Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNews
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
2485 articles · 106152 vulns · 38/41 feeds (7d)
366
+59 today
Exploited (7d)
201
+45 today
Critical (7d)
1387
CISA KEV
5
Pre-CVE
2485
+460 today
Articles (7d)

Vulnerabilities

9.3
Cloud Software Group · CVE-2026-3055 — Insufficient input validation leading to memory overreadKEVEXPLOITEDPATCHED
NetScaler ADC and NetScaler Gateway· CVSS 9.3· CWE-125
158🔥
18 art.
0
Mar 23, 2026
9.1
fortinet · CVE-2026-21643 — CVE-2026-21643: An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiCKEVEXPLOITEDPATCHED
forticlientems· CVSS 9.1· CWE-89
152🔥
8 art.
0
Feb 6, 2026
7.8
trueconf · CVE-2026-3502 — TrueConf Client Update Integrity Verification BypassKEVEXPLOITED
trueconf client· CVSS 7.8· CWE-494
114🔥
2 art.
0
Mar 30, 2026
8.8
aquasec · CVE-2026-33634 — Trivy ecosystem supply chain briefly compromisedKEVEXPLOITEDPATCHED
setup-trivy· CVSS 8.8· CWE-506
114🔥
3 art.
0
Mar 23, 2026
10.0
oracle · CVE-2026-21962 — Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware (component: Weblogic Server Proxy Plug-in for Apache HTTP Server, Weblogic Server ProxKEVEXPLOITEDPATCHED
http_server· CVSS 10.0· CWE-284
95
2 art.
0
Jan 20, 2026
9.3
langflow · CVE-2026-33017 — Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows withouKEVEXPLOITEDPATCHED
langflow· CVSS 9.3· CWE-94
89
9 art.
0
Mar 20, 2026
9.8
fortinet · CVE-2026-24858 — An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 KEVEXPLOITEDPATCHED
fortianalyzer· CVSS 9.8· CWE-288
83
1 art.
0
Jan 27, 2026
5.3
openclaw · CVE-2026-34504 — OpenClaw < 2026.3.28 - Server-Side Request Forgery via Unguarded Image Download in fal ProviderEXPLOITEDPATCHED
openclaw· CVSS 5.3· CWE-918
83
2 art.
0
Mar 31, 2026
9.8
go · CVE-2026-33032 — Nginx UI: Unauthenticated MCP Endpoint Allows Remote Nginx TakeoverEXPLOITED
github.com/0xjacky/nginx-ui· CVSS 9.8· CWE-306
82
2 art.
0
Mar 30, 2026
7.5
handlebars-lang · CVE-2026-33939 — Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template CompilationEXPLOITEDPATCHED
handlebars.js· CVSS 7.5· CWE-754
74
3 art.
0
Mar 27, 2026
→ View full list

Pre-CVE Events

View all
ZERO-DAYKVM shadow EPT stale rmap use-after-free
red hatHIGH1 sourcesverified
Axios Supply-Chain Attack [v1.14.1] [0.30.4] --> plain-crypto-js [4.2.0][4.2.1]
4 sources
Multiple Vulnerabilities in python-pillow on Red Hat Enterprise Linux Allow Denial of Service and Information Disclosure
red hatHIGH1 sources
Excessive Default Permissions in GCP Vertex AI Service Agents
googleCRITICAL2 sources
Ransomware Tactics in 2025: Blending with Legitimate Activity
1 sources

Latest news

View all
[B]microsoftCVE-2026-21510
Security Alert: Microsoft Releases February 2026 Security Updates
[B]adobe
Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB25-119)
[B]adobe
Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB26-26)
[B]microsoftCVE-2025-62221
Security Alert: Microsoft Releases December 2025 Security Updates
[B]microsoftCVE-2026-20805
Security Alert: Microsoft Releases January 2026 Security Updates
[B]microsoft
Security Alert: Microsoft Releases March 2026 Security Updates
[C]yvesCVE-2024-14030
CVE-2024-14030: Sereal::Decoder versions from 4.000 through 4.009_002 for Perl is vulnerable to a buffer overwrite flaw in the Zstandard library
50m ago
[C]yvesCVE-2024-14031
CVE-2024-14031: Sereal::Encoder versions from 4.000 through 4.009_002 for Perl is vulnerable to a buffer overwrite flaw in the Zstandard library
1h ago