MITRE ATT&CK Mapping

Zero Day Initiative CVE Fortinet Apr 15

ZDI-26-266: Fortinet FortiWeb cat_cgi_paths Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiWeb. Authentication is required to exploit th...

T1190 1 IOC

Zero Day Initiative →

Krebs on Security Zero-Day Microsoft Google Adobe Apr 14

Patch Tuesday, April 2026 Edition

Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a S...

T1190

Krebs on Security →

Wordfence Blog Vulnerability Disclosure Intel WordPress Apr 13

Attackers Actively Exploiting Critical Vulnerability in Kali Forms Plugin

On March 2nd, 2026, we received a submission through our Bug Bounty Program for a Remote Code Execution vulnerability in Kali Forms, a WordPress plugin with ...

T1190

Wordfence Blog →

Exploit Database Vulnerability Disclosure Apr 9

[webapps] React Server 19.2.0 - Remote Code Execution

React Server 19.2.

T1190

Exploit Database →

Exploit Database Vulnerability Disclosure Apr 9

[webapps] Jumbo Website Manager - Remote Code Execution

Jumbo Website Manager - Remote Code Execution

T1190

Exploit Database →

Exploit Database Vulnerability Disclosure Apr 8

[webapps] FortiWeb 8.0.2 - Remote Code Execution

FortiWeb 8.0.

T1190

Exploit Database →

Wordfence Blog Vulnerability Disclosure WordPress Apr 6

50,000 WordPress Sites affected by Arbitrary File Upload Vulnerability in Ninja Forms – File Upload WordPress Plugin

On January 8th, 2026, we received a submission for an Arbitrary File Upload vulnerability in Ninja Forms - File Upload, a WordPress plugin with an estimated ...

T1190

Wordfence Blog →

Zero Day Initiative CVE Apr 6

ZDI-26-257: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apr 6

ZDI-26-256: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apr 6

ZDI-26-255: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apr 6

ZDI-26-254: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Microsoft Apr 2

ZDI-26-253: Microsoft Visual Studio Code mcp.json Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio Code. User interaction is required ...

T1190 T1059 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apr 2

ZDI-26-252: Mozilla Firefox IonMonkey Switch Statement Optimization Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mozilla Firefox. User interaction is required to exploit th...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Amazon Mar 30

ZDI-26-246: (0Day) aws-mcp-server Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit t...

T1190 T1059 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Mar 30

ZDI-26-243: (Pwn2Own) QNAP TS-453E write_file_to_svr External Control of File Path Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-453E devices. Although authentication is ...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Mar 30

ZDI-26-241: (Pwn2Own) QNAP QHora-322 qvpn_db_mgr username SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP QHora-322 routers. Although authentication is required...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Mar 30

ZDI-26-236: Digilent DASYLab DSB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Digilent DASYLab. User interaction is required to exploit t...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Mar 30

ZDI-26-235: Digilent DASYLab DSA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Digilent DASYLab. User interaction is required to exploit t...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Mar 30

ZDI-26-234: Digilent DASYLab DSA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Digilent DASYLab. User interaction is required to exploit t...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Mar 30

ZDI-26-233: Digilent DASYLab DSA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Digilent DASYLab. User interaction is required to exploit t...

T1190 1 IOC

Zero Day Initiative →