Advisories, Hacking, News, Threat Research, Vulnerabilities, , , , ,
Cyber Security Advisories

Zero Day Initiative Upcoming Advisories

ZDI: Upcoming Advisories The following is a list of vulnerabilities discovered by Zero Day Initiative researchers that are yet to be publicly disclosed. The affected vendor has been contacted on the specified date and while they work on a patch for these vulnerabilities, TrendAI customers are protected from exploitation by IPS filters delivered ahead of public disclosure. Once the affected vendor patches the vulnerability, we publish an accompanying security advisory which describes the issue, including links to the vendor’s fixes.

  • ZDI-CAN-27906: AOMEI
    on February 25, 2026 at 6:00 am

    A CVSS score 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2026-02-25, 0 days ago. The vendor is given until 2026-06-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28568: AOMEI
    on February 25, 2026 at 6:00 am

    A CVSS score 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by ‘Bobby Gould (@bobbygould5) of Trend Zero Day Initiative’ was reported to the affected vendor on: 2026-02-25, 0 days ago. The vendor is given until 2026-06-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28267: Microsoft
    on February 25, 2026 at 6:00 am

    A CVSS score 7.8 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by ‘Marcin Wiazowski’ was reported to the affected vendor on: 2026-02-25, 0 days ago. The vendor is given until 2026-06-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-29220: Parallels
    on February 25, 2026 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘khongtrang’ was reported to the affected vendor on: 2026-02-25, 0 days ago. The vendor is given until 2026-06-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28885: Parallels
    on February 25, 2026 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘khongtrang’ was reported to the affected vendor on: 2026-02-25, 0 days ago. The vendor is given until 2026-06-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-29308: Docker
    on February 25, 2026 at 6:00 am

    A CVSS score 8.8 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by ‘Nitesh Surana (niteshsurana.com) of TrendAI Research’ was reported to the affected vendor on: 2026-02-25, 0 days ago. The vendor is given until 2026-06-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28886: Parallels
    on February 25, 2026 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘khongtrang’ was reported to the affected vendor on: 2026-02-25, 0 days ago. The vendor is given until 2026-06-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-29381: OpenClaw
    on February 25, 2026 at 6:00 am

    A CVSS score 5.3 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N severity vulnerability discovered by ‘Peter Girnus (@gothburz), Demeng Chen (@DemengChen233), Project AESIR with TrendAI Zero Day Initiative’ was reported to the affected vendor on: 2026-02-25, 0 days ago. The vendor is given until 2026-06-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-29379: OpenClaw
    on February 25, 2026 at 6:00 am

    A CVSS score 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Peter Girnus (@gothburz) and Project AESIR of TrendAI Zero Day Initiative’ was reported to the affected vendor on: 2026-02-25, 0 days ago. The vendor is given until 2026-06-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-29475: OpenAI
    on February 24, 2026 at 6:00 am

    A CVSS score 8.6 AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H severity vulnerability discovered by ‘Peter Girnus (@gothburz), Demeng Chen (@DemengChen233), Project AESIR with TrendAI Zero Day Initiative’ was reported to the affected vendor on: 2026-02-24, 1 days ago. The vendor is given until 2026-06-24 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-29178: Adobe
    on February 24, 2026 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Mark Vincent Yason (markyason.github.io)’ was reported to the affected vendor on: 2026-02-24, 1 days ago. The vendor is given until 2026-06-24 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-29410: Flowise
    on February 24, 2026 at 6:00 am

    A CVSS score 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Nicholas Zubrisky (@NZubrisky) of TrendAI Research’ was reported to the affected vendor on: 2026-02-24, 1 days ago. The vendor is given until 2026-06-24 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-29081: Meta
    on February 24, 2026 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2026-02-24, 1 days ago. The vendor is given until 2026-06-24 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-29249: Progress Software
    on February 23, 2026 at 6:00 am

    A CVSS score 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Michael Argany of TrendAI Research’ was reported to the affected vendor on: 2026-02-23, 2 days ago. The vendor is given until 2026-06-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-29222: Progress Software
    on February 23, 2026 at 6:00 am

    A CVSS score 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Michael Argany of TrendAI Research’ was reported to the affected vendor on: 2026-02-23, 2 days ago. The vendor is given until 2026-06-23 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-29368: Hong Kong University Data Intelligence Lab
    on February 20, 2026 at 6:00 am

    A CVSS score 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by ‘Peter Girnus (@gothburz) and Project AESIR of TrendAI Zero Day Initiative’ was reported to the affected vendor on: 2026-02-20, 5 days ago. The vendor is given until 2026-06-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-29312: OpenClaw
    on February 20, 2026 at 6:00 am

    A CVSS score 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by ‘Peter Girnus (@gothburz) and Project AESIR of TrendAI Zero Day Initiative’ was reported to the affected vendor on: 2026-02-20, 5 days ago. The vendor is given until 2026-06-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-29311: OpenClaw
    on February 20, 2026 at 6:00 am

    A CVSS score 7.4 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N severity vulnerability discovered by ‘Peter Girnus (@gothburz) and Project AESIR of TrendAI Zero Day Initiative’ was reported to the affected vendor on: 2026-02-20, 5 days ago. The vendor is given until 2026-06-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-29369: Hong Kong University Data Intelligence Lab
    on February 20, 2026 at 6:00 am

    A CVSS score 9.3 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N severity vulnerability discovered by ‘Peter Girnus (@gothburz) and Project AESIR of TrendAI Zero Day Initiative’ was reported to the affected vendor on: 2026-02-20, 5 days ago. The vendor is given until 2026-06-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-29226: n8n
    on February 20, 2026 at 6:00 am

    A CVSS score 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Peter Girnus (@gothburz), Demeng Chen (@DemengChen233), Project AESIR with TrendAI Zero Day Initiative’ was reported to the affected vendor on: 2026-02-20, 5 days ago. The vendor is given until 2026-06-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-29225: n8n
    on February 20, 2026 at 6:00 am

    A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Peter Girnus (@gothburz), Demeng Chen (@DemengChen233), Project AESIR with TrendAI Zero Day Initiative’ was reported to the affected vendor on: 2026-02-20, 5 days ago. The vendor is given until 2026-06-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-29160: aeon
    on February 19, 2026 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Mat Powell of TrendAI Zero Day Initiative’ was reported to the affected vendor on: 2026-02-19, 6 days ago. The vendor is given until 2026-06-19 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-29219: pdfforge
    on February 19, 2026 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Mat Powell of TrendAI Zero Day Initiative’ was reported to the affected vendor on: 2026-02-19, 6 days ago. The vendor is given until 2026-06-19 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-29159: aeon
    on February 19, 2026 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Mat Powell of TrendAI Zero Day Initiative’ was reported to the affected vendor on: 2026-02-19, 6 days ago. The vendor is given until 2026-06-19 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28736: X.Org
    on February 19, 2026 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Jan-Niklas Sohn’ was reported to the affected vendor on: 2026-02-19, 6 days ago. The vendor is given until 2026-06-19 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28762: Flowise
    on February 19, 2026 at 6:00 am

    A CVSS score 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Nicholas Zubrisky (@NZubrisky) of TrendAI Research’ was reported to the affected vendor on: 2026-02-19, 6 days ago. The vendor is given until 2026-06-19 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-29252: Apple
    on February 19, 2026 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Michael DePlante (@izobashi) of TrendAI Zero Day Initiative’ was reported to the affected vendor on: 2026-02-19, 6 days ago. The vendor is given until 2026-06-19 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-29240: Apple
    on February 19, 2026 at 6:00 am

    A CVSS score 3.3 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by ‘Michael DePlante (@izobashi) of TrendAI Zero Day Initiative’ was reported to the affected vendor on: 2026-02-19, 6 days ago. The vendor is given until 2026-06-19 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28951: Unraid
    on February 19, 2026 at 6:00 am

    A CVSS score 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Nicolas Chatelain (Nicocha30)’ was reported to the affected vendor on: 2026-02-19, 6 days ago. The vendor is given until 2026-06-19 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28912: Unraid
    on February 17, 2026 at 6:00 am

    A CVSS score 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L severity vulnerability discovered by ‘Nicolas Chatelain (Nicocha30)’ was reported to the affected vendor on: 2026-02-17, 8 days ago. The vendor is given until 2026-06-17 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Share Websitecyber

Related Posts:

We are an ethical website cyber security team and we perform security assessments to protect our clients.