ZDI-26-048: Fortinet FortiSandbox fortisandbox Server-Side Request Forgery Remote Code Execution Vulnerability This vulnerability allows remote attackers to disclose sensitive information on affected installations of Fortinet FortiSandbox. Authentication is required to exploit... 29/01/2026 Zero-Day Initiative
ZDI-26-047: Hancom Office DOC File Parsing Type Confusion Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office. User interaction is required to... 29/01/2026 Zero-Day Initiative
ZDI-26-046: Cisco Snort _bnfa_search_csparse_nfa Use-After-Free Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Snort. Authentication is not required to... 29/01/2026 Zero-Day Initiative
ZDI-26-045: Cisco Snort _bnfa_search_csparse_nfa Out-Of-Bounds Read Information Disclosure Vulnerability This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Snort. Authentication is not required to... 29/01/2026 Zero-Day Initiative
ZDI-26-044: Microsoft Windows Desktop Window Manager Use-After-Free Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the... 14/01/2026 Zero-Day Initiative
ZDI-26-043: (0Day) npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the... 13/01/2026 Zero-Day Initiative
ZDI-26-042: (0Day) Upsonic Cloudpickle Deserialization of Untrusted Data Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Upsonic. Authentication is not required to exploit... 10/01/2026 Zero-Day Initiative
ZDI-26-041: (0Day) (Pwn2Own) Enel X JuiceBox 40 Telnet Service Missing Authentication Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Enel X JuiceBox 40 charging stations. Authentication... 10/01/2026 Zero-Day Initiative
ZDI-26-040: (0Day) Discord Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Discord Client. An attacker must first obtain the... 10/01/2026 Zero-Day Initiative
ZDI-26-039: (0Day) WatchYourLAN Configuration Page Argument Injection Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WatchYourLAN. Authentication is not required to exploit... 10/01/2026 Zero-Day Initiative
