[go: up one dir, main page]

Published Advisories

PUBLISHED ADVISORIES

The following is a list of all publicly disclosed vulnerabilities discovered by Zero Day Initiative researchers. While the affected vendor is working on a patch for these vulnerabilities, Trend Micro customers are protected from exploitation by security filters delivered ahead of public disclosure.

All security vulnerabilities that are acquired by the Zero Day Initiative are handled according to the ZDI Disclosure Policy. Once the affected vendor patches the vulnerability, we publish an accompanying security advisory which describes the issue, including links to the vendor's fixes.

Available in RSS Format
ZDI ID ZDI CAN AFFECTED VENDOR(S) CVE CVSS v3.0 PUBLISHED UPDATED TITLE
ZDI-26-044 ZDI-CAN-28082 Microsoft CVE-2026-20871 7.8 2026-01-13 2026-01-13 Microsoft Windows Desktop Window Manager Use-After-Free Local Privilege Escalation Vulnerability
ZDI-26-043 ZDI-CAN-25430 npm CVE-2026-0775 7.0 2026-01-12 2026-01-12 (0Day) npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability
ZDI-26-042 ZDI-CAN-26845 Upsonic CVE-2026-0773 9.8 2026-01-09 2026-01-09 (0Day) Upsonic Cloudpickle Deserialization of Untrusted Data Remote Code Execution Vulnerability
ZDI-26-041 ZDI-CAN-23285 Enel X CVE-2026-0778 8.8 2026-01-09 2026-01-09 (0Day) (Pwn2Own) Enel X JuiceBox 40 Telnet Service Missing Authentication Remote Code Execution Vulnerability
ZDI-26-040 ZDI-CAN-27057 Discord CVE-2026-0776 7.3 2026-01-09 2026-01-09 (0Day) Discord Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
ZDI-26-039 ZDI-CAN-26708 WatchYourLAN CVE-2026-0774 8.8 2026-01-09 2026-01-09 (0Day) WatchYourLAN Configuration Page Argument Injection Remote Code Execution Vulnerability
ZDI-26-038 ZDI-CAN-27919 Langflow CVE-2026-0772 7.5 2026-01-09 2026-01-09 (0Day) Langflow Disk Cache Deserialization of Untrusted Data Remote Code Execution Vulnerability
ZDI-26-037 ZDI-CAN-27497 Langflow CVE-2026-0771 7.1 2026-01-09 2026-01-09 (0Day) Langflow PythonFunction Code Injection Remote Code Execution Vulnerability
ZDI-26-036 ZDI-CAN-27325 Langflow CVE-2026-0770 9.8 2026-01-09 2026-01-09 (0Day) Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability
ZDI-26-035 ZDI-CAN-26972 Langflow CVE-2026-0769 9.8 2026-01-09 2026-01-09 (0Day) Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability
ZDI-26-034 ZDI-CAN-27322 Langflow CVE-2026-0768 9.8 2026-01-09 2026-01-09 (0Day) Langflow code Code Injection Remote Code Execution Vulnerability
ZDI-26-033 ZDI-CAN-28259 Open WebUI CVE-2026-0767 5.3 2026-01-09 2026-01-09 (0Day) Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability
ZDI-26-032 ZDI-CAN-28257 Open WebUI CVE-2026-0766 8.8 2026-01-09 2026-01-09 (0Day) Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability
ZDI-26-031 ZDI-CAN-28258 Open WebUI CVE-2026-0765 8.8 2026-01-09 2026-01-09 (0Day) Open WebUI PIP install_frontmatter_requirements Command Injection Remote Code Execution Vulnerability
ZDI-26-030 ZDI-CAN-27957 GPT Academic CVE-2026-0764 9.8 2026-01-09 2026-01-09 (0Day) GPT Academic upload Deserialization of Untrusted Data Remote Code Execution Vulnerability
ZDI-26-029 ZDI-CAN-27958 GPT Academic CVE-2026-0763 9.8 2026-01-09 2026-01-09 (0Day) GPT Academic run_in_subprocess_wrapper_func Deserialization of Untrusted Data Remote Code Execution Vulnerability
ZDI-26-028 ZDI-CAN-27956 GPT Academic CVE-2026-0762 8.1 2026-01-09 2026-01-09 (0Day) GPT Academic stream_daas Deserialization of Untrusted Data Remote Code Execution Vulnerability
ZDI-26-027 ZDI-CAN-28124 Foundation Agents CVE-2026-0761 9.8 2026-01-09 2026-01-09 (0Day) Foundation Agents MetaGPT actionoutput_str_to_mapping Code Injection Remote Code Execution Vulnerability
ZDI-26-026 ZDI-CAN-28121 Foundation Agents CVE-2026-0760 9.8 2026-01-09 2026-01-09 (0Day) Foundation Agents MetaGPT deserialize_message Deserialization of Untrusted Data Remote Code Execution Vulnerability
ZDI-26-025 ZDI-CAN-27786 Katana Network CVE-2026-0759 9.8 2026-01-09 2026-01-09 (0Day) Katana Network Development Starter Kit executeCommand Command Injection Remote Code Execution Vulnerability
ZDI-26-024 ZDI-CAN-27910 mcp-server-siri-shortcuts CVE-2026-0758 7.8 2026-01-09 2026-01-09 (0Day) mcp-server-siri-shortcuts shortcutName Command Injection Privilege Escalation Vulnerability
ZDI-26-023 ZDI-CAN-27810 MCP Manager for Claude Desktop CVE-2026-0757 8.8 2026-01-09 2026-01-09 (0Day) MCP Manager for Claude Desktop execute-command Command Injection Sandbox Escape Vulnerability
ZDI-26-022 ZDI-CAN-27784 github-kanban-mcp-server CVE-2026-0756 9.8 2026-01-09 2026-01-09 (0Day) github-kanban-mcp-server execAsync Command Injection Remote Code Execution Vulnerability
ZDI-26-021 ZDI-CAN-27783 Gemini MCP Tool CVE-2026-0755 9.8 2026-01-09 2026-01-09 (0Day) gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability
ZDI-26-020 ZDI-CAN-27683 Ollama MCP Server CVE-2025-15063 9.8 2026-01-09 2026-01-09 (0Day) Ollama MCP Server execAsync Command Injection Remote Code Execution Vulnerability
ZDI-26-019 ZDI-CAN-27889 Cisco CVE-2026-20029 4.9 2026-01-09 2026-01-09 Cisco Identity Services Engine getSpecificPLRfromAuthCode XML External Entity Processing Information Disclosure Vulnerability
ZDI-26-018 ZDI-CAN-28322 ALGO CVE-2026-0796 7.2 2026-01-09 2026-01-09 (0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability
ZDI-26-017 ZDI-CAN-28321 ALGO CVE-2026-0795 7.2 2026-01-09 2026-01-09 (0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability
ZDI-26-016 ZDI-CAN-28303 ALGO CVE-2026-0794 8.1 2026-01-09 2026-01-09 (0Day) ALGO 8180 IP Audio Alerter SIP Use-After-Free Remote Code Execution Vulnerability
ZDI-26-015 ZDI-CAN-28302 ALGO CVE-2026-0793 8.1 2026-01-09 2026-01-09 (0Day) ALGO 8180 IP Audio Alerter InformaCast Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-014 ZDI-CAN-28301 ALGO CVE-2026-0792 8.1 2026-01-09 2026-01-09 (0Day) ALGO 8180 IP Audio Alerter SIP INVITE Alert-Info Stack-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-013 ZDI-CAN-28300 ALGO CVE-2026-0791 8.1 2026-01-09 2026-01-09 (0Day) ALGO 8180 IP Audio Alerter SIP INVITE Replaces Stack-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-012 ZDI-CAN-28299 ALGO CVE-2026-0790 5.3 2026-01-09 2026-01-09 (0Day) ALGO 8180 IP Audio Alerter Web UI Direct Request Information Disclosure Vulnerability
ZDI-26-011 ZDI-CAN-28297 ALGO CVE-2026-0789 5.3 2026-01-09 2026-01-09 (0Day) ALGO 8180 IP Audio Alerter Web UI Inclusion of Authentication Cookie in Response Body Information Disclosure Vulnerability
ZDI-26-010 ZDI-CAN-28298 ALGO CVE-2026-0788 5.3 2026-01-09 2026-01-09 (0Day) ALGO 8180 IP Audio Alerter Web UI Persistent Cross-Site Scripting Vulnerability
ZDI-26-009 ZDI-CAN-28296 ALGO CVE-2026-0787 8.1 2026-01-09 2026-01-09 (0Day) ALGO 8180 IP Audio Alerter SAC Command Injection Remote Code Execution Vulnerability
ZDI-26-008 ZDI-CAN-28295 ALGO CVE-2026-0786 7.5 2026-01-09 2026-01-09 (0Day) ALGO 8180 IP Audio Alerter SCI Command Injection Remote Code Execution Vulnerability
ZDI-26-007 ZDI-CAN-28294 ALGO CVE-2026-0785 7.5 2026-01-09 2026-01-09 (0Day) ALGO 8180 IP Audio Alerter API Command Injection Remote Code Execution Vulnerability
ZDI-26-006 ZDI-CAN-28293 ALGO CVE-2026-0784 7.2 2026-01-09 2026-01-09 (0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability
ZDI-26-005 ZDI-CAN-28292 ALGO CVE-2026-0783 7.2 2026-01-09 2026-01-09 (0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability
ZDI-26-004 ZDI-CAN-28291 ALGO CVE-2026-0782 7.2 2026-01-09 2026-01-09 (0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability
ZDI-26-003 ZDI-CAN-28290 ALGO CVE-2026-0781 7.2 2026-01-09 2026-01-09 (0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability
ZDI-26-002 ZDI-CAN-28289 ALGO CVE-2026-0780 7.2 2026-01-09 2026-01-09 (0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability
ZDI-26-001 ZDI-CAN-25568 ALGO CVE-2026-0779 7.2 2026-01-09 2026-01-09 (0Day) ALGO 8180 IP Audio Alerter Ping Command Injection Remote Code Execution Vulnerability