprise_peopletools· CVSS 9.8

checkpoint · CVE-2026-50751 — User Authentication Bypass in VPN Remote Access and Mobile AccessKEVEXPLOITEDPATCHED

gaia_os· CVSS 9.3· CWE-287

google · CVE-2026-5281 — CVE-2026-5281: Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderKEVEXPLOITEDPATCHED

chrome· CVSS 8.8· CWE-416

ubiquiti · CVE-2026-34908 — CVE-2026-34908: A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS deKEVEXPLOITEDPATCHED

unifi os· CVSS 10.0· CWE-284

nginx · CVE-2026-42945 — NGINX ngx_http_rewrite_module vulnerabilityKEVEXPLOITEDPATCHED

nginx plus· CVSS 8.1· CWE-122

ubiquiti · CVE-2026-34910 — CVE-2026-34910: A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS KEVEXPLOITEDPATCHED

unifi os· CVSS 10.0· CWE-20

solarwinds · CVE-2026-28318 — SolarWinds Serv-U Unauthenticated Denial of Service VulnerabilityKEVEXPLOITED

serv-u· CVSS 7.5· CWE-400

langflow · CVE-2026-5027 — The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traveKEVEXPLOITED

Langflow· CVSS 8.8· CWE-22

ivanti · CVE-2026-10520 — CVE-2026-10520: An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote EXPLOITEDPATCHED

standalone_sentry· CVSS 10.0· CWE-78

really simple plugins b.v. · CVE-2026-48969 — WordPress Really Simple SSL plugin <= 9.5.9 - Broken Access Control vulnerabilityKEVEXPLOITED

really simple ssl· CVSS 6.5· CWE-862

→ View full list

Pre-CVE Events

ZERO-DAYMalicious Code Injection via Axios npm Package Maintainer Account Takeover

axiosMEDIUM1 sourcesverified

ZERO-DAYADV990001 Latest Servicing Stack Updates

1 sourcesverified

OWASP Top 10 2025 Changes and Recommendations

China-Nexus Threat Actor UNC6508 Targets Medical and Research Institutions

AI in Vulnerability Risk Assessment

Latest news

[B]trend microCVE-2026-34926

Security Alert: Alert Regarding Multiple Vulnerabilities in Trend Micro Products Including TrendAI Apex One

[B]microsoft

Security Alert: Microsoft Releases May 2026 Security Updates

[B]microsoftCVE-2026-32201

Security Alert: Microsoft Releases April 2026 Security Updates

[B]microsoft

Security Alert: Microsoft Releases March 2026 Security Updates