Skip to main content

Briefing Zero-days CVEs IOCs NewsActors Vendors Licenses Help

⌘+KWorkspace→

Real-time security intelligence — KEV, CVEs, exploits, threat actors and IOCs unified into one live view.

Sources Status API docs Licenses Help Security disclosure

© 2026 ZeroDayAttack · Public data from CISA · NIST · MITRE · FIRST · OSV · GitHub · abuse.ch — not a security advisory.

Built by Kiril Urbonas

ZeroDayAttack — AppSec intelligence aggregator

Search

9 results

For "0-day" across CVEs, vendor advisories, threat actors, IOCs, security research, and news.

All9 Vulnerabilities0 Threat actors0 Vendor advisories0 Research9 News0 IOCs0

Instant answer

Active zero-day exploitation

Most-recent KEV catalog additions and news items mentioning in-the-wild exploitation.

Featured CVEs

CVE-2026-35273Critical· 9.8Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability21 h ago
CVE-2026-10520Critical· 10.0Ivanti Sentry OS Command Injection Vulnerability21 h ago
CVE-2026-20245High· 7.8Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability21 h ago

Research

9

arxiv
AI Code Sandboxes: A Comparative Security Study. Part 1 of 2 -- Engine-Level Properties (Attack Surface, Leakage, Stackability, CVE History, Patch Cadence, Fuzzing)
arXiv:2606.08433v1 Announce Type: new Abstract: This paper reads six engine-level measurements together -- 1.1 host attack surface, 1.2 information leakage, 1.3 defense-in-depth stackability, 1.4 public CVE history, 1.5 patch cadence, and 1
4 d ago
wiz
Gogs 0-Day Exploited in the Wild
Wiz Threat Research has observed exploitation in-the-wild of CVE-2025-8110
CVE-2025-8110
2025-12-10

CVE-2026-11645

High· 8.8

Google Chromium V8 Out-of-Bounds Read and Write Vulnerability

21 h ago

CVE-2026-7473Medium· 5.8Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability21 h ago

CVE-2026-50751Critical· 9.3Check Point Security Gateway Improper Authentication Vulnerability21 h ago

Recent coverage

thehackernewsShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities1 d ago
bleepingcomputerOracle mitigates PeopleSoft zero-day exploited in data theft attacks1 d ago
bleepingcomputerMicrosoft patches Exchange Server zero-day exploited in attacks3 d ago
bleepingcomputerMicrosoft patches YellowKey, GreenPlasma, MiniPlasma zero-days3 d ago
thehackernewsMicrosoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs3 d ago
thehackernewsMicrosoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows3 d ago

All actively-exploited CVEs

Critical WebP 0-day security CVE-2023-4863 impacts wider software ecosystem

CVE-2023-4863 vulnerability identified in the WebP library libwebp extends to more than just browsers - Learn how to find and fix this critical vulnerability with Snyk

CVE-2023-4863

Everything We Know About CVE-2023-23397 | Huntress

Huntress is tracking CVE-2023-23397, a 0-day that impacts Microsoft Outlook and requires no user interaction to expose user credential hashes.

CVE-2023-23397

CVE-2022-27518 exploited in the wild by APT5: everything you need to know

Detect and mitigate CVE-2022-27518, a Citrix ADC and Gateway unauthenticated RCE 0-day exploited in the wild by a nation state actor. Organizations should patch urgently.

CVE-2022-27518

New 0-Day Vulnerabilities Found in Microsoft Exchange | Huntress

The Huntress team is currently investigating new 0-day vulnerabilities in Microsoft Exchange servers, piggybacking on ProxyShell and ProxyLogon.

A 90-Day Action Plan to Turn Resolutions into Results with Wiz

Whether you're new to Wiz or early in your cloud security journey, start the year strong by turning cloud security resolutions into real impact in your first 90 days with Wiz.

The June 2026 AI Executive Order: What federal agencies need to know and how Tenable can help

On June 2, 2026, the White House signed an Executive Order directing federal agencies to harden their systems with AI-enabled cyber defenses and to stand up a new AI cybersecurity clearinghouse - most of it on a 30-day clock. Here's what t

GitHub expands application security coverage with AI-powered detections

AI is accelerating software development and expanding the range of languages and frameworks used in modern repositories. Security teams are increasingly responsible for protecting code written across many ecosystems, not just the core enter