Advisories, Hacking, News, Threat Research, Vulnerabilities, , , , ,
Cyber Security Advisories

Zero Day Initiative Upcoming Advisories

ZDI: Upcoming Advisories The following is a list of vulnerabilities discovered by Zero Day Initiative researchers that are yet to be publicly disclosed. The affected vendor has been contacted on the specified date and while they work on a patch for these vulnerabilities, Trend Micro customers are protected from exploitation by IPS filters delivered ahead of public disclosure. Once the affected vendor patches the vulnerability, we publish an accompanying security advisory which describes the issue, including links to the vendor’s fixes.

  • ZDI-CAN-28188: Dassault Systèmes
    on October 7, 2025 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2025-10-07, 1 days ago. The vendor is given until 2026-02-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28186: Dassault Systèmes
    on October 7, 2025 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2025-10-07, 1 days ago. The vendor is given until 2026-02-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28198: FontForge
    on October 7, 2025 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘ volticks (@movx64 on twitter) ‘ was reported to the affected vendor on: 2025-10-07, 1 days ago. The vendor is given until 2026-02-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28053: Foxit
    on October 7, 2025 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘kozmer’ was reported to the affected vendor on: 2025-10-07, 1 days ago. The vendor is given until 2026-02-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28254: All Hands
    on October 7, 2025 at 5:00 am

    A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Peter Girnus (@gothburz), Brandon Niemczyk of Trend Zero Day Initiative’ was reported to the affected vendor on: 2025-10-07, 1 days ago. The vendor is given until 2026-02-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27877: Framelink
    on October 7, 2025 at 5:00 am

    A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Peter Girnus (@gothburz) and Brandon Niemczyk of Trend Zero Day Initiative’ was reported to the affected vendor on: 2025-10-07, 1 days ago. The vendor is given until 2026-02-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27785: claude-hovercraft
    on October 6, 2025 at 5:00 am

    A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Peter Girnus (@gothburz) of Trend Research’ was reported to the affected vendor on: 2025-10-06, 2 days ago. The vendor is given until 2026-02-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28122: Trend Micro
    on October 3, 2025 at 5:00 am

    A CVSS score 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Xavier DANEST – Decathlon’ was reported to the affected vendor on: 2025-10-03, 5 days ago. The vendor is given until 2026-01-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27329: EmbedThis
    on October 3, 2025 at 5:00 am

    A CVSS score 7.5 AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Tyler Zars’ was reported to the affected vendor on: 2025-10-03, 5 days ago. The vendor is given until 2026-01-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28221: EmbedThis
    on October 3, 2025 at 5:00 am

    A CVSS score 5.0 AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L severity vulnerability discovered by ‘Tyler Zars’ was reported to the affected vendor on: 2025-10-03, 5 days ago. The vendor is given until 2026-01-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27556: BusyBox
    on October 3, 2025 at 5:00 am

    A CVSS score 6.1 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L severity vulnerability discovered by ‘Ryota Shiga (GMO Flatt Security Inc.) with takumi-san.ai’ was reported to the affected vendor on: 2025-10-03, 5 days ago. The vendor is given until 2026-01-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28202: Quest
    on October 3, 2025 at 5:00 am

    A CVSS score 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘ Bobby Gould (@bobbygould5) of Trend Zero Day Initiative’ was reported to the affected vendor on: 2025-10-03, 5 days ago. The vendor is given until 2026-01-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28222: Trend Micro
    on October 3, 2025 at 5:00 am

    A CVSS score 5.3 AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by ‘Xavier DANEST – Decathlon’ was reported to the affected vendor on: 2025-10-03, 5 days ago. The vendor is given until 2026-01-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27394: IceWarp
    on September 26, 2025 at 5:00 am

    A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Oscar Bataille’ was reported to the affected vendor on: 2025-09-26, 12 days ago. The vendor is given until 2026-01-24 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27933: Oracle
    on September 25, 2025 at 5:00 am

    A CVSS score 8.2 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by ‘VMBreakers(SANGBIN KIM, GANGMIN KIM, Un3xploitable)’ was reported to the affected vendor on: 2025-09-25, 13 days ago. The vendor is given until 2026-01-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27870: Oracle
    on September 25, 2025 at 5:00 am

    A CVSS score 8.2 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by ‘VMBreakers(GANGMIN KIM, SANGBIN KIM, Un3xploitable)’ was reported to the affected vendor on: 2025-09-25, 13 days ago. The vendor is given until 2026-01-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27895: Oracle
    on September 25, 2025 at 5:00 am

    A CVSS score 8.2 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by ‘VMBreakers(GANGMIN KIM, SANGBIN KIM, Un3xploitable)’ was reported to the affected vendor on: 2025-09-25, 13 days ago. The vendor is given until 2026-01-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27890: Oracle
    on September 25, 2025 at 5:00 am

    A CVSS score 8.2 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by ‘VMBreakers(GANGMIN KIM, SANGBIN KIM, Un3xploitable)’ was reported to the affected vendor on: 2025-09-25, 13 days ago. The vendor is given until 2026-01-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27947: Academy Software Foundation
    on September 25, 2025 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2025-09-25, 13 days ago. The vendor is given until 2026-01-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27946: Academy Software Foundation
    on September 25, 2025 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2025-09-25, 13 days ago. The vendor is given until 2026-01-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27924: Oracle
    on September 25, 2025 at 5:00 am

    A CVSS score 8.2 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by ‘VMBreakers(GANGMIN KIM, SANGBIN KIM, Un3xploitable)’ was reported to the affected vendor on: 2025-09-25, 13 days ago. The vendor is given until 2026-01-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27948: Academy Software Foundation
    on September 25, 2025 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2025-09-25, 13 days ago. The vendor is given until 2026-01-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28129: Sante
    on September 25, 2025 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2025-09-25, 13 days ago. The vendor is given until 2026-01-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27925: Oracle
    on September 25, 2025 at 5:00 am

    A CVSS score 7.5 AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by ‘VMBreakers(GANGMIN KIM, SANGBIN KIM, Un3xploitable)’ was reported to the affected vendor on: 2025-09-25, 13 days ago. The vendor is given until 2026-01-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27938: Oracle
    on September 25, 2025 at 5:00 am

    A CVSS score 7.5 AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by ‘NiNi (@terrynini38514) from DEVCORE Research Team’ was reported to the affected vendor on: 2025-09-25, 13 days ago. The vendor is given until 2026-01-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27871: Oracle
    on September 25, 2025 at 5:00 am

    A CVSS score 6.0 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N severity vulnerability discovered by ‘VMBreakers(GANGMIN KIM, SANGBIN KIM, Un3xploitable)’ was reported to the affected vendor on: 2025-09-25, 13 days ago. The vendor is given until 2026-01-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27353: Fuji Electric
    on September 25, 2025 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Rocco Calvi (@TecR0c) with TecSecurity’ was reported to the affected vendor on: 2025-09-25, 13 days ago. The vendor is given until 2026-01-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28045: Oracle
    on September 25, 2025 at 5:00 am

    A CVSS score 7.5 AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by ‘Xiaobye(@xiaobye_tw) of DEVCORE Research Team’ was reported to the affected vendor on: 2025-09-25, 13 days ago. The vendor is given until 2026-01-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27923: Oracle
    on September 25, 2025 at 5:00 am

    A CVSS score 8.2 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by ‘VMBreakers(GANGMIN KIM, SANGBIN KIM, Un3xploitable)’ was reported to the affected vendor on: 2025-09-25, 13 days ago. The vendor is given until 2026-01-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28096: Lightning AI
    on September 24, 2025 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Michael DePlante (@izobashi) of Trend Zero Day Initiative’ was reported to the affected vendor on: 2025-09-24, 14 days ago. The vendor is given until 2026-01-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Share Websitecyber

Related Posts:

We are an ethical website cyber security team and we perform security assessments to protect our clients.