ZDI-26-041: (0Day) (Pwn2Own) Enel X JuiceBox 40 Telnet Service Missing Authentication Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Enel X JuiceBox 40 charging stations. Authentication... 10/01/2026 Zero-Day Initiative
ZDI-26-040: (0Day) Discord Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Discord Client. An attacker must first obtain the... 10/01/2026 Zero-Day Initiative
ZDI-26-039: (0Day) WatchYourLAN Configuration Page Argument Injection Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WatchYourLAN. Authentication is not required to exploit... 10/01/2026 Zero-Day Initiative
ZDI-26-038: (0Day) Langflow Disk Cache Deserialization of Untrusted Data Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is required to exploit this... 10/01/2026 Zero-Day Initiative
ZDI-26-037: (0Day) Langflow PythonFunction Code Injection Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Attack vectors and exploitability will vary... 10/01/2026 Zero-Day Initiative
ZDI-26-036: (0Day) Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit... 10/01/2026 Zero-Day Initiative
ZDI-26-035: (0Day) Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit... 10/01/2026 Zero-Day Initiative
ZDI-26-034: (0Day) Langflow code Code Injection Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit... 10/01/2026 Zero-Day Initiative
ZDI-26-033: (0Day) Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Open WebUI. Authentication is not required to... 10/01/2026 Zero-Day Initiative
ZDI-26-032: (0Day) Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit... 10/01/2026 Zero-Day Initiative
