Security Bulletins

Active threat advisories and known exploited vulnerabilities.

Pulled daily from the CISA Known Exploited Vulnerabilities catalog. Every entry has confirmed active exploitation in the wild. Last synced Jun 12, 2026.

1,619 total bulletins 1,619 critical or high severity Source: CISA KEV + NVD
All 1,619 Critical 1,619 High 0 Medium 0 Low 0 1,619 entries
Critical CVE-2025-42999 SAP · NetWeaver Added May 15, 2025

SAP NetWeaver Deserialization Vulnerability

SAP NetWeaver Visual Composer Metadata Uploader contains a deserialization vulnerability that allows a privileged attacker to compromise the confidentiality, integrity, and availability of the host system by deserializing untrusted or malicious content.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2024-12987 DrayTek · Vigor Routers Added May 15, 2025

DrayTek Vigor Routers OS Command Injection Vulnerability

DrayTek Vigor2960, Vigor300B, and Vigor3900 routers contain an OS command injection vulnerability due to an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component web management interface.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2025-32756 Fortinet · Multiple Products Added May 14, 2025

Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability

Fortinet FortiFone, FortiVoice, FortiNDR and FortiMail contain a stack-based overflow vulnerability that may allow a remote unauthenticated attacker to execute arbitrary code or commands via crafted HTTP requests.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2025-32709 Microsoft · Windows Added May 13, 2025

Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability

Microsoft Windows Ancillary Function Driver for WinSock contains a use-after-free vulnerability that allows an authorized attacker to escalate privileges to administrator.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2025-30397 Microsoft · Windows Added May 13, 2025

Microsoft Windows Scripting Engine Type Confusion Vulnerability

Microsoft Windows Scripting Engine contains a type confusion vulnerability that allows an unauthorized attacker to execute code over a network via a specially crafted URL.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2025-32706 Microsoft · Windows Added May 13, 2025

Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability

Microsoft Windows Common Log File System (CLFS) Driver contains a heap-based buffer overflow vulnerability that allows an authorized attacker to elevate privileges locally.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2025-32701 Microsoft · Windows Added May 13, 2025

Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability

Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2025-30400 Microsoft · Windows Added May 13, 2025

Microsoft Windows DWM Core Library Use-After-Free Vulnerability

Microsoft Windows DWM Core Library contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2025-47729 TeleMessage · TM SGNL Added May 12, 2025

TeleMessage TM SGNL Hidden Functionality Vulnerability

TeleMessage TM SGNL contains a hidden functionality vulnerability in which the archiving backend holds cleartext copies of messages from TM SGNL application users.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2024-11120 GeoVision · Multiple Devices Added May 7, 2025

GeoVision Devices OS Command Injection Vulnerability

Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2024-6047 GeoVision · Multiple Devices Added May 7, 2025

GeoVision Devices OS Command Injection Vulnerability

Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2025-27363 FreeType · FreeType Added May 6, 2025

FreeType Out-of-Bounds Write Vulnerability

FreeType contains an out-of-bounds write vulnerability when attempting to parse font subglyph structures related to TrueType GX and variable font files that may allow for arbitrary code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2025-3248 Langflow · Langflow Added May 5, 2025

Langflow Missing Authentication Vulnerability

Langflow contains a missing authentication vulnerability in the /api/v1/validate/code endpoint that allows a remote, unauthenticated attacker to execute arbitrary code via crafted HTTP requests.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2025-34028 Commvault · Command Center Added May 2, 2025

Commvault Command Center Path Traversal Vulnerability

Commvault Command Center contains a path traversal vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2024-58136 Yiiframework · Yii Added May 2, 2025

Yiiframework Yii Improper Protection of Alternate Path Vulnerability

Yii Framework contains an improper protection of alternate path vulnerability that may allow a remote attacker to execute arbitrary code. This vulnerability could affect other products that implement Yii, including—but not limited to—Craft CMS, as represented by CVE-2025-32432.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2024-38475 Apache · HTTP Server Added May 1, 2025

Apache HTTP Server Improper Escaping of Output Vulnerability

Apache HTTP Server contains an improper escaping of output vulnerability in mod_rewrite that allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2023-44221 SonicWall · SMA100 Appliances Added May 1, 2025

SonicWall SMA100 Appliances OS Command Injection Vulnerability

SonicWall SMA100 appliances contain an OS command injection vulnerability in the SSL-VPN management interface that allows a remote, authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2025-31324 SAP · NetWeaver Added Apr 29, 2025

SAP NetWeaver Unrestricted File Upload Vulnerability

SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unauthenticated agent to upload potentially malicious executable binaries.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2025-1976 Broadcom · Brocade Fabric OS Added Apr 28, 2025

Broadcom Brocade Fabric OS Code Injection Vulnerability

Broadcom Brocade Fabric OS contains a code injection vulnerability that allows a local user with administrative privileges to execute arbitrary code with full root privileges.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2025-3928 Commvault · Web Server Added Apr 28, 2025

Commvault Web Server Unspecified Vulnerability

Commvault Web Server contains an unspecified vulnerability that allows a remote, authenticated attacker to create and execute webshells.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2025-42599 Qualitia · Active! Mail Added Apr 28, 2025

Qualitia Active! Mail Stack-Based Buffer Overflow Vulnerability

Qualitia Active! Mail contains a stack-based buffer overflow vulnerability that allows a remote, unauthenticated attacker to execute arbitrary or trigger a denial-of-service via a specially crafted request.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2025-24054 Microsoft · Windows Added Apr 17, 2025

Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability

Microsoft Windows NTLM contains an external control of file name or path vulnerability that allows an unauthorized attacker to perform spoofing over a network.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2025-31200 Apple · Multiple Products Added Apr 17, 2025

Apple Multiple Products Memory Corruption Vulnerability

Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execution when processing an audio stream in a maliciously crafted media file.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2025-31201 Apple · Multiple Products Added Apr 17, 2025

Apple Multiple Products Arbitrary Read and Write Vulnerability

Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an attacker to bypass Pointer Authentication.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-20035 SonicWall · SMA100 Appliances Added Apr 16, 2025

SonicWall SMA100 Appliances OS Command Injection Vulnerability

SonicWall SMA100 appliances contain an OS command injection vulnerability in the management interface that allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user, which could potentially lead to code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Need help prioritizing these vulnerabilities?

ThreatGrid can assess your environment and map active CVEs to your monitored assets.