Advisories, Hacking, News, Threat Research, Vulnerabilities, , , , ,
Cyber Security Advisories

Zero Day Initiative Upcoming Advisories

ZDI: Upcoming Advisories The following is a list of vulnerabilities discovered by Zero Day Initiative researchers that are yet to be publicly disclosed. The affected vendor has been contacted on the specified date and while they work on a patch for these vulnerabilities, TrendAI customers are protected from exploitation by IPS filters delivered ahead of public disclosure. Once the affected vendor patches the vulnerability, we publish an accompanying security advisory which describes the issue, including links to the vendor’s fixes.

  • ZDI-CAN-28746: DriveLock
    on February 6, 2026 at 6:00 am

    A CVSS score 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by ‘stuxxn’ was reported to the affected vendor on: 2026-02-06, 0 days ago. The vendor is given until 2026-06-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28630: NoMachine
    on February 6, 2026 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2026-02-06, 0 days ago. The vendor is given until 2026-06-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28906: Krita
    on February 6, 2026 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2026-02-06, 0 days ago. The vendor is given until 2026-06-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28722: DriveLock
    on February 6, 2026 at 6:00 am

    A CVSS score 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by ‘stuxxn’ was reported to the affected vendor on: 2026-02-06, 0 days ago. The vendor is given until 2026-06-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28850: GStreamer
    on February 6, 2026 at 6:00 am

    A CVSS score 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2026-02-06, 0 days ago. The vendor is given until 2026-06-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28905: Krita
    on February 6, 2026 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2026-02-06, 0 days ago. The vendor is given until 2026-06-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28713: DriveLock
    on February 6, 2026 at 6:00 am

    A CVSS score 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by ‘stuxxn’ was reported to the affected vendor on: 2026-02-06, 0 days ago. The vendor is given until 2026-06-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28726: DriveLock
    on February 6, 2026 at 6:00 am

    A CVSS score 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘stuxxn’ was reported to the affected vendor on: 2026-02-06, 0 days ago. The vendor is given until 2026-06-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28692: Delta Electronics
    on February 6, 2026 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Feng Xiong’ was reported to the affected vendor on: 2026-02-06, 0 days ago. The vendor is given until 2026-06-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28771: Krita
    on February 6, 2026 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2026-02-06, 0 days ago. The vendor is given until 2026-06-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28752: Krita
    on February 6, 2026 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2026-02-06, 0 days ago. The vendor is given until 2026-06-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28785: Krita
    on February 6, 2026 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2026-02-06, 0 days ago. The vendor is given until 2026-06-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28757: Ashlar-Vellum
    on February 6, 2026 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Rocco Calvi (@TecR0c) with TecSecurity’ was reported to the affected vendor on: 2026-02-06, 0 days ago. The vendor is given until 2026-06-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28644: NoMachine
    on February 6, 2026 at 6:00 am

    A CVSS score 7.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2026-02-06, 0 days ago. The vendor is given until 2026-06-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28719: DriveLock
    on February 6, 2026 at 6:00 am

    A CVSS score 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N severity vulnerability discovered by ‘stuxxn’ was reported to the affected vendor on: 2026-02-06, 0 days ago. The vendor is given until 2026-06-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-29187: npm
    on February 5, 2026 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘ Bobby Gould (@bobbygould5) and Michael DePlante (@izobashi) of TrendAI Zero Day Initiative’ was reported to the affected vendor on: 2026-02-05, 1 days ago. The vendor is given until 2026-06-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28092: verl
    on February 5, 2026 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Michael DePlante (@izobashi) of TrendAI Zero Day Initiative’ was reported to the affected vendor on: 2026-02-05, 1 days ago. The vendor is given until 2026-06-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-29171: npm
    on February 5, 2026 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Bobby Gould (@bobbygould5) and Michael DePlante (@izobashi) of TrendAI Zero Day Initiative’ was reported to the affected vendor on: 2026-02-05, 1 days ago. The vendor is given until 2026-06-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28192: MLflow
    on February 5, 2026 at 6:00 am

    A CVSS score 8.2 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N severity vulnerability discovered by ‘Muhammad Fadilullah Dzaki’ was reported to the affected vendor on: 2026-02-05, 1 days ago. The vendor is given until 2026-06-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28677: NVIDIA
    on February 5, 2026 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Tyler Zars’ was reported to the affected vendor on: 2026-02-05, 1 days ago. The vendor is given until 2026-06-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28090: NVIDIA
    on February 5, 2026 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Michael DePlante (@izobashi) of TrendAI Zero Day Initiative’ was reported to the affected vendor on: 2026-02-05, 1 days ago. The vendor is given until 2026-06-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27987: Hugging Face
    on February 5, 2026 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Michael DePlante (@izobashi) of TrendAI Zero Day Initiative’ was reported to the affected vendor on: 2026-02-05, 1 days ago. The vendor is given until 2026-06-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27986: Hugging Face
    on February 5, 2026 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Michael DePlante (@izobashi) of TrendAI Zero Day Initiative’ was reported to the affected vendor on: 2026-02-05, 1 days ago. The vendor is given until 2026-06-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28651: Microsoft
    on February 5, 2026 at 6:00 am

    A CVSS score 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by ‘Len Sadowski (lytnc) and Oğuz Bektaş (_ozb_) ‘ was reported to the affected vendor on: 2026-02-05, 1 days ago. The vendor is given until 2026-06-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28889: Intel
    on February 5, 2026 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Michael DePlante (@izobashi) of TrendAI Zero Day Initiative’ was reported to the affected vendor on: 2026-02-05, 1 days ago. The vendor is given until 2026-06-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28091: DeepSpeed
    on February 5, 2026 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Michael DePlante (@izobashi) of TrendAI Zero Day Initiative’ was reported to the affected vendor on: 2026-02-05, 1 days ago. The vendor is given until 2026-06-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27466: verl
    on February 5, 2026 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Xingyu Wang’ was reported to the affected vendor on: 2026-02-05, 1 days ago. The vendor is given until 2026-06-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-29162: Apple
    on February 3, 2026 at 6:00 am

    A CVSS score 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Hossein Lotfi (@hosselot) of TrendAI Zero Day Initiative’ was reported to the affected vendor on: 2026-02-03, 3 days ago. The vendor is given until 2026-06-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28816: Adobe
    on February 3, 2026 at 6:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Mark Vincent Yason (markyason.github.io)’ was reported to the affected vendor on: 2026-02-03, 3 days ago. The vendor is given until 2026-06-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-28034: Schneider Electric
    on February 2, 2026 at 6:00 am

    A CVSS score 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘ hassan ali’ was reported to the affected vendor on: 2026-02-02, 4 days ago. The vendor is given until 2026-06-02 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Share Websitecyber

Related Posts:

We are an ethical website cyber security team and we perform security assessments to protect our clients.