Zero Day Monitor

Zero Day MonitorZDM

559

+111 today

Exploited (7d)

302

+109 today

Critical (7d)

1630

CISA KEV

136

Pre-CVE

3212

+875 today

Articles (7d)

Threat Briefing

Global

Loading...

About Zero Day Monitor

Open-source vulnerability intelligence for security teams. The platform scans 41 security feeds, analyzes articles with AI, and surfaces the threats that matter. Track trending CVEs, discover zero-days before they get a CVE ID, and monitor your vendor stack for supply-chain risks.

Trending

Ranked by source count

Zero-Days

Pre-CVE detection

Verification

Community-driven

Open Source

AGPL-3.0 licensed

Learn more about the project Sign in for personalized features

Vulnerabilities

fortinet · CVE-2026-35616 — CVE-2026-35616: A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attaKEVEXPLOITEDPATCHED

forticlientems· CVSS 9.1· CWE-284

linux · CVE-2026-43284 — xfrm: esp: avoid in-place decrypt on shared skb fragsKEVEXPLOITEDPATCHED

linux_kernel· CVSS 8.8· CWE-20

microsoft · CVE-2026-33825 — Microsoft Defender Elevation of Privilege VulnerabilityKEVEXPLOITEDPATCHED

defender_antimalware_platform· CVSS 7.8· CWE-1220

microsoft · CVE-2026-41091 — Microsoft Defender Elevation of Privilege VulnerabilityKEVEXPLOITEDPATCHED

malware_protection_engine· CVSS 7.8· CWE-59

linux · CVE-2026-43500 — rxrpc: Also unshare DATA/RESPONSE packets when paged frags are presentKEVEXPLOITEDPATCHED

linux_kernel· CVSS 7.8· CWE-20

microsoft · CVE-2026-45498 — Microsoft Defender Denial of Service VulnerabilityKEVEXPLOITEDPATCHED

defender_antimalware_platform· CVSS 4.0· CWE-400

drupal · CVE-2026-9082 — Drupal core - Highly critical - SQL injection - SA-CORE-2026-004KEVEXPLOITEDPATCHED

drupal· CVSS 9.8· CWE-89

litespeedtech · CVE-2026-48172 — CVE-2026-48172: LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild iKEVEXPLOITEDPATCHED

litespeed_cpanel_plugin· CVSS 10.0· CWE-266

linux · CVE-2026-31431 — crypto: algif_aead - Revert to operating out-of-placeKEVEXPLOITEDPATCHED

linux_kernel· CVSS 7.8

cpanel · CVE-2026-41940 — WebPros cPanel and WHM Authentication Bypass via Login FlowKEVEXPLOITEDPATCHED

cpanel· CVSS 9.8· CWE-306

→ View full list

Pre-CVE Events

ZERO-DAYMalicious Code Injection via Axios npm Package Maintainer Account Takeover

axiosMEDIUM1 sourcesverified

ZERO-DAYADV990001 Latest Servicing Stack Updates

1 sourcesverified

[OSSA-2026-016] OpenStack Neutron: Tagging policy bypass allows project readers to mutate tags (CVE-2026-pending)

Less panic patching, more precision

Extended EOL/EOS Software Detection in Cloud-Native Environments

qualys1 sources

Latest news

[B]microsoftCVE-2026-21510

Security Alert: Microsoft Releases February 2026 Security Updates

[B]microsoftCVE-2026-20805

Security Alert: Microsoft Releases January 2026 Security Updates

[B]adobeCVE-2026-27220

Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB26-26)

[B]microsoftCVE-2025-62221

Security Alert: Microsoft Releases December 2025 Security Updates