Advisories, Hacking, News, Threat Research, Vulnerabilities, , , , ,
Cyber Security Advisories

Zero Day Initiative Upcoming Advisories

ZDI: Upcoming Advisories The following is a list of vulnerabilities discovered by Zero Day Initiative researchers that are yet to be publicly disclosed. The affected vendor has been contacted on the specified date and while they work on a patch for these vulnerabilities, Trend Micro customers are protected from exploitation by IPS filters delivered ahead of public disclosure. Once the affected vendor patches the vulnerability, we publish an accompanying security advisory which describes the issue, including links to the vendor’s fixes.

  • ZDI-CAN-27424: Hugging Face
    on November 25, 2025 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2025-11-25, 1 days ago. The vendor is given until 2026-03-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28617: Ivanti
    on November 25, 2025 at 6:00 am

    A CVSS score 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by ’06fe5fd2bc53027c4a3b7e395af0b850e7b8a044′ was reported to the affected vendor on: 2025-11-25, 1 days ago. The vendor is given until 2026-03-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-26885: Ivanti
    on November 25, 2025 at 6:00 am

    A CVSS score 8.6 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N severity vulnerability discovered by ’06fe5fd2bc53027c4a3b7e395af0b850e7b8a044′ was reported to the affected vendor on: 2025-11-25, 1 days ago. The vendor is given until 2026-03-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28388: MindsDB
    on November 20, 2025 at 6:00 am

    A CVSS score 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Peter Girnus (@gothburz), Demeng Chen, and Brandon Niemczyk of Trend Zero Day Initiative’ was reported to the affected vendor on: 2025-11-20, 6 days ago. The vendor is given until 2026-03-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27936: GFI
    on November 19, 2025 at 6:00 am

    A CVSS score 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2025-11-19, 7 days ago. The vendor is given until 2026-03-19 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28569: Vim
    on November 19, 2025 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Simon Zuckerbraun of Trend Zero Day Initiative’ was reported to the affected vendor on: 2025-11-19, 7 days ago. The vendor is given until 2026-03-19 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27934: GFI
    on November 19, 2025 at 6:00 am

    A CVSS score 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2025-11-19, 7 days ago. The vendor is given until 2026-03-19 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28597: GFI
    on November 19, 2025 at 6:00 am

    A CVSS score 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2025-11-19, 7 days ago. The vendor is given until 2026-03-19 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27628: QEMU
    on November 19, 2025 at 6:00 am

    A CVSS score 8.8 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by ‘Xiaobye(@xiaobye_tw) of DEVCORE Research Team’ was reported to the affected vendor on: 2025-11-19, 7 days ago. The vendor is given until 2026-03-19 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27935: GFI
    on November 19, 2025 at 6:00 am

    A CVSS score 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2025-11-19, 7 days ago. The vendor is given until 2026-03-19 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28552: Apple
    on November 19, 2025 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Michael DePlante (@izobashi) of Trend Zero Day Initiative’ was reported to the affected vendor on: 2025-11-19, 7 days ago. The vendor is given until 2026-03-19 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28490: Linux
    on November 18, 2025 at 6:00 am

    A CVSS score 7.5 AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by ‘Maher Azzouzi (@maherazz2)’ was reported to the affected vendor on: 2025-11-18, 8 days ago. The vendor is given until 2026-03-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28542: Docker
    on November 14, 2025 at 6:00 am

    A CVSS score 6.7 AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Nitesh Surana (niteshsurana.com) and Amol Dosanjh of Trend Research’ was reported to the affected vendor on: 2025-11-14, 12 days ago. The vendor is given until 2026-03-14 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28462: Microsoft
    on November 14, 2025 at 6:00 am

    A CVSS score 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N severity vulnerability discovered by ‘Vladislav Berghici of Trend Research’ was reported to the affected vendor on: 2025-11-14, 12 days ago. The vendor is given until 2026-03-14 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28410: Microsoft
    on November 14, 2025 at 6:00 am

    A CVSS score 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N severity vulnerability discovered by ‘Vladislav Berghici of Trend Research’ was reported to the affected vendor on: 2025-11-14, 12 days ago. The vendor is given until 2026-03-14 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28190: Docker
    on November 14, 2025 at 6:00 am

    A CVSS score 6.7 AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Nitesh Surana (niteshsurana.com) and Amol Dosanjh of Trend Research’ was reported to the affected vendor on: 2025-11-14, 12 days ago. The vendor is given until 2026-03-14 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28101: Qwen
    on November 11, 2025 at 6:00 am

    A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Peter Girnus (@gothburz) and Brandon Niemczyk of Trend Zero Day Initiative’ was reported to the affected vendor on: 2025-11-11, 15 days ago. The vendor is given until 2026-03-11 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28311: GIMP
    on November 11, 2025 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2025-11-11, 15 days ago. The vendor is given until 2026-03-11 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28232: GIMP
    on November 11, 2025 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2025-11-11, 15 days ago. The vendor is given until 2026-03-11 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28265: GIMP
    on November 11, 2025 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘MICHAEL RANDRIANANTENAINA [https://elkamika.blogspot.com/]’ was reported to the affected vendor on: 2025-11-11, 15 days ago. The vendor is given until 2026-03-11 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28273: GIMP
    on November 11, 2025 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2025-11-11, 15 days ago. The vendor is given until 2026-03-11 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28158: GIMP
    on November 11, 2025 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2025-11-11, 15 days ago. The vendor is given until 2026-03-11 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28416: GIMP
    on November 11, 2025 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2025-11-11, 15 days ago. The vendor is given until 2026-03-11 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28405: GIMP
    on November 11, 2025 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2025-11-11, 15 days ago. The vendor is given until 2026-03-11 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28376: GIMP
    on November 11, 2025 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2025-11-11, 15 days ago. The vendor is given until 2026-03-11 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28248: GIMP
    on November 11, 2025 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2025-11-11, 15 days ago. The vendor is given until 2026-03-11 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28173: Ashlar-Vellum
    on November 11, 2025 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Rocco Calvi (@TecR0c) with TecSecurity’ was reported to the affected vendor on: 2025-11-11, 15 days ago. The vendor is given until 2026-03-11 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28172: Ashlar-Vellum
    on November 11, 2025 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Rocco Calvi (@TecR0c) with TecSecurity’ was reported to the affected vendor on: 2025-11-11, 15 days ago. The vendor is given until 2026-03-11 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28491: Microsoft
    on November 7, 2025 at 6:00 am

    A CVSS score 3.3 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by ‘Jonathan Lein of Trend Research’ was reported to the affected vendor on: 2025-11-07, 19 days ago. The vendor is given until 2026-03-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28159: Microsoft
    on November 7, 2025 at 6:00 am

    A CVSS score 8.8 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by ‘Marcin Wiazowski’ was reported to the affected vendor on: 2025-11-07, 19 days ago. The vendor is given until 2026-03-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Share Websitecyber

Related Posts:

We are an ethical website cyber security team and we perform security assessments to protect our clients.