Zero Day Initiative Upcoming Advisories

ZDI: Upcoming Advisories The following is a list of vulnerabilities discovered by Zero Day Initiative researchers that are yet to be publicly disclosed. The affected vendor has been contacted on the specified date and while they work on a patch for these vulnerabilities, TrendAI customers are protected from exploitation by IPS filters delivered ahead of public disclosure. Once the affected vendor patches the vulnerability, we publish an accompanying security advisory which describes the issue, including links to the vendor’s fixes.

  • ZDI-CAN-29835: Oracle
    on July 10, 2026 at 5:00 am

    A CVSS score 6.1 AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:L severity vulnerability discovered by ‘Xiaobye(@xiaobye_tw) of DEVCORE Research Team’ was reported to the affected vendor on: 2026-07-10, 2 days ago. The vendor is given until 2026-11-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-32581: Senstar
    on July 10, 2026 at 5:00 am

    A CVSS score 7.2 AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N severity vulnerability discovered by ‘Minh Giang (@itscysamu) of TrendAI Zero Day Initiative’ was reported to the affected vendor on: 2026-07-10, 2 days ago. The vendor is given until 2026-11-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-32560: deepset
    on July 10, 2026 at 5:00 am

    A CVSS score 9.3 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N severity vulnerability discovered by ‘Taha Siddiqi (@_atomiz_) of TrendAI Research’ was reported to the affected vendor on: 2026-07-10, 2 days ago. The vendor is given until 2026-11-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-32105: NVIDIA
    on July 10, 2026 at 5:00 am

    A CVSS score 9.3 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N severity vulnerability discovered by ‘Habibullo Izzatilloyev’ was reported to the affected vendor on: 2026-07-10, 2 days ago. The vendor is given until 2026-11-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-32156: NVIDIA
    on July 10, 2026 at 5:00 am

    A CVSS score 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Flydragon @ TRAPA Security’ was reported to the affected vendor on: 2026-07-10, 2 days ago. The vendor is given until 2026-11-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-32609: deepset
    on July 10, 2026 at 5:00 am

    A CVSS score 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by ‘Minh Giang (@itscysamu) of TrendAI Zero Day Initiative and Taha Siddiqi (@_atomiz_) of TrendAI Research’ was reported to the affected vendor on: 2026-07-10, 2 days ago. The vendor is given until 2026-11-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-32106: NVIDIA
    on July 10, 2026 at 5:00 am

    A CVSS score 9.3 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N severity vulnerability discovered by ‘Habibullo Izzatilloyev’ was reported to the affected vendor on: 2026-07-10, 2 days ago. The vendor is given until 2026-11-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-30184: Oracle
    on July 10, 2026 at 5:00 am

    A CVSS score 7.5 AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by ‘Phan Vinh Khang of Viettel Cyber Security’ was reported to the affected vendor on: 2026-07-10, 2 days ago. The vendor is given until 2026-11-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-31118: Quest
    on July 10, 2026 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Bobby Gould (@bobbygould5) of TrendAI Zero Day Initiative’ was reported to the affected vendor on: 2026-07-10, 2 days ago. The vendor is given until 2026-11-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-31076: LibreOffice
    on July 9, 2026 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2026-07-09, 3 days ago. The vendor is given until 2026-11-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-31097: LibreOffice
    on July 9, 2026 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2026-07-09, 3 days ago. The vendor is given until 2026-11-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-31096: LibreOffice
    on July 9, 2026 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2026-07-09, 3 days ago. The vendor is given until 2026-11-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-31095: LibreOffice
    on July 9, 2026 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2026-07-09, 3 days ago. The vendor is given until 2026-11-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-31734: ABRT
    on July 9, 2026 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Ryota Shiga (GMO Flatt Security Inc.)’ was reported to the affected vendor on: 2026-07-09, 3 days ago. The vendor is given until 2026-11-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-31121: Oracle
    on July 7, 2026 at 5:00 am

    A CVSS score 7.5 AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by ‘Xiaobye(@xiaobye_tw) of DEVCORE Research Team’ was reported to the affected vendor on: 2026-07-07, 5 days ago. The vendor is given until 2026-11-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-31739: Linux
    on July 7, 2026 at 5:00 am

    A CVSS score 7.8 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by ‘YingMuo (@YingMuo) of DEVCORE Research Team’ was reported to the affected vendor on: 2026-07-07, 5 days ago. The vendor is given until 2026-11-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-31451: VMware
    on July 7, 2026 at 5:00 am

    A CVSS score 8.8 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by ‘Gwangun Jung (@pr0ln) of Theori, with Xint Code’ was reported to the affected vendor on: 2026-07-07, 5 days ago. The vendor is given until 2026-11-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-31523: Linux
    on July 3, 2026 at 5:00 am

    A CVSS score 7.5 AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by ‘elden, Brayn Mbeumo’ was reported to the affected vendor on: 2026-07-03, 9 days ago. The vendor is given until 2026-10-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-31604: Linux
    on July 3, 2026 at 5:00 am

    A CVSS score 7.8 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2026-07-03, 9 days ago. The vendor is given until 2026-10-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-31149: Linux
    on July 3, 2026 at 5:00 am

    A CVSS score 7.5 AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2026-07-03, 9 days ago. The vendor is given until 2026-10-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-31517: Linux
    on July 3, 2026 at 5:00 am

    A CVSS score 7.8 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2026-07-03, 9 days ago. The vendor is given until 2026-10-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-31063: Linux
    on July 3, 2026 at 5:00 am

    A CVSS score 9.3 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L severity vulnerability discovered by ‘p2gone’ was reported to the affected vendor on: 2026-07-03, 9 days ago. The vendor is given until 2026-10-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-31610: Linux
    on July 3, 2026 at 5:00 am

    A CVSS score 7.8 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2026-07-03, 9 days ago. The vendor is given until 2026-10-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-30609: LibreOffice
    on July 3, 2026 at 5:00 am

    A CVSS score 3.3 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2026-07-03, 9 days ago. The vendor is given until 2026-10-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-31014: oFono
    on July 3, 2026 at 5:00 am

    A CVSS score 8.4 AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2026-07-03, 9 days ago. The vendor is given until 2026-10-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-31036: libwebsockets
    on July 3, 2026 at 5:00 am

    A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Maher Azzouzi’ was reported to the affected vendor on: 2026-07-03, 9 days ago. The vendor is given until 2026-10-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-30656: Microsoft
    on July 3, 2026 at 5:00 am

    A CVSS score 8.8 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2026-07-03, 9 days ago. The vendor is given until 2026-10-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-30625: Langflow
    on July 3, 2026 at 5:00 am

    A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Nicholas Zubrisky (@NZubrisky) of TrendAI Zero Day Initiative’ was reported to the affected vendor on: 2026-07-03, 9 days ago. The vendor is given until 2026-10-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-31151: LibreOffice
    on July 3, 2026 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘truff’ was reported to the affected vendor on: 2026-07-03, 9 days ago. The vendor is given until 2026-10-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-31075: LibreOffice
    on July 3, 2026 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2026-07-03, 9 days ago. The vendor is given until 2026-10-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Share Websitecyber
We are an ethical website cyber security team and we perform security assessments to protect our clients.