Zero Day Monitor

Zero Day MonitorZDM

Dashboard Vulnerabilities Trending Zero-Days News

Impressum Privacy Policy

Zero Day Monitor © 2026

2854 articles · 106446 vulns · 38/41 feeds (7d)

421

+92 today

Exploited (7d)

238

+67 today

Critical (7d)

1388

CISA KEV

8

Pre-CVE

2854

+538 today

Articles (7d)

Vulnerabilities

Cloud Software Group · CVE-2026-3055 — Insufficient input validation leading to memory overreadKEVEXPLOITEDPATCHED

NetScaler ADC and NetScaler Gateway· CVSS 9.3· CWE-125

fortinet · CVE-2026-21643 — CVE-2026-21643: An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiCKEVEXPLOITEDPATCHED

forticlientems· CVSS 9.1· CWE-89

google · CVE-2026-5281 — CVE-2026-5281: Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderKEVEXPLOITEDPATCHED

chrome· CWE-416

google · CVE-2026-3910 — Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: HiKEVEXPLOITEDPATCHED

chrome· CVSS 8.8· CWE-94

google · CVE-2026-3909 — Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)KEVEXPLOITEDPATCHED

chrome· CVSS 8.8· CWE-787

trueconf · CVE-2026-3502 — TrueConf Client Update Integrity Verification BypassKEVEXPLOITED

trueconf client· CVSS 7.8· CWE-494

aquasec · CVE-2026-33634 — Trivy ecosystem supply chain briefly compromisedKEVEXPLOITEDPATCHED

setup-trivy· CVSS 8.8· CWE-506

google · CVE-2026-2441 — Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)KEVEXPLOITEDPATCHED

chrome· CVSS 8.8· CWE-416

oracle · CVE-2026-21962 — Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware (component: Weblogic Server Proxy Plug-in for Apache HTTP Server, Weblogic Server ProxKEVEXPLOITEDPATCHED

http_server· CVSS 10.0· CWE-284

langflow · CVE-2026-33017 — Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows withouKEVEXPLOITEDPATCHED

langflow· CVSS 9.3· CWE-94

→ View full list

Pre-CVE Events

ZERO-DAYKVM shadow EPT stale rmap use-after-free

red hatHIGH1 sourcesverified

Multiple Vulnerabilities in IBM Security Verify Access Allowing Privilege Escalation, Code Execution, and Data Exposure

ibmHIGH1 sources

Multiple Vulnerabilities in CUPS Allow Code Execution, Privilege Escalation, Data Manipulation, and Denial of Service

appleMEDIUM1 sources

Multiple Vulnerabilities in Joomla CMS Allow Security Bypass, SQL Injection, and Cross-Site Scripting

1 sources

A Taxonomy of Cognitive Security

Latest news

[B]microsoftCVE-2026-21510

Security Alert: Microsoft Releases February 2026 Security Updates

[B]microsoftCVE-2025-62221

Security Alert: Microsoft Releases December 2025 Security Updates

[B]adobe

Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB25-119)

[B]microsoft

Security Alert: Microsoft Releases March 2026 Security Updates

[B]adobe

Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB26-26)

[B]microsoftCVE-2026-20805

Security Alert: Microsoft Releases January 2026 Security Updates

[B]linux

[NEU] [mittel] Linux Kernel: Mehrere Schwachstellen

17m ago

[B]dellCVE-2026-27101

[UPDATE] [mittel] Dell Secure Connect Gateway: Schwachstelle ermöglicht Codeausführung

32m ago