ZERO-DAY

ZERO-DAY 2025 2024 2023 Last Update : 16.01.2026

ZDI ID	ZDI CAN	AFFECTED VENDOR(S)	CVE
ZDI-26-044	ZDI-CAN-28082	Microsoft	CVE-2026-20871	Microsoft Windows Desktop Window Manager Use-After-Free Local Privilege Escalation Vulnerability
ZDI-26-043	ZDI-CAN-25430	npm	CVE-2026-0775	(0Day) npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability
ZDI-26-042	ZDI-CAN-26845	Upsonic	CVE-2026-0773	(0Day) Upsonic Cloudpickle Deserialization of Untrusted Data Remote Code Execution Vulnerability
ZDI-26-041	ZDI-CAN-23285	Enel X	CVE-2026-0778	(0Day) (Pwn2Own) Enel X JuiceBox 40 Telnet Service Missing Authentication Remote Code Execution Vulnerability
ZDI-26-040	ZDI-CAN-27057	Discord	CVE-2026-0776	(0Day) Discord Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
ZDI-26-039	ZDI-CAN-26708	WatchYourLAN	CVE-2026-0774	(0Day) WatchYourLAN Configuration Page Argument Injection Remote Code Execution Vulnerability
ZDI-26-038	ZDI-CAN-27919	Langflow	CVE-2026-0772	(0Day) Langflow Disk Cache Deserialization of Untrusted Data Remote Code Execution Vulnerability
ZDI-26-037	ZDI-CAN-27497	Langflow	CVE-2026-0771	(0Day) Langflow PythonFunction Code Injection Remote Code Execution Vulnerability
ZDI-26-036	ZDI-CAN-27325	Langflow	CVE-2026-0770	(0Day) Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability
ZDI-26-035	ZDI-CAN-26972	Langflow	CVE-2026-0769	(0Day) Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability
ZDI-26-034	ZDI-CAN-27322	Langflow	CVE-2026-0768	(0Day) Langflow code Code Injection Remote Code Execution Vulnerability
ZDI-26-033	ZDI-CAN-28259	Open WebUI	CVE-2026-0767	(0Day) Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability
ZDI-26-032	ZDI-CAN-28257	Open WebUI	CVE-2026-0766	(0Day) Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability
ZDI-26-031	ZDI-CAN-28258	Open WebUI	CVE-2026-0765	(0Day) Open WebUI PIP install_frontmatter_requirements Command Injection Remote Code Execution Vulnerability
ZDI-26-030	ZDI-CAN-27957	GPT Academic	CVE-2026-0764	(0Day) GPT Academic upload Deserialization of Untrusted Data Remote Code Execution Vulnerability
ZDI-26-029	ZDI-CAN-27958	GPT Academic	CVE-2026-0763	(0Day) GPT Academic run_in_subprocess_wrapper_func Deserialization of Untrusted Data Remote Code Execution Vulnerability
ZDI-26-028	ZDI-CAN-27956	GPT Academic	CVE-2026-0762	(0Day) GPT Academic stream_daas Deserialization of Untrusted Data Remote Code Execution Vulnerability
ZDI-26-027	ZDI-CAN-28124	Foundation Agents	CVE-2026-0761	(0Day) Foundation Agents MetaGPT actionoutput_str_to_mapping Code Injection Remote Code Execution Vulnerability
ZDI-26-026	ZDI-CAN-28121	Foundation Agents	CVE-2026-0760	(0Day) Foundation Agents MetaGPT deserialize_message Deserialization of Untrusted Data Remote Code Execution Vulnerability
ZDI-26-025	ZDI-CAN-27786	Katana Network	CVE-2026-0759	(0Day) Katana Network Development Starter Kit executeCommand Command Injection Remote Code Execution Vulnerability
ZDI-26-024	ZDI-CAN-27910	mcp-server-siri-shortcuts	CVE-2026-0758	(0Day) mcp-server-siri-shortcuts shortcutName Command Injection Privilege Escalation Vulnerability
ZDI-26-023	ZDI-CAN-27810	MCP Manager for Claude Desktop	CVE-2026-0757	(0Day) MCP Manager for Claude Desktop execute-command Command Injection Sandbox Escape Vulnerability
ZDI-26-022	ZDI-CAN-27784	github-kanban-mcp-server	CVE-2026-0756	(0Day) github-kanban-mcp-server execAsync Command Injection Remote Code Execution Vulnerability
ZDI-26-021	ZDI-CAN-27783	Gemini MCP Tool	CVE-2026-0755	(0Day) gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability
ZDI-26-020	ZDI-CAN-27683	Ollama MCP Server	CVE-2025-15063	(0Day) Ollama MCP Server execAsync Command Injection Remote Code Execution Vulnerability
ZDI-26-019	ZDI-CAN-27889	Cisco	CVE-2026-20029	Cisco Identity Services Engine getSpecificPLRfromAuthCode XML External Entity Processing Information Disclosure Vulnerability
ZDI-26-018	ZDI-CAN-28322	ALGO	CVE-2026-0796	(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability
ZDI-26-017	ZDI-CAN-28321	ALGO	CVE-2026-0795	(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability
ZDI-26-016	ZDI-CAN-28303	ALGO	CVE-2026-0794	(0Day) ALGO 8180 IP Audio Alerter SIP Use-After-Free Remote Code Execution Vulnerability
ZDI-26-015	ZDI-CAN-28302	ALGO	CVE-2026-0793	(0Day) ALGO 8180 IP Audio Alerter InformaCast Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-014	ZDI-CAN-28301	ALGO	CVE-2026-0792	(0Day) ALGO 8180 IP Audio Alerter SIP INVITE Alert-Info Stack-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-013	ZDI-CAN-28300	ALGO	CVE-2026-0791	(0Day) ALGO 8180 IP Audio Alerter SIP INVITE Replaces Stack-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-012	ZDI-CAN-28299	ALGO	CVE-2026-0790	(0Day) ALGO 8180 IP Audio Alerter Web UI Direct Request Information Disclosure Vulnerability
ZDI-26-011	ZDI-CAN-28297	ALGO	CVE-2026-0789	(0Day) ALGO 8180 IP Audio Alerter Web UI Inclusion of Authentication Cookie in Response Body Information Disclosure Vulnerability
ZDI-26-010	ZDI-CAN-28298	ALGO	CVE-2026-0788	(0Day) ALGO 8180 IP Audio Alerter Web UI Persistent Cross-Site Scripting Vulnerability
ZDI-26-009	ZDI-CAN-28296	ALGO	CVE-2026-0787	(0Day) ALGO 8180 IP Audio Alerter SAC Command Injection Remote Code Execution Vulnerability
ZDI-26-008	ZDI-CAN-28295	ALGO	CVE-2026-0786	(0Day) ALGO 8180 IP Audio Alerter SCI Command Injection Remote Code Execution Vulnerability
ZDI-26-007	ZDI-CAN-28294	ALGO	CVE-2026-0785	(0Day) ALGO 8180 IP Audio Alerter API Command Injection Remote Code Execution Vulnerability
ZDI-26-006	ZDI-CAN-28293	ALGO	CVE-2026-0784	(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability
ZDI-26-005	ZDI-CAN-28292	ALGO	CVE-2026-0783	(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability
ZDI-26-004	ZDI-CAN-28291	ALGO	CVE-2026-0782	(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability
ZDI-26-003	ZDI-CAN-28290	ALGO	CVE-2026-0781	(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability
ZDI-26-002	ZDI-CAN-28289	ALGO	CVE-2026-0780	(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability
ZDI-26-001	ZDI-CAN-25568	ALGO	CVE-2026-0779	(0Day) ALGO 8180 IP Audio Alerter Ping Command Injection Remote Code Execution Vulnerability