Zero Day Monitor

Zero Day Monitor

105162

New CVEs

158

Critical

25

Pre-CVE

1384

CISA KEV

936

Articles

36/41

Feeds

Vulnerabilities

aquasecurity · CVE-2026-33634 — Trivy ecosystem supply chain briefly compromisedKEVEXPLOITED

trivy· CVSS 8.8· CWE-506

microsoft · CVE-2026-20805 — Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.KEVEXPLOITED

windows_10_1607· CVSS 5.5· CWE-200

microsoft · CVE-2026-21510 — Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.KEVEXPLOITED

windows_10_1607· CVSS 8.8· CWE-693

apple · CVE-2026-20700 — A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker with memoKEVEXPLOITED

ipados· CVSS 7.8· CWE-119

cisco · CVE-2026-20127 — A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, rKEVEXPLOITED

catalyst_sd-wan_manager· CVSS 10.0· CWE-287

cisco · CVE-2026-20131 — A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root&nKEVEXPLOITED

secure_firewall_management_center· CVSS 10.0· CWE-502

langflow · CVE-2026-33017 — Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows withouKEVEXPLOITED

langflow· CVSS 9.8· CWE-94

Spring · CVE-2026-22739 — Vulnerability in Spring Cloud when substituting the profile parameter from a request made to the Spring Cloud Config Server configured to the native file system as a backend, because it was possible tEXPLOITED

Spring Cloud Config· CVSS 8.6· CWE-22

Python · CVE-2026-4519 — The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended tEXPLOITED

Python· CWE-20

openhands · CVE-2026-33718 — OpenHands is Vulnerable to Command Injection through its Git Diff HandlerEXPLOITED

OpenHands· CVSS 7.6· CWE-78

→ View full list

Urgent

aquasecurity trivy

8theme xstore core

langflow langflow

franklioxygen mytube