Zero Day Monitor

Zero Day MonitorZDM

Dashboard Vulnerabilities Trending Zero-Days News

Impressum Privacy Policy

Zero Day Monitor © 2026

900 articles · 101759 vulns · 36/41 feeds (7d)

69

+37 today

Exploited (7d)

151

+49 today

Critical (7d)

1501

CISA KEV

0

Pre-CVE

900

+900 today

Articles (7d)

Vulnerabilities

google · CVE-2026-5281 — CVE-2026-5281: Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderKEVEXPLOITEDPATCHED

chrome· CVSS 8.8· CWE-416

google · CVE-2026-3909 — Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)KEVEXPLOITEDPATCHED

chrome· CVSS 8.8· CWE-787

apple · CVE-2026-20700 — A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker with memoKEVEXPLOITEDPATCHED

ipados· CVSS 7.8· CWE-119

google · CVE-2026-3910 — Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: HiKEVEXPLOITEDPATCHED

chrome· CVSS 8.8· CWE-94

trueconf · CVE-2026-3502 — TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payloadKEVEXPLOITED

trueconf· CVSS 7.8· CWE-494

google · CVE-2026-2441 — Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)KEVEXPLOITEDPATCHED

chrome· CVSS 8.8· CWE-416

fortinet · CVE-2026-21643 — An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized codKEVEXPLOITEDPATCHED

forticlientems· CVSS 9.8· CWE-89

microsoft · CVE-2026-21510 — Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.KEVEXPLOITEDPATCHED

windows_10_1607· CVSS 8.8· CWE-693

microsoft · CVE-2026-20805 — Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.KEVEXPLOITEDPATCHED

windows_10_1607· CVSS 5.5· CWE-200

djangoproject · CVE-2026-1207 — An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on ``RasterField`` (only implemented on PostGIS) allows remote attackers to inject SQL via the banKEVEXPLOITEDPATCHED

django· CVSS 5.4· CWE-89

→ View full list

Latest CVEs

nothingsMEDIUM2h ago

ibmMEDIUM3h ago

nothingsMEDIUM3h ago

golangHIGH3h ago

Latest news

[B]microsoft

Security Alert: Microsoft Releases March 2026 Security Updates

[B]adobe

Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB25-119)

[B]microsoftCVE-2025-62221

Security Alert: Microsoft Releases December 2025 Security Updates

[B]adobeCVE-2026-27220

Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB26-26)

[B]microsoftCVE-2026-20805

Security Alert: Microsoft Releases January 2026 Security Updates

[B]microsoftCVE-2026-21510

Security Alert: Microsoft Releases February 2026 Security Updates

[C]libinputCVE-2026-35093

FW: libinput Security Advisory: multiple security issues in libinput

1h ago

[C]SillyTavernCVE-2026-34526

CVE-2026-34526 | SillyTavern 1.13.4/1.16.0 localhost/IPv6 /api/search/visit server-side request forgery

2h ago