LIVE
Confirmed 0-Day Vulnerabilities
Curated inventory of in-the-wild exploited CVEs, triaged from multiple threat intelligence sources and cross-referenced with Google Project Zero.
Total Confirmed
634
0-day CVEs
This Month
12
newly confirmed
Project Zero
399
in Google P0 sheet
Articles Indexed
11642
from all sources
Recent Confirmed 0-Days
View all →| CVE ID | Vendor / Product | Weakness | CVSS | Conf. | Mentions | Published |
|---|---|---|---|---|---|---|
|
Palo Alto Networks
Cloud NGFW
|
CWE-787
Out-of-bounds Write
|
9.3
v4
|
85% | 7 | May 06, 2026 | |
|
Meta
react-server-dom-webpack
|
CWE-502
Deserialization of Untrusted Data
|
10.0
v3
|
92% | 17 | Dec 03, 2025 | |
|
BeyondTrust
Remote Support
|
CWE-77
Command Injection
|
9.8
v3
|
85% | 9 | Dec 17, 2024 | |
|
oracle
agile product lifecycle management
|
CWE-863
Incorrect Authorization
|
7.5
v3
|
85% | 3 | Nov 18, 2024 | |
|
GeoVision
GV-VS12
|
CWE-78
OS Command Injection
|
9.8
v3
|
85% | 2 | Nov 15, 2024 | |
|
Microsoft
Windows
|
CWE-416
Use After Free
|
7.8
v3
|
78% | 3 | Aug 13, 2024 | |
|
Microsoft
Windows
|
CWE-591
Sensitive Data Storage in Improperly Locked Memory
|
7.0
v3
|
87% | 4 | Aug 13, 2024 | |
|
Microsoft
Windows
|
CWE-190
Integer Overflow
|
7.8
v3
|
92% | 4 | Jul 09, 2024 | |
|
Microsoft
Windows 10 Version 22H2
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
7.5
v3
|
92% | 11 | Jul 09, 2024 | |
|
Cisco
Cisco NX-OS Software
|
CWE-78
OS Command Injection
|
6.0
v3
|
75% | 3 | Jul 01, 2024 |
Last update: May 23, 2026 15:02 UTC