Zero Day Monitor

Zero Day MonitorZDM

334

+65 today

Exploited (7d)

122

+20 today

Critical (7d)

1590

CISA KEV

32

Pre-CVE

2385

+381 today

Articles (7d)

Threat Briefing

Global

Loading...

About Zero Day Monitor

Open-source vulnerability intelligence for security teams. The platform scans 41 security feeds, analyzes articles with AI, and surfaces the threats that matter. Track trending CVEs, discover zero-days before they get a CVE ID, and monitor your vendor stack for supply-chain risks.

Trending

Ranked by source count

Zero-Days

Pre-CVE detection

Verification

Community-driven

Open Source

AGPL-3.0 licensed

Learn more about the project Sign in for personalized features

Vulnerabilities

cpanel · CVE-2026-41940 — cPanel and WHM Authentication Bypass via Login FlowKEVEXPLOITEDPATCHED

cpanel & whm· CVSS 9.8· CWE-306

microsoft · CVE-2026-32202 — Windows Shell Spoofing VulnerabilityKEVEXPLOITEDPATCHED

windows_10_1607· CVSS 4.3· CWE-693

microsoft · CVE-2026-21513 — MSHTML Framework Security Feature Bypass VulnerabilityKEVEXPLOITEDPATCHED

windows_10_1607· CVSS 8.8· CWE-693

microsoft · CVE-2026-21510 — Windows Shell Security Feature Bypass VulnerabilityKEVEXPLOITEDPATCHED

windows_10_1607· CVSS 4.3· CWE-693

google · CVE-2026-2441 — Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)KEVEXPLOITEDPATCHED

chrome· CVSS 8.8· CWE-416

linux · CVE-2026-31431 — crypto: algif_aead - Revert to operating out-of-placeEXPLOITEDPATCHED

kernel· CVSS 7.8· CWE-20

CVE-2026-3965 — A security vulnerability has been detected in whyour qinglong up to 2.20.1. Affected is an unknown function of the file back/loaders/express.ts of the component API Interface. The manipulation of the KEVEXPLOITED

· CVSS 6.3· CWE-693

sonicwall · CVE-2026-0204 — CVE-2026-0204: A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessEXPLOITEDPATCHED

sonicos· CVSS 8.0· CWE-1390

apple · CVE-2026-28950 — CVE-2026-28950: A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.8 and iPadOS 18.7.8, iOS 26.EXPLOITEDPATCHED

ipados· CVSS 6.2

proftpd · CVE-2026-42167 — CVE-2026-42167: mod_sql in ProFTPD before 1.3.10rc1 allows remote attackers to execute arbitrary code via a username, in scenarios whereEXPLOITEDPATCHED

mod_sql· CVSS 8.1· CWE-89

→ View full list

Pre-CVE Events

ZERO-DAYMalicious Code Injection via Axios npm Package Maintainer Account Takeover

axiosMEDIUM1 sourcesverified

ZERO-DAYADV990001 Latest Servicing Stack Updates

1 sourcesverified

Critical vulnerabilities in GNU InetUtils prior to version 2.8

gnu projectCRITICAL1 sources

Multiple Vulnerabilities in MISP Allowing Privilege Escalation, SQL Injection, and Security Policy Bypass

misp project1 sources

Microsoft Windows RPC Privilege Escalation Vulnerability

microsoftHIGH1 sources

Latest news

[B]adobe

Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB25-119)

[B]microsoftCVE-2025-62221

Security Alert: Microsoft Releases December 2025 Security Updates

[B]microsoft

Security Alert: Microsoft Releases March 2026 Security Updates

[B]microsoftCVE-2026-21510

Security Alert: Microsoft Releases February 2026 Security Updates