Latest zero-days Total: 436, in 2020: Zero-days 2, candidates: 0

Remote code execution in Mozilla Firefox and Firefox ESR
CVE-2019-17026

The vulnerability was reported by Qihoo 360 ATA researchers.

Privilege escalation in Microsoft Windows
CVE-2019-1458

This vulnerability was reported by Anton Ivanov and Alexey Kulaev of Kaspersky Lab. This vulnerability was used in Operation WizardOpium campaign against Korean users.