Zero Day Monitor

Zero Day MonitorZDM

165,597 vulnerabilities total

cis · CVE-2026-20127 — Cisco Catalyst SD-WAN Controller Authentication Bypass VulnerabilityKEVEXPLOITEDPATCHED

catalyst_sd-wan_manager· CVSS 10.0· CWE-287

linux · CVE-2026-31431 — crypto: algif_aead - Revert to operating out-of-placeKEVEXPLOITEDPATCHED

linux_kernel· CVSS 7.8

linux · CVE-2026-43284 — xfrm: esp: avoid in-place decrypt on shared skb fragsKEVEXPLOITEDPATCHED

linux_kernel· CVSS 8.8

linux · CVE-2026-43500 — rxrpc: Also unshare DATA/RESPONSE packets when paged frags are presentKEVEXPLOITEDPATCHED

linux_kernel· CVSS 7.8

ui · CVE-2026-34908 — CVE-2026-34908: A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS deKEVEXPLOITEDPATCHED

unifi_os_server· CVSS 10.0· CWE-284

ptc · CVE-2026-12569 — Remote Code Execution (RCE) vulnerability in Windchill PDMlinkEXPLOITEDPATCHED

flexplm· CWE-20

ui · CVE-2026-34909 — CVE-2026-34909: A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to aKEVEXPLOITEDPATCHED

unifi_os_server· CVSS 10.0· CWE-22

geoserver · CVE-2024-36401 — GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code ExecutioKEVEXPLOITEDPATCHED

geoserver· CVSS 9.8· CWE-95

igniterealtime · CVE-2023-32315 — Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setuKEVEXPLOITEDPATCHED

openfire· CVSS 8.6· CWE-22

mappress · CVE-2026-56011 — WordPress MapPress Maps for WordPress plugin <= 2.97.3 - Cross Site Scripting (XSS) vulnerabilityKEVEXPLOITED

mappress maps for wordpress· CVSS 7.1· CWE-79

libssh2 · CVE-2026-55200 — libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.cEXPLOITEDPATCHED

libssh2· CVSS 9.2· CWE-680

cis · CVE-2026-20245 — Cisco Catalyst SD-WAN Controller Authenticated Privilege Escalation VulnerabilityEXPLOITEDPATCHED

catalyst_sd-wan_manager· CVSS 7.8· CWE-116

linux · CVE-2026-46333 — ptrace: slightly saner 'get_dumpable()' logicEXPLOITEDPATCHED

kernel· CVSS 7.1· CWE-362

cis · CVE-2026-20230 — CVE-2026-20230: A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session MaEXPLOITEDPATCHED

unified_communications_manager· CVSS 8.6· CWE-918

langflow · CVE-2026-55255 — Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User's FlowKEVEXPLOITEDPATCHED

langflow· CVSS 9.9· CWE-639

gpac project · CVE-2025-60474 — CVE-2025-60474: A buffer overflow in the gf_media_import function (/media_tools/av_parsers.c) of GPAC Project/MP4Box before 26.02.0 alloEXPLOITED

mp4box· CVSS 7.5

google · CVE-2026-13033 — CVE-2026-13033: Out of bounds read and write in Blink>InterestGroups in Google Chrome prior to 149.0.7827.197 allowed a remote attacker EXPLOITEDPATCHED

chrome· CVSS 8.8· CWE-125

google · CVE-2026-13038 — CVE-2026-13038: Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.197 allowed a remote attacker to execute arbiEXPLOITEDPATCHED

chrome· CVSS 8.8· CWE-416

linux · CVE-2026-46300 — net: skbuff: preserve shared-frag marker during coalescingEXPLOITEDPATCHED

linux_kernel· CVSS 7.8

google · CVE-2026-13036 — CVE-2026-13036: Use after free in Blink in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code insEXPLOITEDPATCHED

chrome· CVSS 8.8· CWE-416