Zero Day Monitor

Zero Day MonitorZDM

732

+50 today

Exploited (7d)

248

+43 today

Critical (7d)

1657

CISA KEV

220

Pre-CVE

3042

+224 today

Articles (7d)

Threat Briefing

Global

Loading...

About Zero Day Monitor

Open-source vulnerability intelligence for security teams. The platform scans 41 security feeds, analyzes articles with AI, and surfaces the threats that matter. Track trending CVEs, discover zero-days before they get a CVE ID, and monitor your vendor stack for supply-chain risks.

Trending

Ranked by source count

Zero-Days

Pre-CVE detection

Verification

Community-driven

Open Source

AGPL-3.0 licensed

Learn more about the project Sign in for personalized features

Vulnerabilities

oracle · CVE-2026-35273 — CVE-2026-35273: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment ManaKEVEXPLOITEDPATCHED

peoplesoft_enterprise_peopletools· CVSS 9.8

checkpoint · CVE-2026-50751 — User Authentication Bypass in VPN Remote Access and Mobile AccessKEVEXPLOITEDPATCHED

gaia_os· CVSS 9.3· CWE-287

linux · CVE-2026-43284 — xfrm: esp: avoid in-place decrypt on shared skb fragsKEVEXPLOITEDPATCHED

linux_kernel· CVSS 7.9· CWE-20

fortinet · CVE-2026-35616 — CVE-2026-35616: A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attaKEVEXPLOITEDPATCHED

forticlientems· CVSS 9.1· CWE-284

microsoft · CVE-2026-42897 — Microsoft Exchange Server Spoofing VulnerabilityKEVEXPLOITEDPATCHED

exchange_server· CVSS 8.1· CWE-79

ubiquiti · CVE-2026-34908 — CVE-2026-34908: A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS deKEVEXPLOITEDPATCHED

unifi os· CVSS 10.0· CWE-284

microsoft · CVE-2026-41091 — Microsoft Defender Elevation of Privilege VulnerabilityKEVEXPLOITEDPATCHED

malware_protection_engine· CVSS 7.8· CWE-59

ivanti · CVE-2026-10520 — CVE-2026-10520: An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote EXPLOITEDPATCHED

standalone_sentry· CVSS 10.0· CWE-78

microsoft · CVE-2026-33825 — Microsoft Defender Elevation of Privilege VulnerabilityKEVEXPLOITEDPATCHED

defender_antimalware_platform· CVSS 7.8· CWE-1220

ivanti · CVE-2026-6973 — CVE-2026-6973: An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticKEVEXPLOITEDPATCHED

endpoint_manager_mobile· CVSS 7.2· CWE-20

→ View full list

Pre-CVE Events

ZERO-DAYMalicious Code Injection via Axios npm Package Maintainer Account Takeover

axiosMEDIUM1 sourcesverified

ZERO-DAYADV990001 Latest Servicing Stack Updates

1 sourcesverified

Metasploit Kerberos/Certificate Tracing Update

Authenticated Command Injection and Arbitrary PHP Code Execution in FreePBX Security-Reporting Modules

sangoma technologies1 sources

Multiple vulnerabilities in GeoServer, GeoTools, and GeoWebCache

Latest news

[B]adobe

Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB25-119)

[B]adobe

Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB26-63)

[B]microsoftCVE-2026-32201

Security Alert: Microsoft Releases April 2026 Security Updates

[B]microsoftCVE-2026-21510

Security Alert: Microsoft Releases February 2026 Security Updates

[B]microsoftCVE-2026-42897

Security Alert: Microsoft Releases June 2026 Security Updates

[B]adobe

Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB26-44)

[B]microsoftCVE-2026-20805

Security Alert: Microsoft Releases January 2026 Security Updates

[B]adobeCVE-2026-27220

Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB26-26)