Zero Day Monitor

Zero Day MonitorZDM

Dashboard Vulnerabilities Trending Zero-Days News

Impressum Privacy Policy

Zero Day Monitor © 2026

806 articles · 101586 vulns · 41/41 feeds (7d)

20

+11 today

Exploited (7d)

127

+26 today

Critical (7d)

1500

CISA KEV

55

Pre-CVE

806

+806 today

Articles (7d)

Vulnerabilities

google · CVE-2026-5281 — CVE-2026-5281: Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderKEVEXPLOITEDPATCHED

chrome· CVSS 8.8· CWE-416

microsoft · CVE-2026-21510 — Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.KEVEXPLOITEDPATCHED

windows_10_1607· CVSS 8.8· CWE-693

microsoft · CVE-2026-20805 — Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.KEVEXPLOITEDPATCHED

windows_10_1607· CVSS 5.5· CWE-200

fortinet · CVE-2026-21643 — An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized codKEVEXPLOITEDPATCHED

forticlientems· CVSS 9.8· CWE-89

google · CVE-2026-3909 — Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)KEVEXPLOITEDPATCHED

chrome· CVSS 8.8· CWE-787

google · CVE-2026-3910 — Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: HiKEVEXPLOITEDPATCHED

chrome· CVSS 8.8· CWE-94

djangoproject · CVE-2026-1207 — An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on ``RasterField`` (only implemented on PostGIS) allows remote attackers to inject SQL via the banKEVEXPLOITEDPATCHED

django· CVSS 5.4· CWE-89

citrix · CVE-2026-3055 — Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overreadKEVEXPLOITEDPATCHED

netscaler_application_delivery_controller· CVSS 9.8· CWE-125

Docker · CVE-2026-33990 — Docker Model Runner (DMR) is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchEXPLOITEDPATCHED

Docker Desktop· CVSS 7.5· CWE-918

google · CVE-2026-4442 — Heap buffer overflow in CSS in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)EXPLOITEDPATCHED

chrome· CVSS 8.8· CWE-122

→ View full list

Pre-CVE Events

Optimizing Risk Discovery and Remediation with Qualys Gateway Service (QGS)

Vim tabpanel modeline escape

Converging Interests: Analysis of Threat Clusters Targeting a Southeast Asian Government

BPFdoor Linux Backdoor

Why CVSS is No Longer Enough for Exposure Management

Latest news

[B]adobeCVE-2026-27220

Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB26-26)

[B]adobe

Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB25-119)

[B]microsoftCVE-2026-20805

Security Alert: Microsoft Releases January 2026 Security Updates

[B]microsoftCVE-2025-62221

Security Alert: Microsoft Releases December 2025 Security Updates

[B]microsoftCVE-2026-21510

Security Alert: Microsoft Releases February 2026 Security Updates

[B]microsoft

Security Alert: Microsoft Releases March 2026 Security Updates

[C]n/aCVE-2026-34871

CVE-2026-34871 | mbed TLS up to 3.6.5/4.0.x entropy

1h ago

[B]drupal

Drupal security advisory (AV26-308)

1h ago