Zero Day Monitor

Zero Day MonitorZDM

759

+179 today

Exploited (7d)

159

+57 today

Critical (7d)

1543

CISA KEV

13

Pre-CVE

2959

+604 today

Articles (7d)

Threat Briefing

Global

Loading...

About Zero Day Monitor

Open-source vulnerability intelligence for security teams. The platform scans 41 security feeds, analyzes articles with AI, and surfaces the threats that matter. Track trending CVEs, discover zero-days before they get a CVE ID, and monitor your vendor stack for supply-chain risks.

Trending

Ranked by source count

Zero-Days

Pre-CVE detection

Verification

Community-driven

Open Source

AGPL-3.0 licensed

Learn more about the project Sign in for personalized features

Vulnerabilities

fortinet · CVE-2026-21643 — CVE-2026-21643: An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiCKEVEXPLOITEDPATCHED

forticlientems· CVSS 9.1· CWE-89

adobe · CVE-2026-34621 — Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321)KEVEXPLOITEDPATCHED

acrobat_dc· CVSS 8.6· CWE-1321

fortinet · CVE-2026-35616 — CVE-2026-35616: A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attaKEVEXPLOITEDPATCHED

forticlientems· CVSS 9.8· CWE-284

marimo · CVE-2026-39987 — marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication BypassKEVEXPLOITEDPATCHED

marimo· CVSS 9.3· CWE-306

Microsoft · CVE-2026-32201 — Microsoft SharePoint Server Spoofing VulnerabilityKEVEXPLOITEDPATCHED

Microsoft SharePoint Enterprise Server 2016· CVSS 6.5· CWE-20

openclaw · CVE-2026-25253 — OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.KEVEXPLOITEDPATCHED

openclaw· CVSS 8.8· CWE-669

gnu · CVE-2026-24061 — telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.KEVEXPLOITEDPATCHED

inetutils· CVSS 9.8· CWE-88

google · CVE-2026-5281 — CVE-2026-5281: Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderKEVEXPLOITEDPATCHED

chrome· CVSS 8.8· CWE-416

Fortinet · CVE-2026-39808 — CVE-2026-39808: A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FEXPLOITEDPATCHED

FortiSandbox· CVSS 9.1· CWE-78

Fortinet · CVE-2026-39813 — CVE-2026-39813: A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.EXPLOITEDPATCHED

FortiSandbox· CVSS 9.1· CWE-24

→ View full list

Pre-CVE Events

ZERO-DAYMalicious Code Injection via Axios npm Package Maintainer Account Takeover

axiosMEDIUM1 sourcesverified

ZERO-DAYADV990001 Latest Servicing Stack Updates

1 sourcesverified

Multiple Critical Vulnerabilities in Fortinet Products Including OS Command Injection, Authentication Bypass, Privilege Escalation, Heap-based Buffer Overflow, and SQL Injection

fortinetCRITICAL1 sources

Unknown vulnerability in Windows

microsoft1 sources

Multiple vulnerabilities in Schneider Electric products including Easergy MiCOM Px40 Series, Modicon Managed Switches, and PowerChute Serial Shutdown

schneider electric1 sources

Latest news

[B]microsoftCVE-2025-62221

Security Alert: Microsoft Releases December 2025 Security Updates

[B]adobeCVE-2026-27220

Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB26-26)

[B]microsoftCVE-2026-21510

Security Alert: Microsoft Releases February 2026 Security Updates

[B]microsoftCVE-2026-20805

Security Alert: Microsoft Releases January 2026 Security Updates

[B]adobe

Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB25-119)

[B]microsoft

Security Alert: Microsoft Releases March 2026 Security Updates

[C]MicrosoftCVE-2026-27929

CVE-2026-27929 | Microsoft Windows up to Server 2025 toctou

33m ago

[C]MicrosoftCVE-2026-27928

CVE-2026-27928 | Microsoft Windows input validation

33m ago